Question & Answer
Question
How can users change CPE System User password without also submitting a System User name in CPE 5.5.1 ?
Cause
In CPE 5.5.1 users change the password of the System User via ACCE. If the System user name is not changed, only the password is changed, the save of the change fails.
The change is required if the System User password is modified in the LDAP. After restart of the FileNetEngine services, most content management functionality works fine however users are unable to access the Workflow System.
The PE log shows this:
2018/10/05 15:04:09.844+0400 RPCHandler 600ab735 [Info] Can't get ProcessEngineConfiguration at startup, retrying in 5 minutes. Error: The user is not authenticated. Message was: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]; Exception: com.filenet.api.exception.EngineRuntimeException: FNRCE0040E: E_NOT_AUTHENTICATED: The user is not authenticated. Message was: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]
The P8 log shows similar error:
2018-10-05T15:04:09.844 600AB735 ERR FNRCE0040D - DEBUG com.filenet.api.exception.EngineRuntimeException: FNRCE0040E: E_NOT_AUTHENTICATED: The user is not authenticated. Message was: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09042F, comment: AcceptSecurityContext error, data 52e, v2580 ]\n at com.filenet.apiimpl.core.UserPasswordToken.getSubject(UserPasswordToken.java:131)\n at com.filenet.apiimpl.core.UserPasswordToken.getSubject(UserPasswordToken.java:73)\n at com.filenet.engine.context.CallState.getSubject(CallState.java:456)\n at com.filenet.engine.context.CallState.getSystemSubject(CallState.java:399)\n at com.filenet.engine.unified.UnifiedApiImpl.getPeServiceSubject(UnifiedApiImpl.java:132)\n at com.filenet.engine.unified.UnifiedApiImpl.beginImp(UnifiedApiImpl.java:89)\n at com.filenet.engine.util.EngineToApiInjecter.beginImp(EngineToApiInjecter.java:298)\n at com.filenet.apiimpl.util.ApiToEngineBridge.beginImp(ApiToEngineBridge.java:339)\n at com.filenet.apiimpl.util.UnifiedUtil.beginImp(UnifiedUtil.java:68)\n at filenet.jpe.security.cemp.CEConnectUtil.pushSystemCEConForThreadWithPCH(CEConnectUtil.java:201)\n at filenet.jpe.security.cemp.CEConnectUtil.pushSystemCEConForThread(CEConnectUtil.java:185)\n at filenet.jpe.security.cemp.CEMPIsolatedRegionHelper.getSubsystemConfiguration(CEMPIsolatedRegionHelper.java:366)\n at..
Answer
- The procedure is needed if the System User account does NOT change but the password will change. If both the user account and password are changed at the same time, no special process is required.
- With the CPE running, change the current System User password in the LDAP to the desired new value.
- Log onto ACCE using a domain admin account. If the System User is the domain admin, the new password will be used to login.
- Navigate to the properties tab for the domain.
- Edit the System User name, retype the System User name using different case (eg. all caps, all smalls, just something different).
- Edit the password to be that of the desired (eg. the new password of System User) account and 'Save' .
- If CPE is deployed into a cluster, then it may take up to 10 minutes for the change to propagate to all cluster members. Or restart the FileNetEngine application to force the change.
- Verify proper system function. For example, navigate in ACCE to the Workflow system down to the configuration of a component queue. If this is possible, the PE service is able to utilize the System User as expected.
Was this topic helpful?
Document Information
Modified date:
07 November 2018
UID
ibm10737163