Follow

Errors: Venafi Configuration Console Validation Errors

Applies To:

18.1.x and higher

Summary:

The following are possible validation errors that could be seen with each one of the Panes in the 'Venafi Configuration Console' MMC snap-in and how to resolve them.

 

Admin Account
Error Resolution
You must enter a name for the system administrator Self-explanatory
The passwords you entered do not match. Please try again. Self-explanatory
The administrator password cannot be empty Self-explanatory
Incorrect username or password. Please try again. Either the username is not a Local administrator or the password for it was wrong

 

Configure Server
Error Resolution
In order to save the configuration, a path/filename must be provided The save answer file option was checked, but no path/file was specified
To encrypt the configuration, a password must be provided The encrypt checkbox for the answer file was checked, but no password was entered

 

Database
Error Resolution
User name is missing Self-explanatory
Password is missing Self-explanatory
Host is missing Self-explanatory
Database name is missing Self-explanatory
Your database name may not contain any of these characters We don’t allow [ ] ( ) { } \" ' , $ % * ? ; in database names - even though some of those characters are allowed when not the first char, or could be escaped. Not allowing them at all keeps things easier.
A UPN username (user@domain) is required if Windows Authentication is used Self-explanatory; for Windows Authentication we must have a full UPN
Could not validate the database as user ‘x’; error: y An exception occurred when trying to impersonate with the given username/password for talking to the DB
The database you selected already has been populated with objects, but you selected 'First Time' installation. Please select a new database or go back to the 'Welcome' screen and select 'Add to existing installation' Self-explanatory. There were already rows in config_contains
The database you selected is new but you selected 'Add To Existing' installation. Please select a new database or go back to the 'Welcome' screen and select 'First Time Installation' Self-explanatory. Found no rows in config_contains
Could not impersonate user '" + scb.UserID + "' for database access permissions. Error: " + ex.Message Trying to use the provided username and password to switch identities (for db communication) caused an error.
Failed to query if tables contain data: <error> Database verification failed; could not run query “SELECT TOP 1 Name from config_objects” or “select AttributeValue from config_contains where Attribute = 'Schema Version' and AttributeValue like @engineidentity;”
Failed to query if Software encryption is used: <error> Database verification failed; could not run query "SELECT TOP 1 AttributeValue from config_contains where Attribute='Generation Only' and AttributeValue=‘1'"
Failed to query if HSM is used: <error> Database verification failed; could not run query “select [config_objects].Name, [config_contains].[Attribute], [AttributeValue] from [config_contains] join config_objects on [config_contains].[GUID] = config_objects.GUID where [config_objects].ClassName = 'Pkcs11 Encryption Driver' order by Name, Attribute”
Failed to query VeriGrams: <error> Database verification failed; could not run query “select [config_objects].Name, [AttributeValue] from [config_contains] join config_objects on [config_contains].[GUID] = config_objects.GUID where [config_contains].Attribute = ‘VeriGram'”
Failed to query 'Company Name’: <error> Database verification failed; could not run query “select attributevalue from config_contains where guid in (select guid from config_objects where name = 'VED' and Parent = '\') and Attribute = 'Company Name’”
Failed to query 'Operating Environment’: <error> Database verification failed; could not run query “select attributevalue from config_contains where guid in (select guid from config_objects where name = 'ENGINES' and Parent = '\VED') and Attribute = 'Operating Environment’"
Failed to query service broker status: <message>. The SQL Server Service Broker is required to be enabled. Database verification failed; could not run query “SELECT is_broker_enabled FROM sys.databases WHERE name = @dbname”
The SQL Server Service Broker is not enabled. Please contact your DBA and have enable it by running 'ALTER DATABASE {0} SET ENABLE_BROKER WITH ROLLBACK IMMEDIATE’; Self-explanatory
Failed to lookup version: <error> Database verification failed; could not run query “
SELECT V1.ComponentName, V1.Major, V1.Minor, MAX(V1.BuildNum) AS BuildNum, V1.Stage, V1.TgtStage
FROM db_schema_version V1
JOIN (SELECT V1.ComponentName, V1.Major, MAX(V1.Minor) AS Minor
FROM db_schema_version V1
JOIN (SELECT ComponentName, MAX(Major) AS Major
FROM db_schema_version
GROUP BY ComponentName
) V2
ON V1.ComponentName = V2.ComponentName AND V1.Major = V2.Major
GROUP BY V1.ComponentName, V1.Major
) V3
ON V1.ComponentName = V3.ComponentName AND V1.Major = V3.Major AND V1.Minor = V3.Minor
WHERE V1.ComponentName != 'BASE'
GROUP BY V1.ComponentName, V1.Major, V1.Minor, V1.Stage, V1.TgtStage”
Component '{0}' version mismatch. Expected {1}.{2}, found {3}.{4} Comparison of the file version of Venafi.InstallKit.dll ({1}.{2}) against the version stored in the DB ({3}.{4}) showed that the DB is not current
Component '{0}' stage mismatch. Expected {1}, found {2} The stage of the DB version is older than the stage number of Venafi.InstallKit.dll
The database schema version is incorrect. Please contact your DBA and have them ensure the database has been properly set up before continuing. Error details: <details> Details will be one of the above errors
Invalid Connection String: <error> Connection String (Expert option) parsing caused an error
User name (UserID=) is missing Connection String (Expert option) is missing this field
Host (DataSource=) is missing Connection String (Expert option) is missing this field
Database (InitialCatalog=) name is missing Connection String (Expert option) is missing this field
A UPN username (user@domain) is required if Windows Authentication is used Connection string had Integrated Security = true but the UserID was not a UPN name

 

Hardware Encryption
Error Resolution
You must select (or create) a key to be used The provided HSM configuration was valid, but no default key was selected. If none are listed, the “New Key” button allows to create and select one.
No CryptokiDllPath set Self-explanatory
No key name set Self-explanatory
Failed to load Cryptoki DLL Self-explanatory
Invalid slot number The provided slot number is higher than the number of slots the HSM has
Could not access token The selected slot does not have a valid token
Could not open read/write session The token did not allow read/write access
Failed to connecto to HSM; error: <x> <x> indicates the error returned from the HSM when trying to establish a session. X is usually a Pkcs#11 error

 

Software Encryption
Error Resolution
You indicated use of a shared key. You must provide the key password and encrypted key in order to use a shared key. Self-explanatory
You must select at least one of the encryption choices. Either hardware or software (or both) must be chosen Self-explanatory
The key could not be decrypted.  Please check the key and password and try again Should not be seen, but if it happens, something without a specific error failed when verifying the key
The key is not in the correct format.  Please check the key and try again Catch all error for failed validation of the pasted key.
Failed to validate imported key.  Please re-export the key and try again The hash stored in the key blob does not match the computed hash. Most likely the key has been tampered with
Failed to decrypt the key.  Please check the password and try again Decryption of the key with the given password failed. 
VeriGram is not valid; cannot validate import key The VeriGram stored in the existing DB is not valid. This is when you call support. The VeriGram for the software key is retrieved when verifying the database. It should always be valid.
Expected keyname does not match the import key The name of the key in the existing DB does not match the name of the key being imported. 
Key verification failed. The encoded key does not match the expected key The imported key is a valid key and matches the expected name. but it is not the same key material that’s used in the existing database.

 

Environment
Error Resolution
Company name is required Self-explanatory
Deployment type selection is required Self-explanatory

 

Use Answer File
Error Resolution
The configuration file ‘x' does not exist Self-explanatory
Password to decode configuration file is required The provided file appears to be encrypted (if the first 4 bytes of the file are either a UTF-8 BOM 0xef 0xbb and the char ‘<‘ or the chars “<?xm” the file is considered plaintext. Anything else is assumed to be encrypted).

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments