cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Changing the Secure User Store Encryption Key on SAP application server Hana client

andrew_greig
Explorer

on ‎07-15-2015 12:38 PM

0 Kudos

Hello,

I'm trying to change the encryption key used to encrypt connection information, including passwords, contained in the secure user store (hdbuserstore) on clients connecting to SAP HANA as recommended in the Hana Admin guide. In our case the clients are SAP BW application servers running under Windows.

The guide, which is the latest SPS 10 one, refers to paths <PROGRAMDATA>\.hdb\<COMPUTERNAME>\<SID> , but in our case we don't have a <SID> sub-directory. Instead we have multiple sub-directories based on the Windows user IDs for the <sid>adm and SAPService<SID> Windows accounts. We are running SPS 8 so maybe this is a version difference. I have an SPS 7 version of the admin guide but it made no reference to the process for changing a client secure store encryption key in there.

Anyway I attempted to follow the process described using our secure-store paths instead of the ones in the guide, and now when I list the hdbuserstore it appears to be empty, and when I try and add something I get an error (server names etc.. removed) :

Error 91005: Secure store call failed: Key file "C:\ProgramData\.hdb\XXXXXXXX\....\SSFS_HDB.KEY" has wrong type code

Has anyone any idea what the problem might be ?

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

martin_kittel
Advisor
Advisor
‎07-16-2015 3:29 PM
0 Kudos

Hi Andrew,

which version of the rsecssfx tool did you use to change the key of the hdbuserstore files? There was a change in the way the key files are handled and if you used a recent version of rsecssfx there is a possibility that your hdbuserstore version cannot handle the new format.

Best wishes,

Martin.

Show replies
Show replies
andrew_greig
Explorer
‎07-16-2015 3:50 PM
0 Kudos

Hello Martin, I used the version that came with the 7.42 patchlevel 28 SAP Kernel that we have on the SAP BW system app-servers where I'm trying to change the key. Do I need to find an earlier version from somewhere ?

Thanks.

martin_kittel
Advisor
Advisor
‎07-17-2015 8:05 AM
0 Kudos

Hi Andrew,

yes, you will need an earlier version of the rsecssfx. I cannot tell for certain but it seems that anything <= 7.40 should do.

We will try and provide an updated version of the hdbuserstore with one of the next revisions that can also handle the key format in current NetWeaver releases.

Best wishes,

Martin.

Former Member
‎07-15-2015 5:30 PM
0 Kudos

Hi Andrew,

can you first delete it by >hdbuserstore delete default

then

>hduserstore list -> check it if it is empty

and then try to add

have you tried it ?

Regards,

Pavan Gunda

Show replies
Show replies
Ask a Question