Welcome
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.5.
Planning and Installation
Troubleshooting installation, migration, and uninstallation
An overview on troubleshooting installation, migration, and uninstallation of the HCL Workload Automation.
Problem scenarios: install, reinstall, upgrade, migrate, and uninstall
Known problems and troubleshooting
Dynamic agents not connecting after certificate rotation when using JWT

Product requirements
This section contains links to the HCL Workload Automation Product Requirements.
Detailed System Requirements for HCL Workload Automation, Version 10.2.5
Detailed System Requirements for Dynamic Workload Console, Version 10.2.5
Product Library in PDF format
This section contains links to the PDF versions of all the publications provided in Product Documentation for HCL Workload Automation.
Overview
Mobile Applications Userʼs Guide
Dynamic Workload Console User's Guide
AI Data Advisor (AIDA) User's Guide
Scheduling Job Integrations with HCL Workload Automation
HCL Workload Automation
Welcome to the HCL Workload Automation documentation, where you can find information about how to install, maintain, and use HCL Workload Automation. The documentation has been updated for HCL Workload Automation Version 10.2.5.
- Planning and Installation
  - Planning your HCL Workload Automation environment
    HCL Workload Automation orchestrates unattended, scheduled, and event-driven tasks for business and IT processes across on-premises and cloud environments organized in a network. A network consists of a set of linked workstations on which you perform job scheduling and processing to automate and manage your workflows. An HCL Workload Automation network is composed of a master domain manager, one or more Dynamic Workload Console servers, dynamic domain managers, and dynamic agents. You might also have fault-tolerant agents, extended agents, standard agents connected to the master domain manager or to domain managers.
  - Installing HCL Workload Automation
    Available installation methods
  - Configuring
    Configuring HCL Workload Automation components after installation.
  - Upgrading
    How to upgrade HCL Workload Automation to the current version.
  - Enabling and disabling FIPS
    FIPS is a U.S. government security standard that defines security requirements for cryptographic modules used to protect sensitive information. FIPS 140-3 is the latest version of the U.S. and Canadian government security standard that defines security requirements for cryptographic modules in IT and telecommunications products. Its purpose is to ensure that products handling sensitive data via cryptography are secure and reliable. Federal agencies must use FIPS 140-3 validated modules. It is also widely adopted by defence contractors and financial institutions.
  - Moving from on-premises to cloud
    A quick procedure to move your workload from an on-premises to a cloud environment
  - Troubleshooting installation, migration, and uninstallation
    An overview on troubleshooting installation, migration, and uninstallation of the HCL Workload Automation.
    - The twsinst log files
    - Analyzing return codes for agent installation, upgrade, restore, and uninstallation
      Check how your operation completed by analyzing the return codes that are issued by twsinst.
    - Problem scenarios: install, reinstall, upgrade, migrate, and uninstall
      Known problems and troubleshooting
      - Installation or upgrade fails on RHEL version 9 and later
        Installing or upgrading on RHEL version 9 and later fails if you were using default certificates.
      - Installing or linking a fault-tolerant agent earlier than 10.2 in an environment configured with new default or new custom certificates
      - Dynamic agents not connecting after certificate rotation when using JWT
      - Uninstallation of Dynamic Workload Console fails
        You are trying to uninstall an instance of the Dynamic Workload Console which is installed in a subfolder of the master domain manager installation directory.
      - Error in testing a connection or running reports on an engine returned from Fix Pack 1 to GA level when using an MSSQL database
      - Error in upgrading the HCL Workload Automation database when using a DB2 database
      - Problems in encrypting the useropts file
      - WebSphere Application Server Liberty server does not start when applying a fix pack to the backup master domain manager
      - Error received when creating MSSQL database
        Error received when creating MSSQL database
      - Incorrect collation settings in PostgreSQL database
        Job ordering and extract from folders might work incorrectly when using a PostgreSQL database
    - Uninstalling HCL Workload Automation manually
      Steps to take when manually uninstalling the HCL Workload Automation master domain manager.
  - Uninstalling
    An overview on how to uninstall the product.
  - Reference
- User's Guide and Reference
- Administration Guide
- Scheduling with the Agent for z/OS
- Database Views
- High Availability Cluster Environment
- Driving HCL Workload Automation
- Extending HCL Workload Automation
HCL Workload Automation for Z
Welcome to the HCL Workload Automation for Z documentation, where you can find information about how to install, maintain, and use the product. The documentation has been updated for version 10.2 Fix Pack 2.
Messages and Codes
Glossary
Notices

Dynamic agents not connecting after certificate rotation when using JWT

About this task

If you are using JWT and modify the certificates on the master domain manager, communication with dynamic agents might be interrupted.

Workaround

After modifying the certificates on the master domain manager, if the communication has been lost, you can recover it by running the following command on each dynamic agent:

./AgentCertificateDownloader.sh --jwt false --work_dir <work_dir> --tdwbhostname <tdwbhostname> 
--tdwbport <tdwbport> --gwid <gateway_id> --gateway <local|remote|none> 
--apikey <API key for authentication with the master domain manager>

After running the command, restart the agent.

Problem prevention

If you are using JWT, you can disable this setting before modifying the certificates to prevent communication problems. To disable JWT and switch to using certificates, perform the following steps:

Browse to the ita.ini file on the dynamic agent. The file is located in TWA_DATA_DIR/ITA/cpa/ita.
Comment out the jwt_file = line, if existing. Consider the following example:
```
#jwt_file =
```
Restart the agent.