If we miss the three new keys introduced in 9.5.3, then the migration, the restore will fail.
The below three keys are introduced in the bigfix 9.5.3.
But if the migration or the restore does not handle these three keys, it will cause the failure that the bigfix server’s plug-in.
Resolving the problem
Currently, we have opened a DOC APAR IV90723 to fix the migration to add the steps to handles these new keys. But before the document to be updated, the below method can be used as a workaround.
Unfortunately we don’t have a tool available to decrypt the above keys that has to be moved on a different system.
As workaround you can use the existing ServerKeyTool.exe and follow the procedure below.
On the Source server stop the Bigfix services and move all the Encrypted Keys located under C:\Program Files (x86)\BigFix Enterprise\BES Server in a backup folder.
For each of the 3 keys listed above do the following:
Below the procedure for the file EncryptedWebUICAkey.
- Copy from the backup folder the file EncryptedWebUICAkey in C:\Program Files (x86)\BigFix Enterprise\BES Server
- Rename the file EncryptedWebUICAkey in EncryptedServerSigningKey
- Run the tool ServerKeyTool.exe with the following syntax:
C:\ServerKeyTool>ServerKeyTool.exe decrypt UnencryptedWebUICAKey
A file named UnencryptedWebUICAKey is generated.
- Move the file UnencryptedWebUICAKey on the new server and encrypt it using the tool ServerKeyTool.exe with the following syntax:
ServerKeyTool.exe encrypt UnencryptedWebUICAKey
The tool generates a file name EncryptedServerSigningKey that has to be renamed to EncryptedWebUICAkey and copyed under the folder C:\Program Files (x86)\BigFix Enterprise\BES Server of the new server.
Repeat the same procedure for the other 2 files: EncyptedAPIServerKey and EncyptedPlatKey