Repository System Log Shows Error "Not possible to decrypt encrypted string in database"
Qlik Sense cannot be accessed and used as expected. Qlik Sense Repository System logs shows error:
... Not possible to decrypt encrypted string in database; this is probably due to the secrets key on server certificate has been changed and the old database value hasn't; sending back empty result and leaving the value unchanged in database ...
The script logs for reloading monitoring apps may show similar lines as the ones below:
Passwords and other connection values are stored encrypted in the database in a hash created based on currently used self-signed certificates. When the system reads the hash it uses the content of self-signed certificates currently installed to decrypt the passwords.
There are two possible resolutions:
Revert to the backup of your server and root certificates. Qlik Sense does not run an automated backup of its certificates. This option requires that the certificates were backed up by the system admin or 3rd party automation tools.
Go to the Qlik Management Console (QMC) > Data Connections & User Directory Connectors > (a) Open each Data Connection / User Directory Connector (b) Enter a null password for each data connection, i.e. ; (semi-colon) which will be interpreted as an escape character (c) If the connection does have a password, then do step (b) followed by re-entering the password This causes the system to write new encrypted strings to the database using the current certificate.