Encryption validation error when upgrading to K2 5.6

 When upgrading to K2 5.6, you may run into an Encryption Validation error that stops the upgrade and puts it in a 'Recover' stage:


Error in the installer trace log indicates:

However, after the K2 database was migrated, the following script was already completed to drop and re-add encryption:

OPEN MASTER KEY DECRYPTION BY PASSWORD = 'passwordhere'; 
ALTER MASTER KEY DROP ENCRYPTION BY SERVICE MASTER KEY; 
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY; 
CLOSE MASTER KEY;

And the following does show that data is property decrypted:

OPEN SYMMETRIC KEY SCSSOKey 
DECRYPTION BY CERTIFICATE SCHostServerCert; 
SELECT [VariableToken],
       CONVERT(nvarchar(max), DECRYPTBYKEY([VariableValue])) as 'Decrypted Value',
    [VariableValue]
    FROM [HostServer].[Configuration]
WHERE [Encrypted]=1

The issue was due to the [K2HOSTCONNECTIONSTRING_SYSTEM] row in the HostServer.Configuration table not being encrypted, but the [Encrypted] column was set to 1.

To resolve you can run:

UPDATE [HostServer].[Configuration]
SET [Encrypted] = 0
WHERE [VariableToken] = '[K2HOSTCONNECTIONSTRING_SYSTEM]'

And then re-run the Setup Manager and perform the 'Recover' option.  Once the upgrade is completed, this row should be properly encrypted again.




Comments

Post a Comment

Popular posts from this blog

Blocking Error during K2 5.6 Server migration

  Error Encountered: Error during K2 5.6 migration to a new machine, keeping the SQL server unchanged. Error message:                       20:49:59:>> Certificates.FindCertificate: Found 1 certificates                       20:49:59:>> RegisterShard.Execute: Adding additonal connection string parameters to config service shard                       20:49:59:>> AdditionalConnectionStringParameters.AmendSQLConnectionString: Additional connection string parameter value: empty                       20:49:59:>> AdditionalConnectionStringParameters.AmendSQLConnectionString: Additional ConnectionString Parameters is empty                       20:50:04:>> AnalyzableAction.PopulateValidate...
Read more

Client Credentials flow with K2 Cloud with Odata, Workflow REST or SCIM

Image
This guide outlines the steps to using the Client Credentials Flow for accessing Nintex K2 Cloud's OData, Workflow REST, or SCIM APIs. Before you begin: Ensure your environment is eligible for Client Credentials Flow by contacting Nintex support ( https://customer.nintex.com/cases/Pages/default.aspx ). Have a SHA256 hash of the client secret of your choosing ready. Steps: Onboarding: Open a support ticket with Nintex requesting the onboarding of the Client Credentials Flow for your environment. Provide the SHA256 hash of your the client secret. https://help.nintex.com/en-US/k2cloud/userguide/current/Content/IdProviders/ClientCredentials.htm You can Generate the secret hash from a Client Secret value in a .NET console application. The onboarding team does not need the actual secret value, only the hash of it. Use the following steps and code example to generate the hash: Add the  IdentityModel  NuGet package. Add the  IdentityModel  library reference in the ...
Read more

Blocking error RegisterServiceInstanceObjects when upgrading to K2 5.6/5.7

K2 5.7 Upgrade Error: Blocking Issue with Orphaned Service Instances Error Message:             07:30:39:>> AuthorizationBase.RegisterServiceInstanceObjects: Current ServiceType and ServiceInstance details: ServiceType.Guid = GUIDValue1. ServiceInstance.Guid = GUIDValue2 . ServiceInstance.Name = ServiceInstanceName             07:30:39:>> ConnectionHelper.GetServerInstance: Create 'AuthorizationClient' instance using ConnectionContext             07:30:39:>> AuthorizationBase.RegisterObject: Validate Parent             07:30:39:>> AuthorizationBase.Execute: Logged Error: Failed: System.Exception: Item 'GUIDValue1' does not exist    at SourceCode.Install.Package.Actions.Authorization.AuthorizationBase.RegisterObject(String name, Guid id, Guid parentID, Guid classID, String className, Boolean inherit, Boolean propagate, IIdentityReferenc...
Read more