we have a problem with WebUI as in title. We moved (upgraded) from Windows Server 2012 Standard to Windows 2018 Standard and then Windows 2022 Standard. After that we noticed WebUI is not launching, we have this error:
Tue, 23 May 2023 18:00:00 +0200 – WebUI service version 10.0.7.52 starting
Tue, 23 May 2023 18:00:01 +0200 – OpenSSL Initialized (Non-FIPS Mode)
Tue, 23 May 2023 18:00:01 +0200 – Using OpenSSL crypto library libBEScrypto64 - OpenSSL 1.0.2zd 15 Mar 2022
Tue, 23 May 2023 18:00:01 +0200 – File error “class FilePermissionError” on “C:\Program Files (x86)\BigFix Enterprise\BES WebUI\cert\auth_key.key” : “Windows Error 0x5%: Odmowa dostępu.” (it is access denied error).
Database and other services are working perfectly (installing/updating etc).
It seems that file is locked using Windows EFS but the system cannot access it. Fortunately we have access to copy of original host on which that service is turning on without problem (yet file is also locked).
Is there any way to import/export/copy that key and install on new machine?
Hi, these are key pairs used for internal communications only. You can safely run the fixlet #2558Rotate WebUI Certificates and have a new ones deployed.
Thanks! That enabled WebUI and allowed it to run but… We have next problem. We are receiving error:
Could not connect to the BigFix database.
If the issue persist, contact your BigFix Administrator for assistance.
The configuration of WebUI (db_config.json) was not changed (it is MSSQL installed locally and it is working - as I’ve mentioned earlier everything works except WebUI).
I think it strange the database hostname is not listed before the :1433 in your message. For a local database, you should enter either your real hostname, or localhost, or the SQL aliases for local database which I believe are “.” or “(local)”.
Edit: if your SQL requires TLS encryption, it’s likely you’d need to use the real hostname so SQL’s certificate matches the hostname you use to connect, but I’d expect a TLS-related error message if that was the issue.
Also make sure SQL has the TCP transport enabled, under SQL Configuration Manager. The Root Server and Web Reports use the ODBC client, which can connect to local SQL using the default “Shared Memory” transport, but WebUI uses JDBC and needs the TCP interface enabled.