Wiki Admin

Missing $DSS_CONFIG/wallet Directory or File

Export as HTML Export as PDF Export as DOCX
Edit

Documentation: Missing $DSS_CONFIG/wallet Directory or File

Missing $DSS_CONFIG/wallet Directory or File

Issue

The $DSS_CONFIG/wallet directory or a file inside the $DSS_CONFIG/wallet directory is missing.

In addition, while running the dsshubserver command, the following errors appear

  • F_JW0559: Error contacting configured repository: F_JR0EA1: Cannot find wallet encryption key with sequence 1.
  • F_JR0EA8: The previous error occurred while decrypting a value encrypted with key sequence 1.
  • F_JR05C4: The previous error occurred while decrypting without a cached wallet.
  • F_JR057A: The previous error occurred while connecting to the repository.
  • F_JW0513: The previous error occurred during start of worker 'w0'.

If the dsshubserver command is still running and an dsstestlocation command is complete, the following errors appear:

  • F_JR0E95: Could not open encryption wallet. Reason: Reading Encryption_Password_Filename=<password file>.cred resulted in an error.
  • F_JG20CD: Open of file '/home/hverheul/dev/jhvma_6022/dss_config/wallet/<password file>.cred' for operation 'read' failed. Error: No such file or directory.}
  • F_JR0E99: Encrypting or decrypting a value requires encryption wallet to be already open.

If the dsshubserver command is still running and a suspended job begins, the following errors appear:

  • F_JR0EA1: Cannot find wallet encryption key with sequence 1.
  • F_JR0EA8: The previous error occurred while decrypting a value encrypted with key sequence 1.
  • F_JR05C4: The previous error occurred while decrypting without a cached wallet.
  • F_JR057A: The previous error occurred while connecting to the repository.

Environment

  • OS: Windows or Linux
  • DSS 6
  • dssagent using only an anonymous connection.

Resolution

To resolve this issue, do the following:

  1. Stop dsshubserver.
  2. Run the following command from the dsshubserver repository:
    delete from dss_repos_property where prop_name='Wallet';
  3. Modify $DSS_CONFIG/etc/dsshubsever.conf, replacing the encrypted Database_Password value with the repository password.
  4. Start dsshubserver.
  5. Run dssssslgen to create a private key and public certificate, which you can use to configure the repository. Use the following command:
    dsssslgen hub 'hub'
  6. Update the repository with the public certificate, private key, and private key password returned in step 5. You can use the following command:
    dssreposconfig Agent_Client_Public_Certificate=@hub.pub_cert Agent_Client_Private_Key=@hub.priv_key Agent_Client_Private_Key_Password=<passwd from dsssslgen output>
  7. To ensure the dssagent can be configured with the new public certificate, get the Agent_Client_Public_Certificate from the repository using the following command:
    dssreposconfig Agent_Client_Public_Certificate
  8. Update the dssagent configuration to trust the new certificate from the dsshubserver using the following command:
    dssagentconfig Only_From_Client_Public_Certificates='{"<hubserver>:<port>/":"<the value from previous command>"}'
  9. Clear the old repository certificate for locations that use the dssagent by running the following command:
    dsslocationconfig <hub> <location> Agent_Server_Public_Certificate=
  10. Update the location(s) to include the plain text password. This ensures the password is obfuscated correctly and no longer depends on the deleted encryption key. Use the following command:
    dsslocationconfig <hub> <location> Database_Password=<plain password>
  11. Run Activate Replication with the Jobs option selected.
  12. Ensure the dsshubserver repository doesn't return the plain password using the following command:
    dsshubserverconfig Database_Password=<the password>

Once you've completed the steps above, the Database_Password returned by the dsshubserverconfig -Vstorage and dsslocationconfig -Vstorage <hub> <location> commands will be obfuscated and will not use encryption.

(Optional) Re-enable the dsswallet

To re-enable the dsswallet, do the following:

  1. Enable the wallet using the following command. You can ignore any errors you encounter.
    dsswalletconfig -c Type=SOFTWARE Auto_Open=true
  2. Ensure the dsshubserver repository returns the new encryption key using the following command:
    dsshubserverconfig Database_Password=<the plain password>
  3. Ensure the repository also uses the new encryption key by modifying the location Database_Password using the following command:
    dsslocationconfig <hub> <location> Database_Password=<password>
  4. To check whether the encryption key is used, execute one of the following commands:
    • For a location:
      dsslocationconfig -Vstorage <hub> <location> Database_Password
    • Using SQL:
      select loc_name,hub_name,prop_value,insert_tstamp from dss_location_property where prop_name='Database_Password' and delete_tstamp is null;
    • For the dsshubserver repository:
      dsshubserverconfig -Vstorage Database_Password

The output should include an encrypted value, such as {1:OFjsm70i5fXoKZJtS9/adVehOA}, indicating that wallet encryption key 1 in use.