Qlik Community

Knowledge

Search or browse our knowledge base to find answers to your questions ranging from account questions to troubleshooting error messages. The content is curated and updated by our global Support team

Announcements
QlikWorld 2022, LIVE in Denver CO., May 16-19, 2022. REGISTER NOW TO RECEIVE EARLY BIRD PRICING

Repository System Log Shows Error "Not possible to decrypt encrypted string in database"

Andre_Sostizzo
Digital Support
Digital Support

Repository System Log Shows Error "Not possible to decrypt encrypted string in database"


Qlik Sense cannot be accessed and used as expected. Qlik Sense Repository System logs shows error: 

...
Not possible to decrypt encrypted string in database; this is probably due to the secrets key on server certificate has been changed and the old database value hasn't; sending back empty result and leaving the value unchanged in database 
...

The script logs for reloading monitoring apps may show similar lines as the ones below:

...

20201228T174644.330+0100 Error: HTTP protocol error 401 (Unauthorized):
20201228T174644.330+0100
20201228T174644.330+0100 Requested resource requires authentication.
20201228T174644.331+0100 Execution Failed
20201228T174644.339+0100 Execution finished.

...

Environment: 

  • Qlik Sense Enterprise for Windows, all versions

 

Cause:


Passwords and other connection values are stored encrypted in the database in a hash created based on currently used self-signed certificates. When the system reads the hash it uses the content of self-signed certificates currently installed to decrypt the passwords.

 

Resolution:


There are two possible resolutions:

  1. Revert to the backup of your server and root certificates. Qlik Sense does not run an automated backup of its certificates. This option requires that the certificates were backed up by the system admin or 3rd party automation tools.
OR
  1. Go to the Qlik Management Console (QMC)  > Data Connections & User Directory Connectors > 
    (a) Open each Data Connection / User Directory Connector
    (b) Enter a null password for each data connection, i.e. ; (semi-colon) which will be interpreted as an escape character
    (c) If the connection does have a password, then do step (b) followed by re-entering the password
    This causes the system to write new encrypted strings to the database using the current certificate.
Version history
Last update:
‎2020-12-28 03:06 PM
Updated by:
Contributors