SBL-SVC-00163

Applies to:

Siebel System Software - Version: 7.8.2.4 SIA [19224] and later   [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)
Product Release: V7 (Enterprise)
Version: 7.8.2.4 [19224] FRA Fin Svcs
Database: Oracle 10.1.0.4
Application Server OS: Sun Solaris 10
Database Server OS: Sun Solaris 10

This document was previously published as Siebel SR 38-3275864281.

Symptoms

We want to encrypt the CTI users password that is stored into Siebel Oracle database :
-> BusComp CommSrv CM Agent General Profile / Field Password
-> Table S_USER / Column CTI_PWD

To perform the requirement, we intend to follow instructions from Bookshelf 'Security Guide' / 'Communication & Data Encryption'. But we are not sure about the roadmap, so could you please confirm that the above mentionned steps are correct and necessary :

1. Turn on Encryption for BusComp fields
    -> Create column S_USER.X_CTIPWD_ENCRPKEY_REF as Varchar30
    -> Create fields in CommSrv CM Agent General Profile
        -> I1_CTI Password Key Index = S_USER.X_CTIPWD_ENCRPKEY_REF
        -> I1_CTI Password Read Only = Calc field w/o calculated Value (as it is defined in Quote BusComp)
    -> Add User Properties for Password field
        -> Encrypted = Y
        -> Encrypt Service Name = RC2 Encryption
        -> Encrypt Key Field = I1_CTI Password Key Index
        -> Encrypt Read Only Field = I1_CTI Password Read Only

2. Run Key Database Manager

Are the steps, and their order, correct ? Do we miss some step or add unnecessary steps ?
We would like to secure this encryption operation because we fear some regressions in our development environment...

Cause

For the benefits of the others:

Customer's configuration was correct, however he run into the following issue when running the keydbmgr utility:
keydbmgr /u sadmin /p sadmin /l enu /c /devapp/FR/siebelfr/current/siebsrvr/bin/fra/fins.cfg

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>2
Please enter the seed for a new key generation:PIPOPIPO

A new key has been added successfully.

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>3
Updating key database...

Error: Fail to complete the key cache version updating operation.
Cleaning up... this may take a while.

Here is what was in the keydbmgr.log:

2021 2007-02-15 19:56:00 2007-02-15 19:56:02 +0100 00000003 001 003f 0001 09 keydbmgr 11031 1 /devapp/FR/siebelfr/7.8.2/siebsrvr/log/keydbmgr.log 7.8.2.4 [19224] ENU
GenericLog GenericError 1 0 2007-02-15 19:56:00 (sasess.cpp (701) err=1801004 sys=901043) SBL-NET-01004: Internal: invalid connect string (DB instance)
GenericLog GenericError 1 0 2007-02-15 19:56:00 (sasess.cpp (701) err=901043 sys=0) SBL-ADM-01043: Server connect string is stale, desired server not available
After some testing in my environment I was able to reproduce the error. However even though I get the error " Error: Fail to complete the key cache version updating operation" when I try to add a key, the key is added successfully and encryption is working.

Bug 10513048 has been logged for this error.

Solution

However, encryption was not working for the customer, so he was advised to check the following:
1. When running keydbmgr, that there gateway server is up and running
2. Data Source in the configuration file used by the keydbmanager has the correct connection information.
3. That all parameters in the cfg file (DataSource, ClientRootDir , Gateway) are correct.
4. Change the DataSourceName in the cfg file (customer had it set toLocal):
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = ServerDataSrc

After making changes to the cfg file, as per above, the data encryption started working.
Bug 10513048 has been resolved in Siebel 8.0.

Applies to:

Siebel CRM - Version 7.8.2.5 SIA [19227] to 8.2.2 SIA[22320] [Release V7 to V8]
Information in this document applies to any platform.

Symptoms

On : 7.8.2.5 SIA [19227] version, Security / Authentication

When attempting to run keydbmgr utility
the following errors occur:

ERROR
-----------------------
SBL-SEC-10001: An internal error has occurred within the authentication subsystem for siebel application
SBL-SEC-10018: A Siebel local database error has occurred possibly the database name is invalid.
SBL-DAT-00522: Unable to start the database server.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. run keydbmgr utility using the following command:
keydbmgr /u sadmin /p sadmin /l enu /c E:\sea78\siebsrvr\BIN\enu\fins.cfg
2. In fins.cfg you should have:
[Siebel]
...
DataSource = $(DefaultDataSource)
...
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = Local


BUSINESS IMPACT
-----------------------

Due to this issue, users cannot implement data encryption.

Cause

The issue is caused by the following setup:
-You used fins.cfg file which keydbmgr reads to get all the connection information (ServerDbODBCDataSource, ConnectString,$(GatewayAddress), $(EnterpriseServer)).
However, those values were not set to the real values, and that is why the utility returns error.

Solution

To resolve the issue:
1. Open fins.cfg (one you use when running keydbmgr utility)
2. Set the following parameters to the correct values:
DataSource, ServerDbODBCDataSource, ConnectString,$(GatewayAddress), $(EnterpriseServer)
3. Rerun keydbmgr utility.

Note:
The error you are getting when exiting from keydbmgr is:
“Error: Fail to complete the key cache version updating operation.”
Change Request #10502873 has been logged for this error and the problem does not appear in Siebel 8.0. Since the keyfile.bin gets updated, the error is benign and can be ignored.
This is described in document: Data Encryption (Doc ID 490017.1).