IBM Support

Provisioning CLI command returns error 53000220

Troubleshooting


Problem

When using the ESSO Provisioning Bridge CLI you see the following error: "Failed to login to IMS server. Error code : '53000220'."

Cause

This error means that the authentication to the ESSO IMS Provisioning Bridge failed. The main reasons for this are:

  1. The bridge id provided is wrong.
  2. The bridge password provided is wrong.
  3. The client system IP address is not allowed.

Diagnosing The Problem

Review the systemout.log of the IMS Server. Check for these types of exception for the time at which the command was run:

Case 1: Invalid bridge id, note that the exception is about IP client address, not user id.

[20/09/13 16:40:04:559 BST] 00000063 ServerAuthent W Error authenticating.


encentuate.ims.result.ImsException: Invalid client IP.
at encentuate.ims.auth.PasswordServerAuth.loginByPassword(PasswordServerAuth.java:180)
at encentuate.ims.service.ServerAuthentication.loginByPassword(ServerAuthentication.java:99)

Case 2: Wrong password
[20/09/13 16:36:21:916 BST] 00000063 ServerAuthent W Error authenticating.
encentuate.ims.result.ImsException: Incorrect server ID or password.
at encentuate.ims.auth.PasswordServerAuth.validatePassword(PasswordServerAuth.java:409)
at encentuate.ims.auth.PasswordServerAuth.loginByPassword(PasswordServerAuth.java:192)
at encentuate.ims.service.ServerAuthentication.loginByPassword(ServerAuthentication.java:99)

Case 3: Client IP address not defined


[20/09/13 15:36:18:637 BST] 00000063 ServerAuthent W Error authenticating.
encentuate.ims.result.ImsException: Invalid client IP.
at encentuate.ims.auth.PasswordServerAuth.loginByPassword(PasswordServerAuth.java:180)
at encentuate.ims.service.ServerAuthentication.loginByPassword(ServerAuthentication.java:99)

Resolving The Problem

Case 1: Invalid bridge id:


    Check the name of the bridge being connected to. Ensure that the case being used matches what is defined on the IMS Server.
    • Connect to the 'IMS Configuration Tool', then select the 'IMS Bridges' on the left side menu:

    • Ensure that the value used in your command matches, eg --loginId PABridge

Case 2: Wrong password:


    Check the password defined in the bridge definition. Note that the value will not be visible, so the only way to be sure of the value is to reset it. Note that the IMS Server will need to be restarted after updating the password.

    • Connect to the 'IMS Configuration Tool', then select the 'IMS Bridges' on the left side menu:
    • If unsure about the value of the password entered, then:
      • Re-enter the password and update.
      • Click 'Update' to store the changes
      • Restart the IMS Server for the changes to be applied.
  • Ensure that the value used in your command matches, eg --password Passw0rd

Case 3: Client IP address not defined:


    Check that the IP address of the client system, ie where the command is being run, is in the list of allowed client system for provisioning command. This is used in combination with the bridge id and password to ensure only permitted commands are run.
    • Connect to the 'IMS Configuration Tool', then select the 'IMS Bridges' on the left side menu:
    • Identify your client IP Address, eg 192.168.145.32, check that it is in the list.
    • If the IP Address is not listed, then:
      • Enter the IP Address in the box and click 'Add' button.
      • Click 'Update' to store the changes
      • Restart the IMS Server for the changes to be applied.

[{"Product":{"code":"SS9JLE","label":"IBM Security Access Manager for Enterprise Single Sign-On"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"IMS Server","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.2;8.2.1","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
03 September 2019

UID

swg21650594

Page Feedback