Symptoms when an encryption password is missing or does not match the one previously specified in TIBCO Spotfire Server

Symptoms when an encryption password is missing or does not match the one previously specified in TIBCO Spotfire Server

book

Article ID: KB0073507

calendar_today

Updated On:

Products

Spotfire Server

Description

When creating a bootstrap file for the Spotfire server, you have the option of specifying an encryption password. This password is used to encrypt and decrypt sensitive data in the database. If this password is changed when creating a new bootstrap file, then the Spotfire server will not be able to decrypt any of the data that was encrypted in the database with the old encryption password.
 
Some of the symptoms of a changed encryption password will be listed in this article.

Symptoms
When using LDAP authentication you might see the below error in the catalina.xxx-xx-xx.log file and server.log during startup of the Spotfire server service
The LDAP service account for LDAP configuration 'NameOfConfiguration' is specified without a password

When trying to export a service configuration using the command export-service-config you might get the below error
Error while exporting service configuration: Unexpected error: javax.crypto.BadPaddingException: Given final block not properly padded

When trying to install a service on a node manager it fails and you might see the below error message in nm.log
The deployment failed with exception org.springframework.web.client.HttpServerErrorException: 500 Internal Server Error

In server.log on the Spotfire server you'll see the below error
Unable to provide the configuratonUnexpected error: javax.crypto.BadPaddingException: Given final block not properly padded

When trying to open an analysis file containing an information link you might get the below error, and it might also be seen in the server.log log file on the Spotfire server
An Internal Error has occurred. Illegal configuration: empty password

Cause
The cause of the error messages might be that the Spotfire server cannot decrypt the different parts of the data from the database as the encryption password has been changed.

Issue/Introduction

This article describes various symptoms when an encryption password is missing or does not match the one previously specified in TIBCO Spotfire Server

Resolution

The solution to the different scenarios is a two step process. You need to create a new bootstrap file using the Graphical Configuration tool or the bootstrap command and specify the old encryption password, but if any changes have been made to the Spotfire environment while the "wrong" encryption password was in place such as:

  • Creating/editing a data source requiring a password
  • Creating/editing any settings requiring a password in the Spotfire server configuration
  • Added/updated a deployment area

...then you need to redo/re-save the changes again once the encryption password is set to the old value. This is because these changes have been encrypted with the "wrong" password so if you revert back to the old encryption password you'll end up with the same errors for the things that was changed while the "wrong" password was in place.

If you do not know the old encryption password or do not want to recreate the bootstrap file, then you'll have to re-save all data sources and re-save the Spotfire server configuration so that all passwords can be saved in the database using the new encryption password.

To resolve the two errors mentioned below, you need to clear all your deployment areas and re-deploy all packages again once the desired encryption password is set. You can clear a deployment area using the Administration UI or via the command update-deployment


 

Additional Information