SP2010 Secure Store Encryption Key Must Be Refreshed After Reboots

Similar Messages

• Where best to store encryption key for dbms_crypto?

  We want to use dbms_crypto to encrypt pwds.
  Thing is with the encryption key. We now store the encryption key in the package itself.
  When we deploy the pkg we wrap it.
  That gives some security, but if we loose the source code we loose the key and also somebody who has access to the pkg spec can get the key.
  What is the solution to this???
  We can't store these in tables also since users can read it.

  The DBMS_CRYPTO package includes a number of hash routines just as it includes a number of encryption routines.
  So, for example, if you wanted to use the SHA-1 hash algorithm to generate a hash for the combination of the user name scott, the password tiger, and some constant salt, you could simply do
  SQL> ed
  Wrote file afiedt.buf
    1  select dbms_crypto.hash( utl_raw.cast_to_raw('scott' || 'some constant salt' || 'tiger') , 3 ) password_hash
    2*   from dual
  SQL> /
  PASSWORD_HASH
  AF5DFD24A4F70E60D863339E6E27DE21D7771EC1In the future, if you wanted to verify the username and password, you'd simply take the provided username & password along with the same salt, compute the hash, and then compare the hash values to verify that the username & password were correct.
  There is no key to manage because the hash algorithm is intended to be a one-way transform. There is no way to get from the hashed value back to the original input string. But that's exactly what you want for a password-- you just want to be able to verify that a user entered the password correctly, you don't want anyone to ever be able to see a user's password.
  Ideally, you'd keep the salt relatively private but it doesn't really matter if it gets out. The salt just exists so that you can't download a "rainbow table" where people have pre-computed the hash for various possible passwords (i.e. the SHA-1 hash for the string "password" is well known but if you add more data, people probably haven't precomputed the SHA-1 hash for, say, "jcaveXYZZ12345password" where XYZZ12345 is the salt). Even better would be to generate a different salt for every user and store it in the USERS table.
  Justin

• Secure Store Service and Schedule Data Refresh

  Hi
  Can you please let us know how many (max) target application's we can create under 1 secure store service application? 
  As we know, Manage Data Refresh feature is only available for PowerPivot Service Report and we can access it from Sharepoint to schedule the Workbook for Data Refresh.
  As per our requirement, we need to build a interface to use this Schedule data refresh feature in a separate browser not from SharePoint. Please let us know how to build this interface, is there any option to use API Web Service.
  Thanks in advance.
  Regards
  K.V.B.Gururaaja

  Hi,
  For your first question, refer to the following link:
  https://social.technet.microsoft.com/Forums/en-US/ab7f24eb-0cbf-4101-931e-1f89446e2149/secure-store-service-target-application-max-number?forum=sharepointgeneral
  For your second problem, could you offer a screenshot about what is your intention?
  Besides, take a look at the article about  PowerPivot data refresh options:
  http://www.sqlchick.com/entries/2012/11/17/powerpivot-data-refresh-options.html
  Best Regards,
  Lisa Chen
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Lisa Chen
  TechNet Community Support

• The Secure Store Service application Secure Store Service Proxy is not accessible

  I am working on setting up a new SharePoint 2013 Farm for our external web site which is currently running on 2010 SharePoint. Because this is an External Website for our organization we have an internally available Publishing Site and there is an Web App
  Extension to provide Anon Access to users using the www address. Currently I am doing everything on a single server for testing with HOSTS entries to loop back so I can test with real host headers and not impact the 2010 prod environment. We will be setting
  up 2 more WFEs with a NLB before moving this into prod but it isn't there yet. We brought the Site Collection Databases over but are still running in 2010 mode for now.
  I migrated a copy of the Secure Store Database over from 2010 and had it put on the 2013 Farm's Database Server. Set up Secure Store and the Secure Store Proxy. I went into the Secure Store Proxy in CA and refreshed the Key with the proper Pass Phrase. After
  doing that I could see the Target Application IDs listed. Everything was looking good so I went off to test. If I am on the publishing site I can go to a page that has the solution on it and it operates as expected. It does a query to a non SharePoint database
  and returns information filtered based on the search parameters. The only odd thing I see is if I click on the "Site Actions" I get a message "An error has occurred with the data fetch. Please refresh page and retry." Need to look into
  that more but it only happens on pages that have these solutions. Maybe a clue. If I go to the Anonymous Access page (www......) and try and use the solution, it immediately (way too quick to appear like it is doing anything) comes back with "The security
  token request cannot be completed."
  If I dig through the usage logs I am finding the following.
  The Secure Store Service application Secure Store Service Proxy is not accessible. The full exception text is: The security token request cannot be completed.
  Unexpected exception from endpoint address : https://[Servername]:32844/4e87fd3aabb640fb8cc3ed52188cf5c0/SecureStoreService.svc/https
  Logging unknown/unexpected client side exception: InvalidOperationException. This will cause this application server to be removed from the load balancer queue. Exception: System.InvalidOperationException: The security token request cannot be completed.
      at Microsoft.SharePoint.SPSecurityContext.SecurityTokenForServiceContext(Uri contextUri)     at Microsoft.SharePoint.SPChannelFactoryOperations.InternalCreateChannelActingAsLoggedOnUser[TChannel](ChannelFactory`1 factory, EndpointAddress
  address, Uri via)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetChannel(Uri address)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName,
  Boolean validateCanary, ExecuteDelegate`1 operation).
  Initially I was fighting a firewall issue because it wasn't working (different errors) on both sides. Had Network Engineers open firewall ports needed and now it works on the publishing side. Still the same error on the Anon side. I suspect I have missed
  something when it comes to configuring the Secure Store to allow access to anonymous connections.
  Let me know if you need any more information but that should paint a pretty good picture as to how things are set up.
  Thanks for any help on this one. Searches haven't found much that has helped so far.

  Hi Sennister,
  I recommend to verify the things below:
  Did this issue occur with all the pages in the anonymous side?
  Check if the Claims to Windows Token Service is started.
  Change the <identity impersonate="true" /> in the web.config to see if the issue still occurs.
  Thanks,
  Victoria
  Forum Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]
  Victoria Xia
  TechNet Community Support

• Secure-store initialization failure on CM

  I followed the directions for resetting the secure-store on the CM for a "forgotten password" and when I get to the part of reinitializing the secure-store I get the following error.
  NA151-4WAASMGR1#cms secure-store init
  Stopping cms.
  * 1) Must be between 8 to 64 characters in length                 *
  * 2) Allowed character set is A-Za-z0-9~%'!#$^&*()|;:,"<>/*
  * 3) Must contain at least one digit                              *
  * 4) Must contain at least one lowercase and one uppercase letter *
  Enter pass-phrase:
  Confirm pass-phrase:
  Secure Store initialization failed. If Secure Store was previously reset, follow the steps documented in the Configuration Guide section 'Resetting Secure Store Encryption on a Central Manager' to finish Central Manager Secure Store reset process. Configuration updates from Primary Central Manager to WAEs are not sent until Secure Store is initialized.
  Starting cms.
  I tried to reset it again and it appears to be in a not initialized and not opened state.
  NA151-4WAASMGR1#cms secure-store clear
  Secure-store not open.
  NA151-4WAASMGR1#cms secure-store reset
  Secure-store is not in "initialized and not opened state".
  Any ideas? Version is 4.3.1

  Hi David,
  You can only reset the secure store if it is open. Otherwise it will not work.
  Here is something you may want to try.
  1. Disable TACACS and delete all the other users from CM, leaving only default admin account. Reset the admin password and try to initiate the secure store.
  2. Make sure no accounts are showing up as Locked account on CM.
  3. Try applying "cms database maintenance" on CM from CLI to make sure database is in good condition.
  4. Try initializing the secure store from CM GUI. Once initialized, try opening it using Open CMS Secure store option. You may want to try clearing before opening it. That migth work, though I am not sure.
  If this works, you can then reset / clear the secure store.
  Hope this helps.
  Regards.
  PS: Please mark this Answered, if this resolves the issue.

• Secure Store and Excel Services

  Greetings,
  I have an Excel workbook that connects to an external SQL database.  A simple stored procedure is executed and the data displayed in a sheet.  This is a simple connection and works without issue when I open the workbook in Excel itself.
  I now want to display this workbook in Excel Services, so I performed the following:
  I created a Secure Store Service (no issues) and added a new target application.
  In the target application, I selected Individual as the target application type.
  On the next page, I used the correct credentials.
  Saved the new target application entry in secure store services.
  Then I updated the Excel workbook data connection to use the Target Application ID I just created in Secure Store Service.
  When I refresh the data, while the workbook is open in Excel, all works without issue.
  However, when I open the workbook in Excel Services, the data refresh fails; External Data Refresh Failed - An error occurred while accessing the application id from Secure Store Service.
  Can anyone tell me what the conditions are that would cause this?
  Thank you!

  Hi Bob,
  Whats up, how are you? Do you want to send me an email or give me a call, Ill send you a copy of our Book Business Intelligence in SharePoint 2013 and walk through the Excel Services Issue..
  Take the Application ID and add it to the Excel Services Service Application, Global Settings, Application ID.
  While still in Global Settings Set the File Access Method to Process Account
  Please make sure the Library you are using for the Excel Workbook, and the Data Connection Library are both in a trusted locations.
  In the ODC File make sure you have set Data Connection Authentication to None and specify in Excel to Always use this Office Data Connector
  Cheers,
  -Ivan

• System refresh -- Export content of secure store ?

  Hello,
  We often perform system refreshes. To run this process smoothly we use database copy (copy over the datafiles files then recover the db).
  We export several tables from the refreshed system before the DB copy.  After the refresh we reimport them, this makes the sap level post processing lighter.
  I would like to export the content of the secure store (tx secstore) then re impot it also. Has anyone already performed this ?
  Thanks & krs,
  aidan

  Hi,
  The data stored in the secure storage are encrypted with a key that includes the installation number and the system ID. If any of these changes, for example due to a system copy or a new license key, the data in the secure storage must be migrated. For information on migrating the secure storage data,  see SAP Note 816861.
  Please refer specified notes:
  If you get a short dump CREATE_OBJECT_CLASS_NOT_FOUND then see SAP note 1053954.
  If any "System dependant data for entryu2026" errors are reported then see note 816861
  I hope it will help you.If not please let me know.
  Regards,
  Kiran .V

• Impact of generating a new key for Secure Store Application

  I inherited my development environment from a predecessor, who did not document the secure store pass phrase anywhere. There are a couple of projects doing development on the system that cannot be impacted, but I need to get Project Server running on the
  system, and I cannot get the secure store to accept the credentials I set for the target application. I have recreated the target application several times, but nothing works.
  MossHostSsoHost.GetSecureStoreCredentials: Failed to get credentials from Secure Store. SecureStoreProvider threw a SecureStoreException. Exception: Microsoft.Office.SecureStoreService.Server.SecureStoreServiceException: Access is denied to the Secure Store
  Service.     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.Execute[T](String operationName, Boolean validateCanary, ExecuteDelegate`1 operation)     at Microsoft.Office.SecureStoreService.Server.SecureStoreServiceApplicationProxy.GetCredentials(Guid
  rawPartitionId, String applicationId)     at Microsoft.Office.SecureStoreService.Server.SecureStoreProvider.GetCredentials(String appId)     at Microsoft.Office.Excel.Server.MossHost.MossHostSsoHost.GetSecureStoreCredentials(String
  secureStoreApplicationId)
  So, I am wondering if I need to generate a new key for the secure store application, and what impact that would have on the existing target applications. Can someone please tell me if I generate a new key, will this break the existing applications? Thanks.

  Hi Susan,
  Once you decide to generate a new encryption key, you could follow the steps in Generate an encryption Key part in the link below:
  http://technet.microsoft.com/en-us/library/ee806866(v=office.15).aspx
  You should back up the database of the Secure Store Service application before generating a new key. Then refresh the encryption key to propagate the key to all the application servers in the farm.
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Encryption is not possible in this installation! - in "Create Secure Store"

  Hi,
  We are in the middle of upgrade and While doing UNICODE conversion of SRM5 system, During IMPORT, one of the phase is "Create Secure Store". UNICODE import gives ERROR in "Create Secure Store" phase.
  Below given is ERROR Detail:
  [root@fsp67001] /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS>
  >cat SecureStoreCreate.log
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  Usage:
  SecStoreFS status <standard>
  SecStoreFS exists <standard>
  SecStoreFS create <standard> -noenc
  SecStoreFS create <standard> -enc -p "<key phrase>" [-nostore]
  SecStoreFS insert <standard> <key> <value>
  SecStoreFS encrypt <standard> -p "<key phrase>" [-nostore]
  SecStoreFS updatep <standard> -p "<key phrase>" [-nostore]
  where <standard> is [-s <SID>] [-f <data filename> -k <key filename>]
  Encryption is not possible in this installation!
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  Log Details:
  When you look at command which gets executed in background(Which is
  failing) is given below.
  /usr/java14_64/bin/java -
  classpath /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/launcher.jar -Xmx256m -Xj9
  com.sap.engine.offline.OfflineToolStart
  com.sap.security.core.server.secstorefs.SecStoreFS /unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/lib/iaik_jce.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/exception.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/logging.jar:/unicode/import_uc/sapinst_instdir/SRM05/LM/COPY/ORA/SYSTEM/CENTRAL/AS/install/sharedlib/tc_sec_secstorefs.jar create -s RSP -
  f /sapmnt/RSP/global/security/data/SecStore.properties -
  k /sapmnt/RSP/global/security/data/SecStore.key -enc -p XXXXXX
  Request  If anybody in the forum has faced similar problem, pls respond back.
  Vijay

  Hi
  <b>Please go through the SAP OSS Notes, which will help -></b>
  Note 501710 - Error when accessing the "secure storage"
  Note 750779 - Safety and Security of User Mapping Data
  Note 1071472 - FileSystem SecureStore connection issues
  Note 914791 - SQL Command console does not work with automatic config
  Related Notes
  Note 520039 - Analysis report for "secure storage"
  Note 516835 - Error SECSTORE023 with secure storage
  Note 502422 - Long texts for error messages SECSTORE021 to SECSTORE031
  Note 501486 - Work process termination when using the "secure storage"
  Do let me know.
  Regards
  - Atul

• Need Help on How to Change The Encryption Key and or Change security settings

  Hello, i just installed the wireless router and i would like to know how i can change the encryption key or change the security settings (i want it so you do not have to answer it with a password). Thank you in advance.
  Message Edited by DARK_MARIO on 01-06-200706:10 PM

  Hi…
  In order to change the wireless settings of your router you need to login into the router configuration page. Open your internet explorer browser…in the address bar type http://192.168.1.1 ( Default IP address). Leave the username field balnk……type admin as password (If you have not changed the router password). When the setup page loads fully…..click on the tab that says wireless. Just below the main tab wireless ….click on the sub tab that says wireless security. You can Change the wireless security settings here. After the changes are made click on save settings.

• Entry for host name is missing or empty (Secure Store key: admin/host/).

  Hi All,
  I am in the process of installing EP7 on SLES9 and MaxDB 7.6 on a clustered HA environment where the SCS, DB and JC components are installed under and referenced by their virtual hostname (eg. sapinst SAPINST_USE_HOSTNAME <virt name>).
  The SCS instance is installed, the Database Instance is installed and I'm currently in the process of Installing the JC and Deploying the EP packages. 
  During the installation, SDM is put into standalone mode and sapinst tries to deploy the package EPBC06_0.SCA where it fails and the sdm_server.err shows :
  "com.sap.sdm.serverext.servertype.inqmy.TargetEngineConfigurationException: Cannot retrieve Engine logon data from Secure Store: Entry for host name is missing or empty (Secure Store key: admin/host/).        at com.sap.sdm.serverext.servertype.inqmy.InQMyTargetSystemConfigurator.getLoginDataFromSecStoreInQMyTargetSystemConfigurator.java:286)        at com.sap.sdm.serverext.servertype.inqmy.InQMyTargetSystemConfigurator.getEngineLoginDataInQMyTargetSystemConfigurator.java:197)        at com.sap.sdm.serverext.servertype.inqmy.EngineStateServiceImpl.determineCurrentEngineStateEngineStateServiceImpl.java:53)        at com.sap.sdm.app.proc.deployment.states.State.determineJ2EEEngineState(State.java:97)        at com.sap.sdm.app.proc.deployment.states.StateBeforeFirstDeployment.getJ2EEEngineStateChangeDescriptionStateBeforeFirstDeployment.java:75)        at com.sap.sdm.app.view.proc.deployment.mapper.StateMapper.map(StateMapper.java:56)        at com.sap.sdm.app.view.proc.deployment.mapper.FlowMapper.map(FlowMapper.java:28)        at com.sap.sdm.app.view.session.AppViewUpdater.updateAppView(AppViewUpdater.java:22)        at com.sap.sdm.app.view.session.AppViewUpdater.sessionStateChanged(AppViewUpdater.java:18)        at com.sap.sdm.app.proc.deployment.impl.SessionStateObserversImpl.notifySessionStateChangedSessionStateObserversImpl.java:46)        at com.sap.sdm.app.proc.deployment.states.InstContext.processEventServerSide(InstContext.java:85)        at com.sap.sdm.app.proc.deployment.states.InstContext.processEvent(InstContext.java:59)        at com.sap.sdm.app.view.controllers.DeployEventProcessor.processEvent(DeployEventProcessor.java:11)        at com.sap.sdm.client_server.deployserver.DeployCmdProcessor.processEvent(DeployCmdProcessor.java:264)        at com.sap.sdm.client_server.deployserver.DeployCmdProcessor.process(DeployCmdProcessor.java:108)        at com.sap.sdm.gui.server.GuiAdminRoleCmdProcessor.processGuiAdminRoleCmdProcessor.java:72)        at com.sap.sdm.is.cs.session.server.SessionCmdProcessor.process(SessionCmdProcessor.java:67)        at com.sap.sdm.is.cs.cmd.server.CmdServer.execCommandCmdServer.java:76)        at com.sap.sdm.client_server.launch.ServerLauncher$ConnectionHandlerImpl.handle(ServerLauncher.java:286)        at com.sap.sdm.is.cs.ncserver.NetCommServer.serveNetCommServer.java:43)        at com.sap.sdm.is.cs.ncwrapper.impl.ServiceWrapper.serveServiceWrapper.java:39)        at com.sap.bc.cts.tp.net.Worker.run(Worker.java:50)       at java.lang.Thread.run(Thread.java:816)"
  The same problem occurs if I try to deploy this package or any other package using SDM in standalone or integrated mode. 
  configtool -> Secure Store -> admin/host/<SID> is the virtual hostname of the JC instance.
  I've tried the following to no avail:
  - Changed configtool -> Secure Store -> admin/host/<SID> to be the physical hostname of the box.
  - Changed configtool -> Server -> Dispatcher -> Service -> P4 -> bindhost (from 0.0.0.0 to JC virt IP).
  - Changed the <Host> entry in sdmrepository.sdc from <phys hostname> to <jc virt hostname>.
  The SAPLOCALHOST, SAPGLOBALHOST all seem to be set correctly in the SAP profiles.
  Has anyone had this issue?  If so, what do I need to check/change?  Any ideas?
  Notice the message does not reference the <SID> in "admin/host", could this be related to the issue?  If so, what can cause this?
  TIA
  Anthony

  Hi All,
  Just an update, I was able to get around my problems by patching the 2004s media from sp6 to sp8, uninstalling my scs, and database and re-installing from the patched media.

• Java Install,  Cannot insert a key value pair into the secure store fails,

  Dear All,
  I'm doing Java Intallaion in BI7 on CI and in the midle of installtions we encounter,
  TRACE      [iaxxejsexp.cpp:199]
             EJS_Installer::writeTraceToLogBook()
  NWException thrown: nw.secureStore.cannotInsertIntoSecureStore:
  Cannot insert a key value pair into the secure store fails; see output of log file SecureStoreInsert.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  A key/value pair with this key already exists in the store..
  ERROR      2008-04-23 11:36:21
             CJSlibModule::writeError_impl()
  CJS-30051  Cannot insert a key value pair into the secure store fails; see output of log file SecureStoreInsert.log:
  SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  A key/value pair with this key already exists in the store..
  TRACE      [iaxxejsbas.hpp:460]
             EJS_Base::dispatchFunctionCall()
  JS Callback has thrown unknown exception. Rethrowing.
  ERROR      2008-04-23 11:36:21 [iaxxgenimp.cpp:731]
             showDialog()
  FCO-00011  The step insertAdminDataInSecStore with step key |NW_Addin_CI|ind|ind|ind|ind|0|0|NW_CI_Instance|ind|ind|ind|ind|8|0|NW_CI_Instance_Configure_Java|ind|ind|ind|ind|4|0|insertAdminDataInSecStore was executed with status ERROR .
  TRACE      [iaxxgenimp.cpp:719]
             showDialog()
  There's any want in here can help us Please,
  Thanks and Best Regards,
  Chrisna

  The clean way to Uninstall JAVA is through SAPINST. 
  Make user you drop only the JAVA Schema ID (SAPSR3DB)
  If you want to uninstall manually, follow as mentioned below :
  1. Stop the central services instance and all dialog instances of your SAP system:
  a) Log on to the corresponding instance host as user <sapsid>adm.
  b) Execute the following commands:
     To stop the central services instance:
               stopsap r3 <SCSinstanceName>
     To stop a dialog instance:
              stopsap r3 <DialogInstanceName>
  2. Stop the J2EE Engine of the central instance:
  a) Log on to your SAP system.
  b) Call transaction SMICM.
  c) Choose Administration J2EE Instance (local) Send Hard Shutdown
  2. Drop the J2EE DB schema (the db schema for this one SAP SID) BE VERY CAREFUL, do not drop the DB schema for another existing system or
  the ABAP schema.
  a. Log on as user ora<dbsid>.
  b. Start sqlplus and connect to the database. Enter:
  sqlplus /nolog
  c. SQLPLUS>connect / as sysdba
  d. Enter the following command to delete the database objects of the database schema:
  SQLPLUS> drop user SAP<SCHEMA_ID>DB cascade;
  e. Enter the following command to get the file name of the corresponding data file in the file system:
  SQLPLUS> select file_name from dba_data_files where \
  tablespace_name = ’PSAP<SCHEMA_ID>DB’;
  f. Enter the following command to delete the tablespace of the database schema:
  SQLPLUS> drop tablespace PSAP<SCHEMA_ID>DB including contents;
  g. Exit sqlplus:
  SQLPLUS> exit
  3. Remove folder "data" at: /sapmnt/QO1/global/security/data
  4. Remove folder "SDM" at: /usr/sap/<sid>/<Central instance>/SDM
  5. Remove folder "j2ee" at:  /usr/sap/<sid>/<Central instance>/j2ee
  6. Revert CI instance profile to their original state (backup copies should exist) # they should be in the state before the start of the JavaAdd In
  7. If lines beginning with the following parameters appear, delete these lines from the default profile, /usr/sap/<SAPSID>/SYS/profile/DEFAULT.PFL:
  j2ee/dbname =
  j2ee/dbtype =
  j2ee/dbhost =
  j2ee/dbadminurl =
  j2ee/scs/host =
  j2ee/scs/system =
  j2ee/ms/port =
  8. If lines beginning with the following parameters appear, delete these lines from the central instance pro?le and from all dialog instance pro?les,
  /usr/sap/<SAPSID>/SYS/profile/<SAPSID>_<INSTANCE_NAME>_<host_name>:
  exe/j2ee =
  exe/jlaunch =
  rdisp/j2ee_start_control =
  rdisp/j2ee_start =
  rdisp/j2ee_timeout =
  rdisp/j2ee_libpath =
  rdisp/frfc_fallback =
  jstartup/trimming_properties =
  jstartup/instance_properties =
  jstartup/protocol =
  jstartup/vm/home =
  jstartup/max_caches =
  jstartup/release =
  j2ee/dbdriver =
  9. Delete the central services instance
  10. Restart ABAP and Install JAVA Add-in
  Edited by: Shaji Jacob on Apr 27, 2008 11:46 AM

• Weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting Secret Key

  Hi all,
  I have one admin server 8 managed servers in cluster environment. I am using node
  manager to start managed servers. I used the demo certificate and private key
  file provided by BEA before getting my real certificate, but when I got the real
  certificate the node manager can't no more. The error I am getting is this :
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <NodeManager: for information
  on command line options, try "java weblogic.nodemanager.NodeManager help">
  <Dec 24, 2002 10:01:27 AM EST> <Info> <NodeManager> <Starting NodeManager >
  Exception in thread "main" weblogic.security.internal.encryption.EncryptionServiceException:
  Error decrypting Secret Key
       at weblogic.security.internal.encryption.JSafeSecretKeyEncryptor.decryptSecretKey(JSafeSecretKeyEncryptor.java:119)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:205)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  --------------- nested within: ------------------
  weblogic.security.internal.encryption.EncryptionServiceException - with nested
  exception:
  [weblogic.security.internal.encryption.EncryptionServiceException: Error decrypting
  Secret Key]
       at weblogic.security.internal.encryption.JSafeEncryptionServiceImpl.<init>(JSafeEncryptionServiceImpl.java:226)
       at weblogic.security.internal.encryption.JSafeEncryptionServiceFactory.getEncryptionService(JSafeEncryptionServiceFactory.java:23)
       at weblogic.nodemanager.NodeManager.initializeEncryptionService(NodeManager.java:727)
       at weblogic.nodemanager.NodeManager.init(NodeManager.java:425)
       at weblogic.nodemanager.NodeManager.main(NodeManager.java:649)
  here is the setting of node manager
  # Set user-defined variables.
  BEA_HOME="/opt/app/weblogic"
  WL_HOME=${BEA_HOME}/weblogic700
  NODEMGR_HOME=${BEA_HOME}/common/nodemanager/config
  JAVA_HOME=${BEA_HOME}/software/j2sdk1_3_1_06
  #Set NODEMANAGER variables
  NODEMANAGER_CERTIFICATEFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-cert.pem
  NODEMANAGER_KEYFILE=${NODEMGR_HOME}/uxmwpr01_nam_pwcinternal_com-key.der
  NODEMANAGER_KEYPASSWORD="wR2DfgiHjF0m4"
  NODEMANAGER_LISTENADDRESS="uxmwpr01"
  NODEMANAGER_LISTENPORT="5501"
  NODEMANAGER_REVERSEDNS="true"
  NODEMANAGER_SSLVERIFICATION="true"
  NODEMANAGER_STARTTEMPLATE=${NODEMGR_HOME}/startManagedWeblogic
  NODEMANAGER_SSLTRUSTED=${WL_HOME}/server/lib/cacerts
  NODEMANAGER_JAVASECURITY=${WL_HOME}/server/lib/weblogic.policy
  NODEMANAGER_TRUSTEDHOSTS=${NODEMGR_HOME}/nodemanager.hosts
  NODEMANAGER_NATIVEIO="true"
  ${JAVA_HOME}/bin/java ${JAVA_VM} ${MEM_ARGS} ${JAVA_OPTIONS} -classpath "${CLASSPATH}"
  -Dbea.home=${BEA_HOME} -Dweblogic.security.SSL.trustedCAKeyStore=${NODEMANAGER_SSLTRUSTED}
  -Djava.security.policy=${NODEMANAGER_JAVASECURITY} -Dweblogic.nodemanager.javaHome=${JAVA_HOME}
  -Dweblogic.ListenAddress=${NODEMANAGER_LISTENADDRESS} -Dweblogic.ListenPort=${NODEMANAGER_LISTENPORT}
  -Dweblogic.nodemanager.certificateFile=${NODEMANAGER_CERTIFICATEFILE} -Dweblogic.nodemanager.keyFile=${NODEMANAGER_KEYFILE}
  -Dweblogic.nodemanager.keyPassword=${NODEMANAGER_KEYPASSWORD} -Dweblogic.nodemanager.reverseDnsEnabled=${NODEMANAGER_REVERSEDNS}
  -Dweblogic.nodemanager.startTemplate=${NODEMANAGER_STARTTEMPLATE} -Dweblogic.nodemanager.sslHostNameVerificationEnabled=${NODEMANAGER_SSLVERIFICATION}
  -Dweblogic.nodemanager.trustedHosts=${NODEMANAGER_TRUSTEDHOSTS} -Dweblogic.nodemanager.nativeVersionEnabled=${NODEMANAGER_NATIVEIO}
  weblogic.nodemanager.NodeManager

  "Jas" <[email protected]> wrote in message news:<3e657be5$[email protected]>...
  Hi,
  I am wondering if anyone has tried creating a domain on a weblogic server by copying
  and pasting an entire domain directory. ie. Copying %bea_home%\config\DomainName
  to the new installation %bea_home%\config\DomainName.
  When I do this I get the following error when starting up the weblogic server:
  "The WebLogic Server did not start up properly. Exception raised:
  weblogic.security.internal.encryption.EncryptionServiceException:Error decrypting
  Secret Key" when loading config.xml
  I assume this is because the weblogic system password is encrypted in the config.xml
  file. Is there anyway I can get around this so I can easily clone weblogic servers?
  Thanks,
  JasJas,
  Yeah the security key is tied to the server, what exactly are you
  trying to accomplish? Do you want seperate domains or servers? Are
  they on different physical servers?
  Also what version of wls? 6 or 7?
  Will try to help you if I can
  Steve

• Cannot insert a key value pair into the secure store fails; see output of l

  Hi,
  how can I fix this problem ?
  SAPNW2004sJavaSP9_Trial\SAP_NetWeaver_2004s_SR_1
  jdkversion 142_09 .
  ERROR 2008-07-10 13:13:31
  CJS-30051  Cannot insert a key value pair into the secure store fails; see output of log file SecureStoreInsert.log: SAP Secure Store in the File System - Copyright (c) 2003 SAP AG
  Regds
  sas

  Hi Arzu,
  thank you for your replying.
  The current OS I am using is Microsoft Windows XP
  Service Pack 2.
  The very last installation was made with JDK version 142_12.
  However it was pointless. I can try to reinstall with
  the mentioned newest JCE policy files .
  Can tell me from where I can obtain these above
  JCE policy files ?
  Regards
  Erdem Sas

• Two places to input encryption key alias in WS Security proxy wizard?

  Hi,
  When you secure a Web Service Proxy in JDeveloper you can input encryption key alias in the Encrypt tab and in the Keystore Path tab. I don't understand why there are two places for this. Anybody know why?
  Screen dumps:
  http://i16.tinypic.com/63tp2pw.jpg
  http://i10.tinypic.com/4tpmc0h.jpg
  Regards Pete
  Message was edited by:
  the heat
  Message was edited by:
  the heat
  Message was edited by:
  the heat

  Hi,
  check http://www.oracle.com/technology/products/jdev/howtos/1013/wssecure/10gwssecurity_howto.html
  this should have some answers for you
  Frank