JDE 9.2, Tools 9.2.1.0 and Site Keys Issues

max_xx

Well Known Member
Guys,

I am currently installing JDE 9.2 Tools 9.2.1.0. I am facing an issue with the site keys although all the functionality seems to be working fine i.e. I can log into JDE, have setup a web instance and can log into web instance, fire UBE's etc. But when I look at the security and workflow kernel log files, I can see the below errors in them:

444/3700 Fri Dec 02 09:11:55.455000 sktools.h2959
LIB0000603 - The requested site key was not found, so cannot decrypt the encrypted data item

444/3700 Fri Dec 02 09:11:55.501000 sktools.h2959
LIB0000603 - The requested site key was not found, so cannot decrypt the encrypted data item

This is the first time I am playing with site keys as it has now become mandatory to use site keys (you cannot create a system user without a site key).

With respect to site keys, are they stored anywhere in the tables OR are purely used for encrypt/decrypt purpose and read from the ini files ? Also, in the jde.ini, I can see that the passwords for workflow, db, security are now encrypted which basically means that the encrypt is working fine. I have tried encrypting through both - server manager and through E1IniEncrypt. I believe the issue is with decrypt as the decrypt function is reading some other site key.

I have logged a ticket with Oracle as tools 9.2.1.0 was only released a few weeks ago and it might be a bug in the tools BUT I may be wrong.

I have tried generating the site key again (using the same passphrase) but it did not work. Still throwing the same error. Since creating a system user now requires a site key, it looks like the site key is used to encrypt the password for system user through DEP920 environment BUT I may be wrong.

Any clues or where it might be failing ??

Thanks.

Warm Regards,
Max
 
Guys,

I am currently installing JDE 9.2 Tools 9.2.1.0. I am facing an issue with the site keys although all the functionality seems to be working fine i.e. I can log into JDE, have setup a web instance and can log into web instance, fire UBE's etc. But when I look at the security and workflow kernel log files, I can see the below errors in them:

444/3700 Fri Dec 02 09:11:55.455000 sktools.h2959
LIB0000603 - The requested site key was not found, so cannot decrypt the encrypted data item

444/3700 Fri Dec 02 09:11:55.501000 sktools.h2959
LIB0000603 - The requested site key was not found, so cannot decrypt the encrypted data item

This is the first time I am playing with site keys as it has now become mandatory to use site keys (you cannot create a system user without a site key).

With respect to site keys, are they stored anywhere in the tables OR are purely used for encrypt/decrypt purpose and read from the ini files ? Also, in the jde.ini, I can see that the passwords for workflow, db, security are now encrypted which basically means that the encrypt is working fine. I have tried encrypting through both - server manager and through E1IniEncrypt. I believe the issue is with decrypt as the decrypt function is reading some other site key.

I have logged a ticket with Oracle as tools 9.2.1.0 was only released a few weeks ago and it might be a bug in the tools BUT I may be wrong.

I have tried generating the site key again (using the same passphrase) but it did not work. Still throwing the same error. Since creating a system user now requires a site key, it looks like the site key is used to encrypt the password for system user through DEP920 environment BUT I may be wrong.

Any clues or where it might be failing ??

Thanks.

Warm Regards,
Max

Probably Bug !

From our JD Edwards EnterpriseOne 9.2.1.0 Setup.
=====================================
JD Edwards Release : E920|9.2.1.0
Database Server : SQL Server 2014
Application Server : Web logic 12.2.1.0
Operating system : Windows 2012 R2

Security Kernel
============

3480/4232 Fri Dec 02 13:08:10.093000 sktools.h2959
LIB0000603 - The requested site key was not found, so cannot decrypt the encrypted data item

Workflow Kernel
=============

3380/2092 Fri Dec 02 13:08:10.093000 sktools.h3782
LIB0000670 - Requested site key not found

3380/2092 Fri Dec 02 13:08:10.093001 JDETOOLS.C6474
LIB0000647 - Specific site key for decryption was not found

However we are not having the error message in our deployment server when compare to your setup. We generated the site key from deployment server Sitekey.exe.

jde.log from Deployment Server
=========================

3496/5076 MAIN_THREAD Fri Dec 02 13:11:45.205000 netconn.c1137
10048-bind returned 10048 (WSAEADDRINUSE): The specified address is already in use

3496/5076 MAIN_THREAD Fri Dec 02 13:11:45.205001 jdb_ctl.c3124
Net init failed or not initialized

3496/5076 MAIN_THREAD Fri Dec 02 13:11:45.346000 jdb_ctl.c4199
Starting OneWorld

3496/5076 MAIN_THREAD Fri Dec 02 13:11:51.199000 netpub.c999

JDENet already initialized
 
dot zero release. If this is a lab install, then you should definitely be working with Oracle to have them provide a POC to fix the bug. I'm not installing on my customer equipment until around 9.2.1.2 - obviously theres some major flaws with some major security changes that have appeared.
 
bummer.... its a fresh install and client wants to use UX One.... I have already logged a ticket and the logs have been passed onto Oracle developers for further investigation....not sure what of QA does Oracle do on JDE....
 
....not sure what of QA does Oracle do on JDE....
In their defense - JDE is a hell of a complicated set of tools and applications. From what I understand, the developers internally get the toolset some months prior to actual release - I think its at least 6 months prior to release to the public. They do uncover issues by working on the code internally, however, a "dot zero" release usually introduces a LOT of new functionality in the tools release (such as UX One) - and not all the application developers are generally tasked with using the new functionality. When a "dot zero" comes out, they've already uncovered some issues that are likely already internally being fixed. BUT, they can't test everything. Therefore its only when it goes out to customers that are testing the tools release in a "lab" style environment do they get feedback on issues like the above. The general rule of thumb is to therefore NOT install a new tools release until it has gone through at least 2 iterations (ie, 9.2.1.2 would be fine in normal circumstances). Its fine to install if you're at a pre-go-live customer, and are planning on not going live until the .2 or above release has occurred. This rule has really helped over the past 20+ years in ensuring that customers don't have issues with the JDE code until its been "bedded in" completely.

Now, as far as QA is concerned, I know that the JDE team isn't as large as it used to be - and also, they often utilize scripts that test "pre-existing" code. New functionality should also be tested, but its unlikely that they have scripts created by the time the dot zero is released. SO, you won't see "true" testing until its released amongst customers.

Keep to the "rule of thumb" - and you should be stable. But for those that "test" in the lab or pre-go-live environments, the entire JDE community appreciates everything you do !
 
dot zero release. If this is a lab install, then you should definitely be working with Oracle to have them provide a POC to fix the bug. I'm not installing on my customer equipment until around 9.2.1.2 - obviously theres some major flaws with some major security changes that have appeared.
I'll say there are major security flaws and I am trying to configure 2 instances of 9271 - one with SQL Svr 2019 and the other Oracle 19
 
Back
Top