יום שישי, 5 באפריל 2013

SBL-SVC-00163



Applies to:


Siebel System Software - Version: 7.8.2.4 SIA [19224] and later   [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)

Product Release: V7 (Enterprise)

Version: 7.8.2.4 [19224] FRA Fin Svcs

Database: Oracle 10.1.0.4

Application Server OS: Sun Solaris 10

Database Server OS: Sun Solaris 10



This document was previously published as Siebel SR 38-3275864281.



Symptoms


We want to encrypt the CTI users password that is stored into Siebel Oracle database :
-> BusComp CommSrv CM Agent General Profile / Field Password
-> Table S_USER / Column CTI_PWD

To
perform the requirement, we intend to follow instructions from
Bookshelf 'Security Guide' / 'Communication & Data Encryption'. But
we are not sure about the roadmap, so could you please confirm that the
above mentionned steps are correct and necessary :

1. Turn on Encryption for BusComp fields
    -> Create column S_USER.X_CTIPWD_ENCRPKEY_REF as Varchar30
    -> Create fields in CommSrv CM Agent General Profile
        -> I1_CTI Password Key Index = S_USER.X_CTIPWD_ENCRPKEY_REF
        -> I1_CTI Password Read Only = Calc field w/o calculated Value (as it is defined in Quote BusComp)
    -> Add User Properties for Password field
        -> Encrypted = Y
        -> Encrypt Service Name = RC2 Encryption
        -> Encrypt Key Field = I1_CTI Password Key Index
        -> Encrypt Read Only Field = I1_CTI Password Read Only

2. Run Key Database Manager

Are the steps, and their order, correct ? Do we miss some step or add unnecessary steps ?
We would like to secure this encryption operation because we fear some regressions in our development environment...




Cause


For the benefits of the others:

Customer's configuration was correct, however he run into the following issue when running the keydbmgr utility:
keydbmgr /u sadmin /p sadmin /l enu /c /devapp/FR/siebelfr/current/siebsrvr/bin/fra/fins.cfg

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>2
Please enter the seed for a new key generation:PIPOPIPO

A new key has been added successfully.

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>3
Updating key database...

Error: Fail to complete the key cache version updating operation.
Cleaning up... this may take a while.

Here is what was in the keydbmgr.log:

2021
2007-02-15 19:56:00 2007-02-15 19:56:02 +0100 00000003 001 003f 0001 09
keydbmgr 11031 1 /devapp/FR/siebelfr/7.8.2/siebsrvr/log/keydbmgr.log
7.8.2.4 [19224] ENU
GenericLog GenericError 1 0 2007-02-15 19:56:00
(sasess.cpp (701) err=1801004 sys=901043) SBL-NET-01004: Internal:
invalid connect string (DB instance)
GenericLog GenericError 1 0
2007-02-15 19:56:00 (sasess.cpp (701) err=901043 sys=0) SBL-ADM-01043:
Server connect string is stale, desired server not available
After
some testing in my environment I was able to reproduce the error.
However even though I get the error " Error: Fail to complete the key
cache version updating operation" when I try to add a key, the key is
added successfully and encryption is working.

Bug 10513048 has been logged for this error.



Solution





However, encryption was not working for the customer, so he was advised to check the following:
1. When running keydbmgr, that there gateway server is up and running
2. Data Source in the configuration file used by the keydbmanager has the correct connection information.
3. That all parameters in the cfg file (DataSource, ClientRootDir , Gateway) are correct.
4. Change the DataSourceName in the cfg file (customer had it set toLocal):
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = ServerDataSrc

After making changes to the cfg file, as per above, the data encryption started working.


Bug 10513048 has been resolved in Siebel 8.0.








Applies to:


Siebel CRM - Version 7.8.2.5 SIA [19227] to 8.2.2 SIA[22320] [Release V7 to V8]
Information in this document applies to any platform.



Symptoms



On : 7.8.2.5 SIA [19227] version, Security / Authentication

When attempting to run keydbmgr utility
the following errors occur:

ERROR
-----------------------
SBL-SEC-10001: An internal error has occurred within the authentication subsystem for siebel application
SBL-SEC-10018: A Siebel local database error has occurred possibly the database name is invalid.
SBL-DAT-00522: Unable to start the database server.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. run keydbmgr utility using the following command:
keydbmgr /u sadmin /p sadmin /l enu /c E:\sea78\siebsrvr\BIN\enu\fins.cfg
2. In fins.cfg you should have:
[Siebel]
...
DataSource = $(DefaultDataSource)
...
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = Local


BUSINESS IMPACT
-----------------------

Due to this issue, users cannot implement data encryption.



Cause



The issue is caused by the following setup:
-You used
fins.cfg file which keydbmgr reads to get all the connection information
(ServerDbODBCDataSource, ConnectString,$(GatewayAddress),
$(EnterpriseServer)).
However, those values were not set to the real values, and that is why the utility returns error.






Solution



To resolve the issue:
1. Open fins.cfg (one you use when running keydbmgr utility)
2. Set the following parameters to the correct values:
DataSource, ServerDbODBCDataSource, ConnectString,$(GatewayAddress), $(EnterpriseServer)
3. Rerun keydbmgr utility.

Note:
The error you are getting when exiting from keydbmgr is:
“Error: Fail to complete the key cache version updating operation.”
Change
Request #10502873 has been logged for this error and the problem does
not appear in Siebel 8.0. Since the keyfile.bin gets updated, the error
is benign and can be ignored.
This is described in document: Data Encryption (Doc ID 490017.1).



אין תגובות:

הוסף רשומת תגובה