Aes encryption error in bigfix

Good afternoon,

I can’t start bigfix services. Gatherdb, Filldb and BESRelay log files read like this:

Mon, 20 Mar 2023 11:17:16 +0100 – GatherDB version 9.5.21.78 starting…
Mon, 20 Mar 2023 11:17:16 +0100 – OpenSSL Initialized (Non-FIPS Mode)
Mon, 20 Mar 2023 11:17:16 +0100 – Using OpenSSL crypto library libBEScrypto - OpenSSL 1.0.2zd-fips 15 Mar 2022
Mon, 20 Mar 2023 11:17:16 +0100 – Unable to decrypt {aes,1} encrypted string

Current software version (recently upgraded):

[besadmin@usl10162] BESServer$ rpm -qa|grep -i bes
BESAgent-9.5.21.78-rhe6.x86_64
BESWebReportsServer-9.5.21.78-rhel.x86_64
BESRootServer-9.5.21.78-rhel.x86_64

We didn’t change any configurations. Please help in troubleshooting this error. Our production system is down.

Kr,
Mario

With your production down, I’d advise to open a support ticket immediately. The Forum is more for how-to help, not the best thing for immediate help.

1 Like

Sounds like a problem with one of the passwords defined in the configuration file and then obfuscated, for example that to connect to the DB2 database …

Try to change it and, as first attempt, avoid to use chars different from letters and numbers in the new password:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0023496

In any case avoid to use chars like “blanks, tabs (\t), returns (\n) and ; & | " ’ < > %”:
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_db2_configuration.html

hi,

even the BESAdmin tool was complaining about aes:
Unable to decrypt {aes,1} encrypted string
BESFillDB is stopped
BESWebReportsServer is stopped
BESGatherDB is stopped
BESRootServer is stopped
Update password completed successfully.

anyway the passwd seems updated as shown in the besserver.obf. Anyway this is the error I get now

Mon, 20 Mar 2023 15:29:02 +0100 – 1144776832 – Unable to connect to database: Database Error: [unixODBC][IBM][CLI Driver] SQL30082N Security processing failed with reason “24” (“USERNAME AND/OR PASSWORD INVALID”). SQLSTATE=08001
(08001: 18446744073709521534)

I just followed your instructions to update the password to the same one and it worked. I am able to start services now. Thanks for the guidance.

1 Like

Now it’s webreports the one giving trouble
I notice it has it’s own configuration and obfuscated files. I wonder if there is a workaround to refresh the password also for webreports? Thanks

Kr,
Mario

Need to edit the Web Reports configuration file manually
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0022619

1 Like

This also worked, thanks!!