Missing $HVR_CONFIG/wallet Directory or File

Issue

The $HVR_CONFIG/wallet directory or a file inside the $HVR_CONFIG/wallet directory is missing.

In addition, while running the hvrhubserver command, the following errors appear

• F_JW0559: Error contacting configured repository: F_JR0EA1: Cannot find wallet encryption key with sequence 1.
• F_JR0EA8: The previous error occurred while decrypting a value encrypted with key sequence 1.
• F_JR05C4: The previous error occurred while decrypting without a cached wallet.
• F_JR057A: The previous error occurred while connecting to the repository.
• F_JW0513: The previous error occurred during start of worker 'w0'.

If the hvrhubserver command is still running and an hvrtestlocation command is complete, the following errors appear:

• F_JR0E95: Could not open encryption wallet. Reason: Reading Encryption_Password_Filename=<password file>.cred resulted in an error.
• F_JG20CD: Open of file '/home/hverheul/dev/jhvma_6022/hvr_config/wallet/<password file>.cred' for operation 'read' failed. Error: No such file or directory.}
• F_JR0E99: Encrypting or decrypting a value requires encryption wallet to be already open.

If the hvrhubserver command is still running and a suspended job begins, the following errors appear:

• F_JR0EA1: Cannot find wallet encryption key with sequence 1.
• F_JR0EA8: The previous error occurred while decrypting a value encrypted with key sequence 1.
• F_JR05C4: The previous error occurred while decrypting without a cached wallet.
• F_JR057A: The previous error occurred while connecting to the repository.

Environment

• OS: Windows or Linux
• HVR 6
• hvragent using only an anonymous connection.

Resolution

To resolve this issue, do the following:

1. Stop hvrhubserver.
2. Run the following command from the hvrhubserver repository:

   delete from hvr_repos_property where prop_name='Wallet';
   

3. Modify $HVR_CONFIG/etc/hvrhubsever.conf, replacing the encrypted Database_Password value with the repository password.
4. Start hvrhubserver.
5. Run hvrssslgen to create a private key and public certificate, which you can use to configure the repository. Use the following command:

   hvrsslgen hub 'hub'
   

6. Update the repository with the public certificate, private key, and private key password returned in step 5. You can use the following command:

   hvrreposconfig Agent_Client_Public_Certificate=@hub.pub_cert Agent_Client_Private_Key=@hub.priv_key Agent_Client_Private_Key_Password=<passwd from hvrsslgen output>
   

7. To ensure the hvragent can be configured with the new public certificate, get the Agent_Client_Public_Certificate from the repository using the following command:

   hvrreposconfig Agent_Client_Public_Certificate
   

8. Update the hvragent configuration to trust the new certificate from the hvrhubserver using the following command:

   hvragentconfig Only_From_Client_Public_Certificates='{"<hubserver>:<port>/":"<the value from previous command>"}'
   

9. Clear the old repository certificate for locations that use the hvragent by running the following command:

   hvrlocationconfig <hub> <location> Agent_Server_Public_Certificate=
   

10. Update the location(s) to include the plain text password. This ensures the password is obfuscated correctly and no longer depends on the deleted encryption key. Use the following command:

    hvrlocationconfig <hub> <location> Database_Password=<plain password>
    

11. Run Activate Replication with the Jobs option selected.
12. Ensure the hvrhubserver repository doesn't return the plain password using the following command:

    hvrhubserverconfig Database_Password=<the password>
    

Once you've completed the steps above, the Database_Password returned by the hvrhubserverconfig -Vstorage and hvrlocationconfig -Vstorage <hub> <location> commands will be obfuscated and will not use encryption.

(Optional) Re-enable the hvrwallet

To re-enable the hvrwallet, do the following:

1. Enable the wallet using the following command. You can ignore any errors you encounter.

   hvrwalletconfig -c Type=SOFTWARE Auto_Open=true
   

2. Ensure the hvrhubserver repository returns the new encryption key using the following command:

   hvrhubserverconfig Database_Password=<the plain password>
   

3. Ensure the repository also uses the new encryption key by modifying the location Database_Password using the following command:

   hvrlocationconfig <hub> <location> Database_Password=<password>
   

4. To check whether the encryption key is used, execute one of the following commands:
   • For a location:

     hvrlocationconfig -Vstorage <hub> <location> Database_Password
     

   • Using SQL:

     select loc_name,hub_name,prop_value,insert_tstamp from hvr_location_property where prop_name='Database_Password' and delete_tstamp is null;
     

   • For the hvrhubserver repository:

     hvrhubserverconfig -Vstorage Database_Password
     

The output should include an encrypted value, such as {1:OFjsm70i5fXoKZJtS9/adVehOA}, indicating that wallet encryption key 1 in use.