Qlik Sense Enterprise on Windows: Repository error Fatal exception during startup Attempted to perform an unauthorized operation

Alexis_Touet · Feb 6, 2023 9:24:33 AM

Your Qlik Sense Enterprise on Windows environment suddenly stopped working. When checking the Qlik Sense windows services, you are observing Qlik Sense Repository is stopped whilst the other is running fine. You try to start the Qlik Sense Repository service but it keeps on stopping after a few seconds.

The System_Repository log (%ProgramData%\Qlik\Sense\Log\Repository\Trace\YourServerName_System_Repository.txt) shows the following error:

115 20220302T083819.725+0100 ERROR qlikserver1.domain.local System.Repository.Repository.QRSMain 6 3266cf81-5a37-4d34-b74f-70a6fc225764 domain\qvservice Fatal exception during startup Attempted to perform an unauthorized operation.   at System.Security.Cryptography.Utils.SetKeySetSecurityInfo(SafeProvHandle hProv, CryptoKeySecurity cryptoKeySecurity, AccessControlSections accessControlSections)↵↓   at System.Security.Cryptography.Utils.GetKeyPairHelper(CspAlgorithmType keyType, CspParameters parameters, Boolean randomKeyContainer, Int32 dwKeySize, SafeProvHandle& safeProvHandle, SafeKeyHandle& safeKeyHandle)↵↓   at System.Security.Cryptography.RSACryptoServiceProvider.GetKeyPair()↵↓   at System.Security.Cryptography.RSACryptoServiceProvider..ctor(Int32 dwKeySize, CspParameters parameters, Boolean useDefaultKeySize)↵↓   at Qlik.Sense.Communication.Security.Certificates.DotNetCert.SetPrivateKeyAccess(IdentityReference identityReference)↵↓   at Repository.Core.Bootstrap.RepositoryBootstrapper.Install(BootstrapState bootstrapState)↵↓   at Repository.Core.Bootstrap.BootstrapHandler.Install(BootstrapState bootstrapState)↵↓   at Repository.Core.Bootstrap.BootstrapHandler.Bootstrap(BootstrapState bootstrapState)↵↓   at Repository.QRSMain.Bootstrap()↵↓   at Repository.QRSMain.Main()↵↓   at Repository.QRSMain.Run(String[] args, Action`1 terminate) 3266cf81-5a37-4d34-b74f-70a6fc225764

The Windows Application log also prints this McAfee error at the same time you try starting the repository service:

Event: 3  McAfee Endpoint security

EventID= 18060 

Domain\qvservice ran Qlik\sense\repository\repository.exe, which tried to access C:\programdata\microsoft\crypto\RSA\MachineKeys\<Some GUID> , violating the rule "Malware Behavior: Windows EFS abuse", and was blocked. For information about how to respond to this event, see KB85494

Environment

Qlik Sense Enterprise on Windows

Resolution

To mitigate the problem as soon as possible, please reach out to your Internal IT team in charge of administering McAfee and request them to disable the exploit prevention on McAfee - You could set up a new container in McAfee, add all your Qlik Sense servers, and set a policy to disable the exploit prevention.

A longer-term solution is to investigate with the vendor why this error suddenly came in and make sure all Qlik Services (processes) are excluded from any security software scan.