on 07-15-2015 12:38 PM
Hello,
I'm trying to change the encryption key used to encrypt connection information, including passwords, contained in the secure user store (hdbuserstore) on clients connecting to SAP HANA as recommended in the Hana Admin guide. In our case the clients are SAP BW application servers running under Windows.
The guide, which is the latest SPS 10 one, refers to paths <PROGRAMDATA>\.hdb\<COMPUTERNAME>\<SID> , but in our case we don't have a <SID> sub-directory. Instead we have multiple sub-directories based on the Windows user IDs for the <sid>adm and SAPService<SID> Windows accounts. We are running SPS 8 so maybe this is a version difference. I have an SPS 7 version of the admin guide but it made no reference to the process for changing a client secure store encryption key in there.
Anyway I attempted to follow the process described using our secure-store paths instead of the ones in the guide, and now when I list the hdbuserstore it appears to be empty, and when I try and add something I get an error (server names etc.. removed) :
Error 91005: Secure store call failed: Key file "C:\ProgramData\.hdb\XXXXXXXX\....\SSFS_HDB.KEY" has wrong type code
Has anyone any idea what the problem might be ?
Thanks.
Hi Andrew,
which version of the rsecssfx tool did you use to change the key of the hdbuserstore files? There was a change in the way the key files are handled and if you used a recent version of rsecssfx there is a possibility that your hdbuserstore version cannot handle the new format.
Best wishes,
Martin.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andrew,
yes, you will need an earlier version of the rsecssfx. I cannot tell for certain but it seems that anything <= 7.40 should do.
We will try and provide an updated version of the hdbuserstore with one of the next revisions that can also handle the key format in current NetWeaver releases.
Best wishes,
Martin.
Hi Andrew,
can you first delete it by >hdbuserstore delete default
then
>hduserstore list -> check it if it is empty
and then try to add
have you tried it ?
Regards,
Pavan Gunda
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.