Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Patch Manager > Patch Manager server certificate validation failed - Private key is inaccessible for user account

Patch Manager server certificate validation failed - Private key is inaccessible for user account

Created by Erica Gill, last modified by Rodim Suarez on Apr 19, 2017

Views: 196 Votes: 6 Revisions: 23

 

Overview

The following error message is received when logging in to Patch Manager, indicating that the Patch Manager certificate is not validating:

Warning:

"Patch Manager Server Certificate Validation

Result: Failed"

Error:

"Private key is inaccessible for user account '<Some_Account>'"

 

The permissions on the Private Key have been validated and 

C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary has been run with no improvement.

Environment

Patch Manager 2.1 and later

Cause 

The account used for the EminentWare Data Grid Server service is not able to access the certificate for Patch Manager. As C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary has failed, there is a mismatch in the Primary Application Server.

Resolution

Before attempting the below steps there are three verifications needed.
  • Attempt to verify the Private Key permissions on the EminentWare CA and EminentWare Server certificate's private keys. You can do this by dragging and dropping the certificates into the Personal store, right clicking on them and selecting All Tasks->Manage Private Keys. The EminentWare DataGrid Server Service account should have full permissions to the private key. The service account should be explicitly configured with permissions. (If the permissions are adjusted the updated certificate should be moved back to its original certificate store.)
  • Make sure that the account configured to start the EminentWare DataGrid Server service is set in the form DOMAIN\AccountName.
  • Verify if C:\Program Files\SolarWinds\Patch Manager\server\setuphelper.exe /provisionserver /type primary has been run or if not, run it. 
 
If these verifications do not clear the error, follow the below steps.
  1. Run mmc.exe.
  2. Click File > Add Remove/Snap-in... Add Certificates, select Computer account, click Next and Finish. Click OK.
  3. Go to Trusted Root Certification Authorities -> Certificates and delete EminentWare Certificates;
  4. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  5. Run SQL Management Studio and clear the record for PAS from dbo.gc_device and dbo.device (do it for both DB: Primary and Automation);
  6. Run setuphelper /provisionserver /type primary.
  7. Reset the password in Patch Manager (Go to Patch Manager System Configuration > Security and User Management, select Credentials and then click Change Password).
  8. Go to Patch Manager System Configuration > Patch Manager Servers > click on Patch Manager Server Wizard, and then register the Primary Server.
Note: If step 5 fails with an error, it may be necessary to uninstall and reinstall Patch Manager.
 
 
If additional Automation server exists, re-provision the Automation Server:
  1. Run mmc.exe. Click File > Add Remove/Snap-in... Add Certificates, select Computer account, click Next and Finish. Click OK.
  2. Go to Trusted Root Certification Authorities -> Certificates and delete EminentWare Certificates;
  3. Remove deviceID and CADeviceID from the HKLM\SOFTWARE\EminentWare\Data Grid Service registry.
  4. Run SQL Management Studio and clear the record for Automation from dbo.gc_device and dbo.device (do it for both DB: Primary and Automation).
  5. Run setuphelper /provisionserver /type automation.
  6. Reset the password in Patch Manager (Go to Patch Manager System Configuration > Security and User Management, select Credentials and then click Change Password).
  7. Go to Patch Manager System Configuration > Patch Manager Servers > click on Patch Manager Server Wizard, and then register the Automation Server.

Note: If this does not resolve the issue and the service is running as a domain account, it may be necessary to log in to PAS to run the setup helper using that account.

 

 

Last modified
22:11, 18 Apr 2017

Tags

Classifications

Public