Refresh of password settings failed: Unable to decrypt {aes,1} encrypted string

Dear Folks,

Suddenly besclient service is getting into failed to start due to the following error message. We didn’t change (password) anything in relay server or in the besconfig file. Please advise on this error & how to fix it?

We found the following in the logs (/var/opt/BESClient/__BESData/__Global/Logs):

At 08:25:25 +0100 -
Starting client version 10.0.7.52
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.2zd-fips 15 Mar 2022
At 08:25:27 +0100 -
Refresh of password settings failed: Unable to decrypt {aes,1} encrypted string
Initializing Site: actionsite
Restricted mode
Initializing Site: BES Support
Initializing Site: IBM License Reporting
Initializing Site: mailboxsite
Processing Download plugins
Setting _BESClient_Download_FastHashVerify enabled: Off
Client shutdown (Failed to register to the Authenticating Relay with the provided password)

Thanks,
Machinehosting

Hi @ctsahmhosting, have you checked for the DB user’s password? there’s a possibility that it may have changed resulting in producing this error

we don’t use IBM DB2. We use MSSQL Server Database 2019 as our DB. The besclient installation is provided with a password for authenticating relay. This is not occuring in all servers but only in some servers randomly.

What kind of hardware are these clients? Physical, virtual, cloud, container?
The process used to encrypt/decrypt passwords is not portable between machines, so I’m questioning whether the client is moving between VMs or disks or otherwise some kind of migration that breaks the decryption process.
You should probably open a support incident so the team can review with you in detal.

@JasonWalker – Hi Jason, these are VMs. Its strange that it is occuring for some servers but not all servers.