WebUI cannot access auth_key.key after Windows upgrade

pgazda · May 30, 2023, 12:03pm

Hello,

we have a problem with WebUI as in title. We moved (upgraded) from Windows Server 2012 Standard to Windows 2018 Standard and then Windows 2022 Standard. After that we noticed WebUI is not launching, we have this error:
Tue, 23 May 2023 18:00:00 +0200 – WebUI service version 10.0.7.52 starting
Tue, 23 May 2023 18:00:01 +0200 – OpenSSL Initialized (Non-FIPS Mode)
Tue, 23 May 2023 18:00:01 +0200 – Using OpenSSL crypto library libBEScrypto64 - OpenSSL 1.0.2zd 15 Mar 2022
Tue, 23 May 2023 18:00:01 +0200 – File error “class FilePermissionError” on “C:\Program Files (x86)\BigFix Enterprise\BES WebUI\cert\auth_key.key” : “Windows Error 0x5%: Odmowa dostępu.” (it is access denied error).

Database and other services are working perfectly (installing/updating etc).
It seems that file is locked using Windows EFS but the system cannot access it. Fortunately we have access to copy of original host on which that service is turning on without problem (yet file is also locked).

Is there any way to import/export/copy that key and install on new machine?

DanieleColi · May 30, 2023, 1:59pm

Hi, these are key pairs used for internal communications only. You can safely run the fixlet #2558 Rotate WebUI Certificates and have a new ones deployed.

pgazda · May 31, 2023, 9:32am

Thanks! That enabled WebUI and allowed it to run but… We have next problem. We are receiving error:
Could not connect to the BigFix database.
If the issue persist, contact your BigFix Administrator for assistance.

The configuration of WebUI (db_config.json) was not changed (it is MSSQL installed locally and it is working - as I’ve mentioned earlier everything works except WebUI).

When tried the troubleshooting for that (https://help.hcltechsw.com/bigfix/10.0/webui/WebUI/Admin_Guide/c_troubleshooting.html) it keeps giving us error:
Cannot connect to the database.
{“data”:“ConnectionError: Failed to connect to :1433 - Could not connect (sequence)”,“status”:500,“statusText”:“Internal Server Error”}

Any help for that? I was thinking about using this advice: WEBUI Could not connect to the BigFix database but I do not know if that is correct way of action.

JasonWalker · May 31, 2023, 12:50pm

I think it strange the database hostname is not listed before the :1433 in your message. For a local database, you should enter either your real hostname, or localhost, or the SQL aliases for local database which I believe are “.” or “(local)”.

Edit: if your SQL requires TLS encryption, it’s likely you’d need to use the real hostname so SQL’s certificate matches the hostname you use to connect, but I’d expect a TLS-related error message if that was the issue.

Also make sure SQL has the TCP transport enabled, under SQL Configuration Manager. The Root Server and Web Reports use the ODBC client, which can connect to local SQL using the default “Shared Memory” transport, but WebUI uses JDBC and needs the TCP interface enabled.