If you get an INVALID_CREDENTIALS error in the console log when an enterprise server starts up, as follows:
CASCD4002W Error (INVALID_CREDENTIALS) binding to MFDS CASCD0102F TX Daemon Failed to Initialize
this indicates a problem with the credentials (user id and/or password) that are being provided to the Directory Server. The user id or password are missing or are incorrect, and/or the Directory Server is not using the expected security configuration.
The credentials casstart uses to bind to the Directory Server can be specified in a number of ways: as literal command line parameter values using /u and /p (Micro Focus recommends that you do not use this method), or via /z so that the values are input from standard input. For example, using this method, the credentials could be input from the configured vault. If credentials are stored in the vault, ensure the correct vault location is specified and the operating system id under which the casstart process is executing has access to the vault. The mfsecretsadmin utility can confirm vault access and credentials values. In addition, credentials can be specified in ESCWA if the enterprise server region is being started that way.
If it is confirmed the expected credentials are being specified, then the Directory Server security configuration must be checked. This can be performed using ESCWA. Check that the expected Security Managers are in use and the specified user id exists.
If the enterprise server region is started from ESCWA, and ESCWA itself is secured, then check the credentials used to login to ESCWA are valid for the Directory Server. The best way to do this is to ensure that ESCWA, the Directory Server, and the enterprise server region are all using consistent security configurations and Security Managers. Check that the Directory Server has the Use ES Default Security Managers option checked for its Security Facility configuration. In Visual COBOL 10.0, this is the default configuration for new product installs. Another possible reason for credentials specified to casstart to be invalid when connecting to the Directory Server is if the enterprise server region is using an external Security Manager and the Directory Server is using Directory Server Internal Security. Or the enterprise server region is not configured to use security but the Directory Server is. A useful facility to check security configuration is the ESCWA Security Configuration Report tool which will highlight whether the Directory Server, enterprise server regions, or ESCWA are using external Security Managers or not, as well as other common security configuration issues.