Skip to main content

How did we solve "RPA DB failed to populate" issue in BGL with 19.5.1

Knowledge share by Oren

 

Configuration: Single machine, user password, SQL express 2017 was installed manually on the same machine, no TLS.

The symptom:

Installation completes, RPA DB is empty, Authentication DB is populated correctly.

Digging into logs, found the following error:

 

SqlSearch: Executing SQL query 'SELECT CAST(HAS_PERMS_BY_NAME(QUOTENAME('Keycloak'), 'DATABASE', 'ANY') AS VARCHAR)'. Server='PEG-RPAAPPDEV02', Instance='SQLEXPRESS', Database='', User='sa'. Will place results in property 'ab_sql_db_exists'

SqlSearch: Error 0x80004005: Failed to initialize connection to Server='PEG-RPAAPPDEV02SQLEXPRESS', Database='', User='sa'. SSL Security error.

SqlSearch: Error 0x80004005: Failed connecting to database

CustomAction SqlSearch returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

 

As we were totally not familiar with this error, we tried to google it.

The first solution was to try to install OLEDB v18 driver (as the installation is using OLEDB driver to connect to the DB). It did not help.

 

Then we come across (from one link to another) with this article:

https://www.sqlnethub.com/blog/dbnetlib-connectionopen-secdoclienthandshake-ssl-security-error-resolve/

 

it says that for OLD versions of SQL server (before 2016) it was required to enable TLS 1.0 (!), yes - the old and not secured one, to overcome this error.

to do that, need to do the following changes in the registry:

:HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Server]

“Enabled”=dword:00000001

“DisabledByDefault”=dword:00000000

 

0HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSecurityProvidersSCHANNELProtocolsTLS 1.0Client]

“Enabled”=dword:00000001

“DisabledByDefault”=dword:00000000

 

 

We used SQL Server 2017, and SQL was not configured to use TLS, so it looked not relevant, but we were out of ideas, so we tried.

 

So we need to open RegEdit tool to do that, right?

Well - No permissions to run RegEdit tool from remote. Great.

 

But there are permissions to download whatever we want from the internet. Make sense. Thanks god for that.

So we downloaded the following tool (recommended in the article in the above link):

https://www.nartac.com/Products/IISCrypto/

25701iECD140369C0B49A9.png

 

 

We enabled "TLS 1.0" on server and client sections.

The article recommends to enbale "SHA" Hash, but it was already enabled.

 

After applying the tool required a reboot.

installing after the reboot – surprisingly all worked! ?

problem solved.

 

 

for next version we will do this registry change (enable TLS 1.0) in the installation automatically. 

Be the first to reply!

Reply