Applies to:
Siebel CRM - Version 8.0.0.5 [20420] - DO NOT USE and later
Information in this document applies to any platform.
***Checked for relevance on 24-OCT-2012***
Symptoms
Siebel 8.0.0.5 is trying to access the keydbmgr prior to upgrading to
the Siebel Strong Encryption Pack. The utility appears to do its
initial load properly, but after they press the "c" button to continue
they get an error about not being able to decrypt the password.
Inspection of the keydbmgr.log shows the following two errors:
Decrypt failed with 10879085. Error during encryption or decryption operation by the RC2 Encryptor.
(keymanager.cpp (268)) SBL-SVC-00281:
Internal: error occurred during password decryption.
Desired behavior is that the keydbmgr would present the password prompt and then allow access to the utility menu.
Cause
Mismatch between keyfile.bin file in the environment (which is
standard vanilla) and the S_APP_VER.ENCRYPT_PWD_FL_KEY which should be
NULL in this case but has a value since it was imported from another
environment.
Customer has noted that the keyfile.bin is vanilla
but the S_APP_VER value is clearly populated. This mismatch would cause
the keydbmgr.exe program all sorts of problems. Also in all likelihood
the value stored in S_APP_VER is encrypted with AES 256 encryption from
the environment it came from, but this environment still has been
upgraded to have that capacity.
Solution
The fact that there is pre-existing encrypted data somewhat
complicates things. We will try the simplest approach first. If that
does not work, we may need to go with a more complicated one.
_$#$_ *** CRITICAL: ONCE WE START THIS
PROCESS NO ONE CAN CREATE NEW OR MODIFY ANY EXISTING ENCRYPTED DATA
UNTIL WE ARE SURE THAT THE KEYFILE IS IN PLACE AND WORKING PROPERLY. IF
THEY DO THERE IS A VERY HIGH CHANCE THAT THE DATA WILL BE LOST!!! ***
1. Make a backup of the existing vanilla keyfile.bin. Then
make a second backup of the existing vanilla keyfile.bin. Consider
making a third copy.
2. Copy the value currently in
S_APP_VER.ENCRYPT_PWD_FL_KEY and verify it. Do it again so that you have
two known good copies of S_APP_VER.ENCRYPT_PWD_FL_KEY.
(The above may seem a bit excessive, but these are the items that -- if lost -- will move us from complicated to a nightmare.)
3.
Install the base Siebel Strong Encryption Pack with the exact same
algorithm and bit length as the source environment. DO NOT DO THE
KEYDBUPGRADE STEP!!!
4. Install any Fix Packs necessary to bring
the SSEP on the target environment to the exact same level as the
source environment.
5. Update any masked parameters as indicated in the SSEP installation instructions.
6. Copy the keyfile.bin from the source environment over to the target environment.
7. Stop and restart the Siebel Environment.
8.
Attempt to use keydbmgr.exe to access the keyfile.bin utilities. If
this fails, please let me know and we will take a look at it.
9. Decision Point: Are you going to do any additional refreshes of this target environment from the source environment?
9 (YES): Exit the keydbmgr utility without changing the password or adding a new key.
9 (NO): Change the keyfile password. Optional -- Add a new encryption key.
10.
Inside the application, check to make sure that previously encrypted
information is decrypting properly. If no, stop and let me know.
11. Inside the application, create a new record with encrypted data. Does it work properly? If no, stop and let me know.
12. Make backups of the working keyfile.bin and the value in S_APP_VER.ENCRYPT_PWD_FL_KEY. Put these somewhere safe.
Applies to:
Siebel System Software - Version: 7.7.2.8 [18379] and later [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)
Product Release: V7 (Enterprise)
Version: 7.7.2.8 [18379]
Database: Oracle 9.2.0.4
Application Server OS: Sun Solaris 9
Database Server OS: Sun Solaris 2.8
This document was previously published as Siebel SR 38-3413239318.
Symptoms
Customer reported the following:
Customer applied Siebel Fix Pack versuib 7.7.2.8 on top of Siebel
version 7.7.2.6, and immediately started experiencing crashes whenever
using encrypted data.
This stops happening after rolling back the Siebel version 7.7.2.8 Fix Pack.
The Call Stack they are getting is the following:
CSSRandomBytes::GenerateRandomBytes
CSSGenericCrypter::AESDecrypt
CSSGenericCrypter::Decrypt
CSSGenericCrypter::Decrypt
CSSKeyManager::decryptPassword
CSSKeyManager::retrievePassword
CSSKeyManager::init
CSSBCFieldCryptMgr::Encrypt
CSSBCFieldCryptMgr::SetEncryptedFieldValue
CSSBCBase::SqlSetFieldValue
CSSBCFieldCryptMgr::SetSecureDisplayValue
CSSBCBase::SqlSetFieldValue
CSSBusComp::SetFieldValue
CSSSWEFrame::SetFieldValue
CSSSWEFrame::StoreFieldData
CSSSWEFrame::PostChangesToBC
CSSSWEFrame::OnActionsWriterecord
CSSMvgImpl::OnActionsWriterecord
CSSTPopupMvg::DoInvokeMethod
CSSSWEFrame::InvokeMethod
...
This customer is using AES as the encryption type, with encryption level (key length or strength) of 256 bit.
Cause
SBL-DAT-00111, SBL-SVC-00281, SBL-UIF-00299, SBL-OSD-02006
Solution
For the benefit of other readers:
We could locate a known Product Defect which has been recently reported in our Knowledge Base:
- Bug 10522852: After upgrading to 7.8.2.5 SIA, AES 256 encryption causes object manager to crash.
This behavior had been reported with bug# 10522852 for Siebel version
7.8.2.5. The fix for version 7.8.2 has been introduced with Siebel
version 7.8.2.12.
On Siebel version 7.7.2, the issue is fixed on version 7.7.2.9 or higher.
Applies to:
Siebel CRM - Version: 8.0.0.2 [20412] and later [Release: V8 and later ]
Information in this document applies to any platform.
Symptoms
User has upgraded to 128 bit encryption using the Siebel Strong
Encryption Pack (SSEP). Now when they try to go into the keydbmgr
utility to add a new encyrption key, they are getting the following
error:
Internal: error occurred during password decryption.
(SBL-SVC-00281)
Cleaning up... this may take a while.
Review of the keydbmgr.log further clarifies this error with the following:
CryptEngine CryptEngineError 1 0000000248c604c4:0 2008-09-09 15:42:11 Decrypt failed with 10879086.
Error: Base64 decode failed.
Cause
Behavior was caused by inclusion of the /k parameter on the command
line. Verified in TS lab environment and change request 12-1Q9Z858
logged.
Solution
This behavior was caused by the inclusion of the /k parameter in the
keydbmgr command line. Although this parameter shows up when you use a
help command or enter keydbmgr without parameters, it is not documented
anywhere and appears to be non-functional. BugID 12-1Q9Z858 has been
filed to either fix the functionality or remove the reference.
The workaround is to simply not use the /k parameter. In this case you will be prompted to manually enter the keyfile password.
Applies to:
Siebel CRM Call Center - Version 8.0 SIA [20405] to 8.1.1.3 SIA[21219] [Release V8]
Information in this document applies to any platform.
Symptoms
SUMMARY
--------------------------
After modifying the default password stored under
S_APP_VER.ENCRYPT_PWD_FL_KEY and installing the Strong Encryption Pack
(SSEP) with AES 256bit encryption, running utilities such as
KEYDBUPGRADE and KEYDBMGR fail - and create a user (core) dump.
ERROR MESSAGES
--------------------------
Internal: error occurred during password decryption.(SBL-SVC-00281)
CALL STACK
--------------------------
/apps/siebel/siebsrvr/lib/libsslcosd.so:0x4ad24
/lib/libc.so.1:0xc8dc8
/lib/libc.so.1:0xbd460
/lib/libc.so.1:0xbd648
/apps/siebel/siebsrvr/mw/lib/libmwsafe.so:B_RandomInit+0x0 [ Signal 4 (ILL)]
/apps/siebel/siebsrvr/lib/libsslcrsa256.so:bool
CSSRandomBytes::GenerateRandomBytes(const
CCFMemBlock&,unsigned,CCFMemBlock&)+0x64
/apps/siebel/siebsrvr/lib/libsslcrsa.so:int
CSSGenericCrypter::AESEncrypt(const CCFMemBlock&,const
CCFMemBlock&,CCFMemBlock&,CSSAESCrypter::EnumKeyLength&,const
CCFMemBlock*)+0xfc
/apps/siebel/siebsrvr/lib/libsslcrsa.so:int
CSSGenericCrypter::Encrypt(const
CCFMemBlock&,CCFMemBlock&,CSSGenericCrypter::EnumCryptType,const
CCFMemBlock*)+0x30c
/apps/siebel/siebsrvr/lib/libsslcrsa.so:int
CSSGenericCrypter::Encrypt(const
SSstring&,SSstring&,CSSGenericCrypter::EnumCryptType,const
SSstring*)+0x1e8
/apps/siebel/siebsrvr/lib/libsslckm.so:unsigned CSSKeyManager::upgrade()+0x440
/apps/siebel/siebsrvr/bin/keydbupgrade:int upgradeKeyDB(CSSKeyManager*)+0x30
/apps/siebel/siebsrvr/bin/keydbupgrade:wmain+0x800
/apps/siebel/siebsrvr/bin/keydbupgrade:main+0x128
/apps/siebel/siebsrvr/bin/keydbupgrade:_start+0x108
EXPECTED BEHAVIOR
-------------------------------
After updating the KEYFILE.BIN with a non-default password, installing
the SSEP and patching to the latest version - the KEYDBUPGRADE utility
can be successfully run to completion
Cause
Bug 10590129 [CRASH SIEBEL OM AFTER ENABLING AES 256 ENCRYPTOR]
Solution
1. Install Siebel Fix Pack 8.1.1.4
NOTE:
Bug 10591305 has been fixed in 8.1.1.4 FP
Bug 10592400 has been fixed in 8.2.2 FP
Bug 14043864 has been requested for 8.0.0.13 QF
2. Alternative solution,
1. Uninstall the SSEP with AES 256bit encryption
2. Install the SSEP again, but with AES 128bit encryption
3. Run the KEYDBUPGRADE utility
4. Remask all parameters stored in the SIEBNS.DAT
Applies to:
Siebel CRM - Version 8.0.0.6 [20423] and later
Information in this document applies to any platform.
Symptoms
Environment:
-------------------
Product Type: Siebel CRM
Version: 8.0.0.6 [20423] ENU
OS platform: N/S
DB: Oracle Database - Enterprise Edition
Env type: Dev
Statement of Issue:
-----------------------------
An
ASI has been created to enable an external application to insert a SR
and an associated contact into Siebel. When the ASI is called and the
field ContactEmail is not set, the SR and the contact are inserted
correctly and the call completes correctly. When the ASI is called and
ContactEmail is set, the SR and the contact aren’t inserted and the call
fails with an error.
Error:
-------
Picklist validation of
field 'Contact Last Name' in integration component 'Service Request'
did not find any matches satisfying the query '[First Name] = "First
Ronnie 160" AND [Last Name] = "Last Ronnie 160"', and an attempt to
create a new record through the picklist failed.(SBL-EAI-04186)
Cause
The application has been configured so that contact email addresses
are encrypted. However, an error was occurring when the application
tried to encrypt a value, which in turn caused the contact insert and
the ASI call to fail.
EAIObjMgr_enu_0037_38797322.log shows that
the EAI Siebel Adapter was trying to insert a record through the
Contact bus comp and the following error occurred executing the
GetLatestIndxRef method on the SiebelEncryptKey business service:
CryptEngine
CryptEngineError 1 00000174511c05c1:0 2013-02-14 15:42:56 Decrypt
failed with 4522127. Internal: input disassembly failed.
ObjMgrLog Error 1 00000174511c05c1:0 2013-02-14 15:42:56 (keymanager.cpp (268)) SBL-SVC-00281:
Internal: error occurred during password decryption.
This caused the WriteRecord method to fail with the following error:
15:42:56
(adptutils.cpp (5614)) SBL-EAI-04376: Method 'WriteRecord' of business
component 'Contact' (integration component '') returned the following
error:
"
Internal: error occurred during password decryption.
The
customer confirmed that the "Internal: error occurred during password
decryption." also occurred when a user tried to enter a contact email
address in the UI.
Solution
The customer configured the application so that it is able to
correctly encrypt contact email addresses. The customer raised a SR in
the area of Security / Authentication - Data Encryption to request
assistance to do this. Once this was done, the contact insert, the SR
insert and the ASI call all completed correctly.
No comments:
Post a Comment