Applies To:
18.1.x and higher
Summary:
The following are possible validation errors that could be seen with each one of the Panes in the 'Venafi Configuration Console' MMC snap-in and how to resolve them.
Admin Account | |
Error | Resolution |
You must enter a name for the system administrator | Self-explanatory |
The passwords you entered do not match. Please try again. | Self-explanatory |
The administrator password cannot be empty | Self-explanatory |
Incorrect username or password. Please try again. | Either the username is not a Local administrator or the password for it was wrong |
Configure Server | |
Error | Resolution |
In order to save the configuration, a path/filename must be provided | The save answer file option was checked, but no path/file was specified |
To encrypt the configuration, a password must be provided | The encrypt checkbox for the answer file was checked, but no password was entered |
Database | |
Error | Resolution |
User name is missing | Self-explanatory |
Password is missing | Self-explanatory |
Host is missing | Self-explanatory |
Database name is missing | Self-explanatory |
Your database name may not contain any of these characters | We don’t allow [ ] ( ) { } \" ' , $ % * ? ; in database names - even though some of those characters are allowed when not the first char, or could be escaped. Not allowing them at all keeps things easier. |
A UPN username (user@domain) is required if Windows Authentication is used | Self-explanatory; for Windows Authentication we must have a full UPN |
Could not validate the database as user ‘x’; error: y | An exception occurred when trying to impersonate with the given username/password for talking to the DB |
The database you selected already has been populated with objects, but you selected 'First Time' installation. Please select a new database or go back to the 'Welcome' screen and select 'Add to existing installation' | Self-explanatory. There were already rows in config_contains |
The database you selected is new but you selected 'Add To Existing' installation. Please select a new database or go back to the 'Welcome' screen and select 'First Time Installation' | Self-explanatory. Found no rows in config_contains |
Could not impersonate user '" + scb.UserID + "' for database access permissions. Error: " + ex.Message | Trying to use the provided username and password to switch identities (for db communication) caused an error. |
Failed to query if tables contain data: <error> | Database verification failed; could not run query “SELECT TOP 1 Name from config_objects” or “select AttributeValue from config_contains where Attribute = 'Schema Version' and AttributeValue like @engineidentity;” |
Failed to query if Software encryption is used: <error> | Database verification failed; could not run query "SELECT TOP 1 AttributeValue from config_contains where Attribute='Generation Only' and AttributeValue=‘1'" |
Failed to query if HSM is used: <error> | Database verification failed; could not run query “select [config_objects].Name, [config_contains].[Attribute], [AttributeValue] from [config_contains] join config_objects on [config_contains].[GUID] = config_objects.GUID where [config_objects].ClassName = 'Pkcs11 Encryption Driver' order by Name, Attribute” |
Failed to query VeriGrams: <error> | Database verification failed; could not run query “select [config_objects].Name, [AttributeValue] from [config_contains] join config_objects on [config_contains].[GUID] = config_objects.GUID where [config_contains].Attribute = ‘VeriGram'” |
Failed to query 'Company Name’: <error> | Database verification failed; could not run query “select attributevalue from config_contains where guid in (select guid from config_objects where name = 'VED' and Parent = '\') and Attribute = 'Company Name’” |
Failed to query 'Operating Environment’: <error> | Database verification failed; could not run query “select attributevalue from config_contains where guid in (select guid from config_objects where name = 'ENGINES' and Parent = '\VED') and Attribute = 'Operating Environment’" |
Failed to query service broker status: <message>. The SQL Server Service Broker is required to be enabled. | Database verification failed; could not run query “SELECT is_broker_enabled FROM sys.databases WHERE name = @dbname” |
The SQL Server Service Broker is not enabled. Please contact your DBA and have enable it by running 'ALTER DATABASE {0} SET ENABLE_BROKER WITH ROLLBACK IMMEDIATE’; | Self-explanatory |
Failed to lookup version: <error> | Database verification failed; could not run query “ SELECT V1.ComponentName, V1.Major, V1.Minor, MAX(V1.BuildNum) AS BuildNum, V1.Stage, V1.TgtStage FROM db_schema_version V1 JOIN (SELECT V1.ComponentName, V1.Major, MAX(V1.Minor) AS Minor FROM db_schema_version V1 JOIN (SELECT ComponentName, MAX(Major) AS Major FROM db_schema_version GROUP BY ComponentName ) V2 ON V1.ComponentName = V2.ComponentName AND V1.Major = V2.Major GROUP BY V1.ComponentName, V1.Major ) V3 ON V1.ComponentName = V3.ComponentName AND V1.Major = V3.Major AND V1.Minor = V3.Minor WHERE V1.ComponentName != 'BASE' GROUP BY V1.ComponentName, V1.Major, V1.Minor, V1.Stage, V1.TgtStage” |
Component '{0}' version mismatch. Expected {1}.{2}, found {3}.{4} | Comparison of the file version of Venafi.InstallKit.dll ({1}.{2}) against the version stored in the DB ({3}.{4}) showed that the DB is not current |
Component '{0}' stage mismatch. Expected {1}, found {2} | The stage of the DB version is older than the stage number of Venafi.InstallKit.dll |
The database schema version is incorrect. Please contact your DBA and have them ensure the database has been properly set up before continuing. Error details: <details> | Details will be one of the above errors |
Invalid Connection String: <error> | Connection String (Expert option) parsing caused an error |
User name (UserID=) is missing | Connection String (Expert option) is missing this field |
Host (DataSource=) is missing | Connection String (Expert option) is missing this field |
Database (InitialCatalog=) name is missing | Connection String (Expert option) is missing this field |
A UPN username (user@domain) is required if Windows Authentication is used | Connection string had Integrated Security = true but the UserID was not a UPN name |
Hardware Encryption | |
Error | Resolution |
You must select (or create) a key to be used | The provided HSM configuration was valid, but no default key was selected. If none are listed, the “New Key” button allows to create and select one. |
No CryptokiDllPath set | Self-explanatory |
No key name set | Self-explanatory |
Failed to load Cryptoki DLL | Self-explanatory |
Invalid slot number | The provided slot number is higher than the number of slots the HSM has |
Could not access token | The selected slot does not have a valid token |
Could not open read/write session | The token did not allow read/write access |
Failed to connecto to HSM; error: <x> | <x> indicates the error returned from the HSM when trying to establish a session. X is usually a Pkcs#11 error |
Software Encryption | |
Error | Resolution |
You indicated use of a shared key. You must provide the key password and encrypted key in order to use a shared key. | Self-explanatory |
You must select at least one of the encryption choices. Either hardware or software (or both) must be chosen | Self-explanatory |
The key could not be decrypted. Please check the key and password and try again | Should not be seen, but if it happens, something without a specific error failed when verifying the key |
The key is not in the correct format. Please check the key and try again | Catch all error for failed validation of the pasted key. |
Failed to validate imported key. Please re-export the key and try again | The hash stored in the key blob does not match the computed hash. Most likely the key has been tampered with |
Failed to decrypt the key. Please check the password and try again | Decryption of the key with the given password failed. |
VeriGram is not valid; cannot validate import key | The VeriGram stored in the existing DB is not valid. This is when you call support. The VeriGram for the software key is retrieved when verifying the database. It should always be valid. |
Expected keyname does not match the import key | The name of the key in the existing DB does not match the name of the key being imported. |
Key verification failed. The encoded key does not match the expected key | The imported key is a valid key and matches the expected name. but it is not the same key material that’s used in the existing database. |
Environment | |
Error | Resolution |
Company name is required | Self-explanatory |
Deployment type selection is required | Self-explanatory |
Use Answer File | |
Error | Resolution |
The configuration file ‘x' does not exist | Self-explanatory |
Password to decode configuration file is required | The provided file appears to be encrypted (if the first 4 bytes of the file are either a UTF-8 BOM 0xef 0xbb and the char ‘<‘ or the chars “<?xm” the file is considered plaintext. Anything else is assumed to be encrypted). |
Comments