Solved

Error message appeared during the upgrade to K2 5.6 Unable to validate encryption

  • 22 April 2023
  • 4 replies
  • 429 views
V
Badge +2

We encountered an error message when upgrading to K2 5.2 to 5.6.

 

Unable to validate encryption. Reconfigure K2 from the Start Menu, if the problem persists see https://community.nintex.com/t5/Technical-Issues/Commands-to-update-K2-Database:

encryption/ta-p/123784 for more information.

 

Even after reconfigure, the issue persists.

Has anyone else encountered the same issue?

 

 

icon

Best answer by Vincent_SCTW 27 April 2023, 07:11

View original

4 replies

P
Userlevel 2
Badge +7

Look, I may have seen it at some point, but I can't remember the details now.
If you're upgrading from K2 Five 5.2 to K2 Five 5.6, it's better not to make such a big jump between versions, but gradually, from 5.2 to 5.3, 5.4, 5.5 to 5.6.
For me, it goes through better gradually. Also, if you have a June 2022 CU on K2 Five 5.2, then skip K2 Five 5.3 and go straight to 5.4, there's a problem there, and I failed.

Good luck and fingers crossed.

T
Userlevel 3
Badge +10

Did you move the K2 database to another SQL instance during this upgrade?  If the SQL Service Master does not match between old SQL and new SQL server, you will usually need to run the following query against K2 database so that encrypted data can still be decrypted:

USE K2
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX';
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
GO

*you can log support case to retrieve password

Does the Installer Trace log also indicate any more details as what went wrong?

If neither helps, consider logging a support case.

V
Badge +2

Did you move the K2 database to another SQL instance during this upgrade?  If the SQL Service Master does not match between old SQL and new SQL server, you will usually need to run the following query against K2 database so that encrypted data can still be decrypted:

USE K2
OPEN MASTER KEY DECRYPTION BY PASSWORD = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX';
ALTER MASTER KEY ADD ENCRYPTION BY SERVICE MASTER KEY
CLOSE MASTER KEY
GO

*you can log support case to retrieve password

Does the Installer Trace log also indicate any more details as what went wrong?

If neither helps, consider logging a support case.

We have tested the following three methods:

  1. Upgrading from original sql instance , which resulted in errors.
  2. Upgrading to a new sql instance , which also resulted in errors.
  3. Upgrading to version 5.3 on a new sql instance  worked fine, but when we further upgraded to version 5.6, we encountered errors again.

We also tried generating a new scsso key after upgrading to a new sql instance machine,

but the errors persisted.

We will now ask the customer to contact support directly.

 

V
Badge +2

Thank @TinTex for the suggestion to check the installer log file. 

This is the information that I found in the log file.

 12:33:51:>> DBQuery.RunQueryRetryable: Logged Special: Query: OPEN SYMMETRIC KEY [SCSSOKey] DECRYPTION BY CERTIFICATE [SCHostServerCert]; CLOSE SYMMETRIC KEY [SCSSOKey];
          12:33:51:>> DBQuery.RunQueryRetryable: Return 0 results
          12:33:51:>> EncryptionValidation.Validate: Master key is open
          12:33:51:>> DBQuery.RunQueryRetryable: Logged Special: Query: OPEN SYMMETRIC KEY [SCSSOKey] DECRYPTION BY CERTIFICATE [SCHostServerCert];
                                               SELECT [VariableToken], [VariableValue] as [Encrypted], CONVERT(NVARCHAR(MAX), DecryptByKey([VariableValue])) as [Decrypted]
                                               FROM [HostServer].[Configuration] WHERE [Encrypted] = '1'
                                               ORDER BY 1;
                                               CLOSE SYMMETRIC KEY [SCSSOKey];
          12:33:51:>> DBQuery.RunQueryRetryable: Return 7 results
          12:33:51:>> EncryptionValidation.LogUndecryptableVariables: The following install variables could not be decrypted, reconfigure the current install to fix them: 
          12:33:51:>> EncryptionValidation.LogUndecryptableVariables: [K2HOSTCONNECTIONSTRING_SYSTEM]
          12:33:51:>> Global.ShowAdvancedMsgBox: ==========================================
          12:33:51:>> Global.ShowAdvancedMsgBox: 
          12:33:51:>> Global.ShowAdvancedMsgBox: Type:    Failure
          12:33:51:>> Global.ShowAdvancedMsgBox: Title:   Encryption Validation
          12:33:51:>> Global.ShowAdvancedMsgBox: Content: Unable to validate encryption.  Reconfigure K2 from the Start Menu, if the problem persists see https://community.nintex.com/t5/Technical-Issues/Commands-to-update-K2-Database-encryption/ta-p/123784 for more information.
          12:33:51:>> Global.ShowAdvancedMsgBox: Link:    Unable to validate encryption.  Reconfigure K2 from the Start Menu, if the problem persists see https://community.nintex.com/t5/Technical-Issues/Commands-to-update-K2-Database-encryption/ta-p/123784 for more information.
          12:33:51:>> Global.ShowAdvancedMsgBox: Options:    [OK]
          12:33:51:>> Global.ShowAdvancedMsgBox: 
          12:33:51:>> Global.ShowAdvancedMsgBox: ==========================================
          12:35:18:>> Global.ShowAdvancedMsgBox: OK selected

I found “[K2HOSTCONNECTIONSTRING_SYSTEM]” was not Encrypted.

Then I manually updated the  “[K2HOSTCONNECTIONSTRING_SYSTEM]”   [Encrypted] column to 0 , and now the installation program can continue to run.

Reply


View our Community Site Map

Nintex Community Sitemap
Terms & ConditionsCookie settings