Hi Chug -
CPS 10 with SQL Server 2008 R2 here. I'm attempting to move JBoss from our SQL Server to a different server to spread out the work load. After installing JBoss on the new server I get errors when attempting to log in through the CPS client. It seems to me that this process should be exactly the same as a fresh installation, so maybe someone will recognize what I have missed.
This is the error I get from the CPS client after clicking Log In: "An unknown error occurred in the Service Layer request. ErrorCode: SECURITY_UNKOWN_ERROR."
Further digging into the JBoss logs reveals this error: " [AuthenticationBO] Unable to get instance of an authentication model due to an encryption error.
aesdpapi.AesDataProtectionAPIException: A native error occured in function 'UnprotectData'. Error -2146893819 : Bad Data.
at aesdpapi.AesDataProtectionAPI.unprotectData(AesDataProtectionAPI.java:348)
at com.gehcit.cp.security.bo.LDAPAuthenticationModel.decryptLdapPassword(LDAPAuthenticationModel.java:302)
at com.gehcit.cp.security.bo.LDAPAuthenticationModel.loadLDAPAttributes(LDAPAuthenticationModel.java:185)
at com.gehcit.cp.security.bo.LDAPAuthenticationModel.<init>(LDAPAuthenticationModel.java:162)"
I hope you have this fixed by now but I ran into this once and I fixed it by using the "set user defaults" button in server setup
Mike Zavolas
Tallahassee Neurological Clinic
It turned out the password for the account used to query Active Directory is encrypted and stored in the database, and is hashed with something unique to the JBoss server. So the fix is to use Server Setup after moving JBoss, go into the security settings, and re-enter and verify the username and password for connecting to Active Directory. Then exit the security settings without making any changes.
justinbelcher said:
It turned out the password for the account used to query Active Directory is encrypted and stored in the database, and is hashed with something unique to the JBoss server. So the fix is to use Server Setup after moving JBoss, go into the security settings, and re-enter and verify the username and password for connecting to Active Directory. Then exit the security settings without making any changes.
Good to know. Thank you for the update.