While using the arreload utility against a 9.1 arserver, it fails causing corruption of the user_cache table. This also lockout every account on the system including any Administrator accounts. In AR Server 9.1, the encrypted password string is now being generated by a new security algorithm. The result of switching to SHA-256 is that the password field now holds a string of 67 characters instead of 28. This was incorporated into the java api that is now used with arserver. However, since arreload is written against the Legacy C- api , this is causing a failure. The C api is coded to handle a string of 28 characters and as such will fail when trying to insert a row from the user table into user_cache. Since the C api is now out of service in favor of the java api now in place, the utility arreload will no longer function correctly 100% of the time. If all password fields are NULL then arreload will complete. Once arreload attempts a record with a password it will fail and stop processing. All users that have not already been pushed to user_cache will no longer be able to access the system. It is BMC's position that the deprecated C api will not be updated to handle this change. The arreload utility will need to be re-written in java to continue to function. This has been documented in defect SW00506968. A full re-write of arreload is out of scope for a hotfix and will be considered for a future version of BMC Remedy AR System Server. A hotfix for arreload is being created to issue a version check and present an error if AR Server version 9.1 is detected. |
This knowledge article may contain information that does not apply to version 21.05 or later which runs in a container environment. Please refer to Article Number 000385088 for more information about troubleshooting BMC products in containers. Instead of using arreload to refresh the user_cache table it is suggested that a modify all is issued against the User form. A value must be provided in a field in order for this to work. Example: add text to the Short Description field of the user records. When a save is issued the server will use the java api to reset every record in user_cache essentially acting as if you used the arreload utility. Another example: 1) Open User form. 2) Press "Search" button. (use unqualified search or other criteria to return all entries) 3) Select all the searched records. 4) Select "Modify All". (Go to Action menu and Modify All. Action > Modify All) 5) Check the "Disable Password Management For This User" checkbox and then uncheck it 6) Press "Save" button. If arreload was run prior to knowledge of this defect, the arcache utility will need to be run to create a new administrator user in order to perform the modify all on the User table to restore the user_cache. Usage of the arcache utility is available in the BMC Remedy AR System Server 9.1 documentation. *Note.. when using arcache a password MUST be provided for the new administrator account or the system will not allow the new account access. |