SBL-SVC-00163



Applies to:


Siebel System Software - Version: 7.8.2.4 SIA [19224] and later   [Release: V7 and later ]
Oracle Solaris on SPARC (64-bit)

Product Release: V7 (Enterprise)

Version: 7.8.2.4 [19224] FRA Fin Svcs

Database: Oracle 10.1.0.4

Application Server OS: Sun Solaris 10

Database Server OS: Sun Solaris 10



This document was previously published as Siebel SR 38-3275864281.



Symptoms


We want to encrypt the CTI users password that is stored into Siebel Oracle database :
-> BusComp CommSrv CM Agent General Profile / Field Password
-> Table S_USER / Column CTI_PWD

To
perform the requirement, we intend to follow instructions from
Bookshelf 'Security Guide' / 'Communication & Data Encryption'. But
we are not sure about the roadmap, so could you please confirm that the
above mentionned steps are correct and necessary :

1. Turn on Encryption for BusComp fields
    -> Create column S_USER.X_CTIPWD_ENCRPKEY_REF as Varchar30
    -> Create fields in CommSrv CM Agent General Profile
        -> I1_CTI Password Key Index = S_USER.X_CTIPWD_ENCRPKEY_REF
        -> I1_CTI Password Read Only = Calc field w/o calculated Value (as it is defined in Quote BusComp)
    -> Add User Properties for Password field
        -> Encrypted = Y
        -> Encrypt Service Name = RC2 Encryption
        -> Encrypt Key Field = I1_CTI Password Key Index
        -> Encrypt Read Only Field = I1_CTI Password Read Only

2. Run Key Database Manager

Are the steps, and their order, correct ? Do we miss some step or add unnecessary steps ?
We would like to secure this encryption operation because we fear some regressions in our development environment...




Cause


For the benefits of the others:

Customer's configuration was correct, however he run into the following issue when running the keydbmgr utility:
keydbmgr /u sadmin /p sadmin /l enu /c /devapp/FR/siebelfr/current/siebsrvr/bin/fra/fins.cfg

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>2
Please enter the seed for a new key generation:PIPOPIPO

A new key has been added successfully.

Please choose one of the following options:
Enter 1 to change the key database password
Enter 2 to add a key to the system
Enter 3 to quit the application
>3
Updating key database...

Error: Fail to complete the key cache version updating operation.
Cleaning up... this may take a while.

Here is what was in the keydbmgr.log:

2021
2007-02-15 19:56:00 2007-02-15 19:56:02 +0100 00000003 001 003f 0001 09
keydbmgr 11031 1 /devapp/FR/siebelfr/7.8.2/siebsrvr/log/keydbmgr.log
7.8.2.4 [19224] ENU
GenericLog GenericError 1 0 2007-02-15 19:56:00
(sasess.cpp (701) err=1801004 sys=901043) SBL-NET-01004: Internal:
invalid connect string (DB instance)
GenericLog GenericError 1 0
2007-02-15 19:56:00 (sasess.cpp (701) err=901043 sys=0) SBL-ADM-01043:
Server connect string is stale, desired server not available
After
some testing in my environment I was able to reproduce the error.
However even though I get the error " Error: Fail to complete the key
cache version updating operation" when I try to add a key, the key is
added successfully and encryption is working.

Bug 10513048 has been logged for this error.



Solution





However, encryption was not working for the customer, so he was advised to check the following:
1. When running keydbmgr, that there gateway server is up and running
2. Data Source in the configuration file used by the keydbmanager has the correct connection information.
3. That all parameters in the cfg file (DataSource, ClientRootDir , Gateway) are correct.
4. Change the DataSourceName in the cfg file (customer had it set toLocal):
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = ServerDataSrc

After making changes to the cfg file, as per above, the data encryption started working.


Bug 10513048 has been resolved in Siebel 8.0.








Applies to:


Siebel CRM - Version 7.8.2.5 SIA [19227] to 8.2.2 SIA[22320] [Release V7 to V8]
Information in this document applies to any platform.



Symptoms



On : 7.8.2.5 SIA [19227] version, Security / Authentication

When attempting to run keydbmgr utility
the following errors occur:

ERROR
-----------------------
SBL-SEC-10001: An internal error has occurred within the authentication subsystem for siebel application
SBL-SEC-10018: A Siebel local database error has occurred possibly the database name is invalid.
SBL-DAT-00522: Unable to start the database server.


STEPS
-----------------------
The issue can be reproduced at will with the following steps:
1. run keydbmgr utility using the following command:
keydbmgr /u sadmin /p sadmin /l enu /c E:\sea78\siebsrvr\BIN\enu\fins.cfg
2. In fins.cfg you should have:
[Siebel]
...
DataSource = $(DefaultDataSource)
...
[DBSecAdpt]
SecAdptDllName = sscfsadb
DataSourceName = Local


BUSINESS IMPACT
-----------------------

Due to this issue, users cannot implement data encryption.



Cause



The issue is caused by the following setup:
-You used
fins.cfg file which keydbmgr reads to get all the connection information
(ServerDbODBCDataSource, ConnectString,$(GatewayAddress),
$(EnterpriseServer)).
However, those values were not set to the real values, and that is why the utility returns error.






Solution



To resolve the issue:
1. Open fins.cfg (one you use when running keydbmgr utility)
2. Set the following parameters to the correct values:
DataSource, ServerDbODBCDataSource, ConnectString,$(GatewayAddress), $(EnterpriseServer)
3. Rerun keydbmgr utility.

Note:
The error you are getting when exiting from keydbmgr is:
“Error: Fail to complete the key cache version updating operation.”
Change
Request #10502873 has been logged for this error and the problem does
not appear in Siebel 8.0. Since the keyfile.bin gets updated, the error
is benign and can be ignored.
This is described in document: Data Encryption (Doc ID 490017.1).



תגובות

הוסף רשומת תגובה

פוסטים פופולריים מהבלוג הזה

FINS Data Transfer Utilities

תמונה
The best thing while working on siebel is you are never short of options. Recently we had requirement of updating a Service request from contact. Finally we did that using "EAI Siebel Adapter" business service. However during that time i came across another business service "FINS Data Transfer Utilities" popularly known as DTU business service. As i was not having prior knowledge of it going by the rule of not learning swimming lessons while drowning i decided not to go for it. Lately i have tried to explore this service and trust me it can do wonders. Here is a sample example update of Service Request from contact. We need to follow below steps in order to understand strength of this business service. 1 - Navigate to Site Map. Go to Administration - Application -> Data Map Administration tab. Create a new Record with following options: Name: Service Request Test Source Business Object: Contact Destination Business Object: Service Request Here the source business
המשך לקרוא

SBL-BPR-00191: The rowId of the active row of the primary buscomp '%1', '%2', does not match the Primary Id

Applies to: Product Release: V7 (Enterprise) Version: 7.5.3 [16157] ESN Database: Oracle 9.2.0.2 Application Server OS: Microsoft Windows 2000 Server SP 3 Database Server OS: Microsoft Windows 2000 Server SP 3 This document was previously published as Siebel SR 38-1386997031. Symptoms SBL-BPR-00191 We have a error with a workflow. This WF is excuted by policy when a particular activity is closed. The WF Business Object is 'Action'. Inside this WF, there is a subprocess that invokes a Business Service that creates a new activity. In a second subprocess, the region Id of this new activity is updated using the standar update method funcionality of Siebel workflow process. Error processing Siebel Operation for: Business Object 'Action' Business Component 'Action' Primary Id ''1-5NEI6' Operation 'Insert'(SBL-BPR-00100) -- The rowId of the active row of the primary buscomp 'Action', '1-4SNCV', does not match the Prima
המשך לקרוא

Profile Attributes and Open UI

תמונה
Yes, Profile Attributes! As the ever attentive, up-to-date Siebel CRM expert that you are when you read this, you know that in Siebel Open UI (since version 15), it is no longer allowed/supported to  set  Profile Attributes from browser-side script. But  getting  them is not a problem, since the  GetProfileAttr  function works perfectly fine. Recently I found a few vanilla Profile Attributes that came quite handy in my work in Open UI JavaScript: Navigation Type : stores the navigation type such as "NAVIGATION_TAB" ActiveViewName : does what it says on the tin IsOpenUI : returns "1" when the application runs in Open UI Is SUI Theme : when "TRUE", the application theme is Synergy (aka SUI) Position:  returns the currently active position Primary Responsibility Name : guess what this one is… Profile Image : returns the URL of the user's profile image Org.Name : returns the name of the user's organization Here's a sample line of
המשך לקרוא