NetWorker: running authentication commands return "Error executing command. Failure: 400"

• Running any NetWorker authentication command such as authc_config or authc_mgmt result in a generic error: "Error executing command. Failure: 400"
• Messages generated when the authentication service's debugging is enabled:
  • NetWorker: How To Enable AUTHC DEBUG for Troubleshooting Purposes

# authc_config -u administrator -p <password> -e find-all-configs

DEBUG [main] (DefaultClientConnection.java:254) - Receiving response: HTTP/1.1 400
DEBUG [main] (DefaultClientConnection.java:257) - << HTTP/1.1 400
DEBUG [main] (DefaultClientConnection.java:260) - << Content-Type: text/plain;charset=ISO-8859-1
DEBUG [main] (DefaultClientConnection.java:260) - << Connection: close
 WARN [main] (RestTemplate.java:529) - POST request for "http://localhost:9090/auth-server/api/v1/sec/authenticate" resulted in 400 (); invoking error handler
DEBUG [main] (Wire.java:63) - << "Bad Request[\r][\n]"
DEBUG [main] (Wire.java:63) - << "This combination of host and port requires TLS.[\r][\n]"
DEBUG [main] (PoolingClientConnectionManager.java:272) - Connection [id: 0][route: {}->http://localhost:9090] can be kept alive for 9223372036854775807 MILLISECONDS
DEBUG [main] (DefaultClientConnection.java:169) - Connection 0.0.0.0:59763<->127.0.0.1:9090 closed
DEBUG [main] (PoolingClientConnectionManager.java:278) - Connection released: [id: 0][route: {}->http://localhost:9090][total kept alive: 0; route allocated: 0 of 5; total allocated: 0 of 100]
ERROR [main] (DefaultLogger.java:222) - Error while performing Operation:
com.emc.brs.auth.common.exception.BRHttpErrorException: 400
        at com.emc.brs.auth.client.template.impl.DefaultBRResponseErrorHandler.handleError(DefaultBRResponseErrorHandler.java:64)
        at org.springframework.web.client.RestTemplate.handleResponseError(RestTemplate.java:537)
        at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:493)
        at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:452)
        at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:425)
        at com.emc.brs.auth.client.api.impl.DefaultBRSecurityContext.login(DefaultBRSecurityContext.java:71)
        at com.emc.brs.auth.cli.util.ConfigServiceProxyImpl.getConfigService(ConfigServiceProxyImpl.java:56)
        at com.emc.brs.auth.cli.commands.AuthConfigCommand.findAllConfigs(AuthConfigCommand.java:188)
        at com.emc.brs.auth.cli.commands.AuthConfigCommand.execute(AuthConfigCommand.java:113)
        at com.emc.brs.auth.cli.core.AuthConfigCmdExecutor.execute(AuthConfigCmdExecutor.java:161)
        at com.emc.brs.auth.cli.core.AuthConfig.executeCommand(AuthConfig.java:139)
        at com.emc.brs.auth.cli.core.AuthConfig.main(AuthConfig.java:79)
ERROR [main] (DefaultLogger.java:190) - Error executing command. Failure: 400
Error executing command. Failure: 400

• Networker authentication using nsrlogin works fine. 
  • nsrlogin -u Administrator
  • nsrlogout

The NetWorker Authentication (AUTHC) server database is corrupted.

AUTHC database corruption can appear under various scenarios:

• Space issues on the NetWorker installation path.
• Abrupt termination of NetWorker services during a AUTHC database change.
• Antivirus or other security software modified the NetWorker installation path or its components.
• NetWorker upgrade-related issue.

The NetWorker authentication (AUTHC) database must be re-created. If Active Directory (AD) or LDAP was previously integrated, it must be reintegrated on the new AUTHC database. If AUTHC self-signed certificates were replaced with CA-signed certificates, they must be imported again. The Additional Information section contains articles which detail these processes.

NetWorker: How To Identify Which Server is the Authentication Server Used By NMC and NWUI

Windows Server:

The AUTHC database is created during NetWorker installation. Download your current NetWorker version from the NetWorker Downloads page if you do not have it on the system already.

1. Collect your bootstrap save set details: mminfo -B
2. Stop NetWorker services: net stop nsrexecd /y
3. From Control Panel -> Programs and Features, uninstall NetWorker.
4. From Windows File Explorer, rename the authc-server folder. Default: C:\Program Files\EMC NetWorker\nsr\authc-server
5. Reinstall NetWorker over your previous installation path.
6. On the NetWorker server, stop all NetWorker services.

Linux Server:

1. Collect your bootstrap save set details: mminfo -B
2. Stop NetWorker services: nsr_shutdown or systemctl stop NetWorker
3. Rename the /nsr/authc folder: mv /nsr/authc /nsr/authc_$(date -I)
4. Rerun the AUTHC configuration script: /opt/nsr/authc-server/scripts/authc_configure.sh
5. Start NetWorker: systemctl start networker

• NetWorker: How To Set up AD/LDAP Authentication
• NetWorker: How To configure LDAPS Authentication
• NetWorker: How to Import or Replace Certificate Authority Signed Certificates for "AUTHC" and "NWUI" (Linux)
• NetWorker: How to Import or Replace Certificate Authority Signed Certificates for "AUTHC" and "NWUI" (Windows)