Troubleshooting Hub Encryption Wallet

The section describes various issues you may encounter related to the hub encryption wallet, and the workaround for resolving them.

Location Connection Failure After Force Disabling the Encryption Wallet

After force disabling the encryption wallet using the command hvrwalletconfig -fd, error messages about redacted values may be encountered.

SC-Hvr-Troubleshooting-Wallet-DBPasswordRedacted_Error.png

More Error Messages

The following error messages are displayed only whenFew more error messages that may be displayed when values are redacted after force disabling the encryption wallet.

SC-Hvr-Troubleshooting-Wallet-AgentPasswordRedacted_Error.png

SC-Hvr-Troubleshooting-Wallet-TestLocationFailed_AgentClient_Error.png

TLS Error Messages

The following error messages are displayed only when locations are configured with HVR Agent and the encryption wallet is force disabled.

Root cause: When force disabling a wallet that is in use, all encrypted passwords and keys will be redacted automatically.

Resolution: To resolve this problem, update the redacted location passwords. Also, for locations configured with HVR Agent, all keys and certificates must be regenerated and then the corresponding repository properties must be updated with new values.

If the location has agent connection configured, update the keys and certificates, else skip to step 2,
1. Create a new SSL certificate and key using the command hvrsslgen (this must be executed on the machine where the HVR Hub System is installed):
```
hvrsslgen basename "Subject"
```
  This command will generate a Public Certificate (basename.pub_cert) and a Private Key (basename.priv_key) files. The command output will also display the Private Key Password, which is required in the next step.
2. Update the following repository properties - Agent_Client_Public_Certificate, Agent_Client_Private_Key, and Agent_Client_Private_Key_Password using the command hvrreposconfig:
```
hvrreposconfig Agent_Client_Public_Certificate=@basename.pub_cert Agent_Client_Private_Key=@basename.priv_key Agent_Client_Private_Key_Password=Private_Key_Password
```
3. If access to the agent is limited to certain hub system(s), the client public certificate (Agent_Client_Public_Certificate) of the hub system must be regenerated and updated in the agent property Only_From_Client_Public_Certificates. This can be done either from CLI or UI:
1. Create a public certificate file of the hub system; execute the command hvrreposconfig on the hub machine that needs to be added to the allowed list:
  Linux:
```
hvrreposconfig 'Agent_Client_Public_Certificate>@file_name.pub_cert'
```
  Windows:
```
hvrreposconfig "Agent_Client_Public_Certificate>@file_name.pub_cert"
```
2. Copy the public certificate file (file_name.pub_cert) to the agent machine.
3. Add the public certificate file of the hub system to the allowed list; execute the command hvragentconfig on the agent machine:
  Direct CLI:
```
hvragentconfig Only_From_Client_Public_Certificates.identifier=@file_name.pub_cert
```
  Remote CLI:
```
hvragentconfig -Rurl -hhub -ragent_host:port -Lagent_username/password Only_From_Client_Public_Certificates.identifier=@file_name.pub_cert
```
  identifier may be replaced with the actual name of the hub (e.g. myhub1) or any name/text to easily identify the allowed hub.
4. To verify that the public certificate file of the hub system is added to the allowed list, execute the command hvragentconfig on the hub machine:
```
hvragentconfig -hhub -ragent_host:port -Lagent_username/password Only_From_Client_Public_Certificates
```
If the public certificate file of the hub system is successfully added to the allowed list, the command output will display the name and the certificate.
In the Location Details page, click Replace Redacted Properties and update the redacted passwords (e.g, Database Password, Agent Password) in the All Location Properties dialog.
Click Save.

Lost/Corrupted Auto-open Password File or Error: Could Not Open Encryption Wallet

The following error may be displayed when the wallet's auto-open password file is lost/corrupted: SC-Hvr-Troubleshooting-Wallet-CouldNotOpenEncryptionWallet_Error.png

To resolve this problem, the wallet's auto-open password file (Encryption_Password_Filename shown in the error message) must be re-created.

To fix this issue you must know the wallet password.
If the wallet password is not known, then the only solution is to force disable the wallet using hvrwalletconfig -fd and then perform the recovery procedure mentioned in section Location Connection Failure After Force Disabling of Wallet.

Re-create the auto-open password file (e.g. 613b43f8.cred) using the command hvrcrypt:
```
hvrcrypt -W > /home/hvruser/hvr_config/wallet/613b43f8.cred
```
Supply the wallet password when prompted.