Encrypt password for iisClientCertificateMappingAuthentication = keyset does not exist - iis-express

When adding oneToOneMappings for IIS Client certificate mapping authentication. We want to encrypt the password for obvious reasons. But if we try to run the following script :
appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/iisClientCertificateMappingAuthentication
/+"oneToOneMappings.[userName='testUser',password='securePassWord!1',certificate='CERTIFICATE_BLOB']" /commit:apphost
We get the keyset does not exist error.
ERROR ( hresult:80090016, message:Failed to commit configuration changes.
Keyset does not exist
How do we solve this?
(We run this on Windows XP)
Reference 1
Reference 2
Reference 3

Related

How to set a login user account for a windows service written in Golang?

I use the package "https://pkg.go.dev/github.com/kardianos/service" to run an application written in Go as a Windows service.
I set the following attributes in service.Config:
Username: "myusername"
Option: service.KeyValue{"password": "mypassword"}
When I then install the program, I get the following error: The account name is invalid or does not exist, or the password is invalid for the account name specified.
How should I set attributes of service.Config to make the service run properly with specified the credentials when installed?
I just found out the solution myself.
Username:`DESKTOP-XXXXXX\myAcount`
Option: service.KeyValue{"password": "mypassword"}

Error - while encrypting the jdbc password in sonarqube 4.3.3

I followed the below link (http://docs.sonarqube.org/display/SONAR/Settings+Encryption ) and try to encrypt the sonar jdbc password and I set the password and key path in maven project as below
<sonar.jdbc.url>jdbc:h2:tcp://localhost:9093/sonar</sonar.jdbc.url><sonar.jdbc.username>sonar</sonar.jdbc.username>
<sonar.jdbc.password>{aes}LUc8lslPKL7YBxBSobm3XA==</sonar.jdbc.password>
<sonar.secretKeyPath>/apps1/Sonar/Sonar secret.txt</sonar.secretKeyPath>
But while building the project i'm getting the below issues.
" Fail to decrypt the property sonar.jdbc.password. Please check your secret key. The property sonar.secretKeyPath does not link to a valid file"
I'm using Linux in which SonarQube 4.3.3 has been installed and I'm running the maven project in windows.
Please help me to solve the issues.
The secret key must be copied wherever you use encrypted properties. Here you're using encryption on the scanner side, so you must first copy the key on that machine and set sonar.secretKeyPath accordingly. As per Settings Encryption documentation:
To use an encrypted value on the scanner side,
Copy the secret key file to the machine running the analysis
Use the
encrypted values where needed
Configure the scanner with the location of the secret key file.

Unable to load SiteMinder host configuration object or host configuration file

The application log in the event viewer shows
Unable to load SiteMinder host configuration object or host configuration file
for Siteminder 12.51 on IIS 7.5 (64bit) OS Windows 2008 (64bit).
When do you get the error? Is it when you're configuring the Webagent?
Anyway, verify the following.
Verify your environment variables are set correctly, if must have references to the Webagent files, you may need to export the envvars in the webagent or policy server folder (nete_wa_env...) file.
if the host config object you're using exists? Verify this using the
Admin UI
If the hostname is configured in the policy server as a trusted host
Verify if the settings are correct in the corresponding SmHost.conf file in the webagent folder
Verify and eliminate any duplicate or conflicting lines in your IIS config files which refer to siteminder.
Verify the host config object and the agent config object settings.
make sure WebAgent.conf is pointing to the correct SmHost.conf and SmHost.conf has the correct HostConfigObject defined (with the exact case that is used in the Policy Store).
If the HCO in the Policy Store is named "DefaultHostSettings" and SmHost.conf contains HostConfigObject=defaulthostsettings you will get this type of error.
Try re-registering the web agent with the policy server using the smreghost command.

How to run jython script from RAD using credentials from properties file?

According to documentation: http://pic.dhe.ibm.com/infocenter/rsawshlp/v7r5m0/index.jsp?topic=%2Fcom.ibm.ws.ast.jythontools.doc%2Ftopics%2Ftjythondebug.html to run jython script with credentials "As defined in soap.client.props or sas.client.props file":
The sas.client.props and the soap.client.props files are located in
the properties directory for each WebSphere Application Server
profile, for example x:/profilePath/properties
I've created file:
C:\IBM\WebSphere\AppServer85\properties\soap.client.props
The next part is about setting com.ibm.CORBA and com.ibm.SOAP properties. Because it is not written, which of them are used as credentials, I've set both:
com.ibm.CORBA.loginUserid=user
com.ibm.CORBA.loginPassword=pass
com.ibm.CORBA.loginSource=properties
com.ibm.SOAP.securityEnabled=true
com.ibm.SOAP.loginUserid=user
com.ibm.SOAP.loginPassword=pass
But I can't run the script on WebSphere:
WASX7246E: Cannot establish "SOAP" connection to host "localhost"
because of an authentication failure. Ensure that user and password
are correct on the command line or in a properties file.
I'm using IBM RAD 9.0 and WebSphere 8.5
What I'm doing wrong? I've done everything as I've understood from cited documentation, but it's very laconical and unprecise for me.
Depending on the connector being used (SOAP or RMI), wsadmin retrieves credentials from either soap.client.props or sas.client.props. In your case the connector is SOAP (that's what the error message suggests), so you have to edit two lines in soap.client.props:
com.ibm.SOAP.loginUserid=...
com.ibm.SOAP.loginPassword=...

TeamCity forgotten admin password - where to look?

I need to recover/reset the admin password for JetBrain's TeamCity.
I have full RDP access to the server so no problems there. It's just been 2 months since we used it so now I have forgotten my login - my usual ones don't work.
It is setup without a database at the moment, so was hoping the usernames would just be in a file somewhere, but no luck finding it so far.
From TeamCity 8 you can log in as a super user and change the password that way. You just need to use an empty username and last occurrence of the "super user authentication token" found in the logs\teamcity-server.log file as your password.
Please see the following for more information:
TeamCity 8 - http://confluence.jetbrains.com/display/TCD8/Super+User
TeamCity 9 - http://confluence.jetbrains.com/display/TCD9/Super+User
TeamCity 10 - https://confluence.jetbrains.com/display/TCD10/Super+User
In case none of those works, see http://sebastienlachance.com/post/Resetting-TeamCity-Password.aspx.
Open a command prompt and go to \webapps\ROOT\WEB-INF\lib folder. Now type the following :
..\..\..\..\jre\bin\java.exe -cp server.jar;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword username newpassword
For TeamCity 6.5.4
From a command prompt in the [TeamCity install folder]\webapps\ROOT\WEB-INF\lib:
..\..\..\..\jre\bin\java -cp server.jar;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword admin NewPassword
My username was 'admin' in my case (I think I set it during installation but I can't be sure).
I ommitted the path to TeamCity argument, it's smart enough to use the correct path (mine was c:\users\administrator.BuildServer)
When I provided the (wrong) path to TeamCity as an argument I received this message:
Using TeamCity configuration directory path: c:/TeamCity/.BuildServer
Exception in thread "main" java.sql.SQLException: Table not found in statement [UPDATE users SET PASSWORD = ? WHERE USERNAME = ? AND REALM IS NULL]
at org.hsqldb.jdbc.Util.throwError(Util.java:58)
at org.hsqldb.jdbc.jdbcPreparedStatement.<init>(jdbcPreparedStatement.java:1833)
at org.hsqldb.jdbc.jdbcConnection.prepareStatement(jdbcConnection.java:580)
at ChangePassword.main(ChangePassword.java:14)
In case this confuses other people too.
Super user direct URL :
http://servername:port/login.html?super=1
Open TeamCity log folder (Example C: drive: C:\TeamCity\logs) : teamcity-server.log, find the key: “Super user authentication”
[2019-03-04 12:14:30,770] INFO - jetbrains.buildServer.SERVER - Super user authentication token: `8347518935696887114` (use empty username with the token as the password to access the server)
You could try to reset the installation of TeamCity, by removing TeamCity data directory ($/.BuildServer directory by default)
Try the following:
First stop the TeamCity service (would also stop the build agent if installed).
Next open up a console, go to your java directory and run the following command from there:
java.exe -cp server.jar; hsqldb.jar ChangePassword USERNAME PASSWORD "PATH_TO_YOUR_TEAMCITY_INSTALLATION".BuildServer
I've just had to go through this pain with v5 EAP.
I managed to reset the password successfully by running:
C:\TeamCity\webapps\ROOT\WEB-INF\lib>..\..\..\..\jre\bin\java -cp server.jar;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword admin password c:\TeamCity\.BuildServer
Although you'll need to substitute C:\TeamCity with wherever your installation is located.
In case this helps someone else, whoever installed TeamCity on my server placed the build directory under the Administrator's Profile, not in C:\TeamCity.
Specifically for TeamCity running on Tomcat on Windows it will be C:\ProgramData\JetBrains\TeamCity
The directory specified as the last parameter needs to be your Data Directory (find in /logs/teamcity-server.log)
You'll get the 'Table not found' error if you don't have this correct.
You'll get a 'The database is already in use' error if you've got TeamCity running.
you can also search you /logs/teamcity-server.log to see whether you created admin, administrator, or some other admin user name.
For everyone that may arrive at this article years after the original answer like I just did, there's a built-in super user account, and the password is regenerated every time team city is started, and the password is in the log. You can use this super user to login and reset any passwords. It's super easy.
https://confluence.jetbrains.com/display/TCD9/Super+User
TeamCity always uses a database - if you haven't explicitly configured one, it uses a HSQLDB database to store data internally.
When using an external database, user information is stored within that database, so it seems pretty likely that the user information in your case will be stored within the HSQLDB system.
You might be able to gain access to the system by futzing around with the database - but I'd suggest taking a backup first.
Second suggestion - drop the support guys at JetBrains an email. Even before my workplace splashed out on a TeamCity Enterprise license, their support was superb - fast, accurate and helpful.
With TeamCity 5 using MySQL (probably other versions and RDBMs as well, but untested), it's possible to update the password directly via SQL:
mysql> update users set password = md5("mypass123") where username = "bob";
Nevertheless, I'd stick with the CLI versions already mentioned by others if there isn't a good reason not to do so.
First point is if you logout the login screen has the username 'TCAdmin' already filled in, when it should be 'administrator'. TCAdmin is the full name of (I think) the default version 5 admin user. Changing that to administrator and then using the password I thought it was solved my issue.
For resetting...
In case it helps someone else on Windows XP on version 5 of TeamCity, my .BuildServer config info was also under my current logged in user's documents and settings folder. Also I was tripped up by a space in the list of jar files in Sebastien's good answer above.
So I changed to this directory in a command prompt:
c:\teamcity\webapps\ROOT\WEB-INF\lib
and then this command line (to set password: Password1) worked for me:
C:\TeamCity\webapps\ROOT\WEB-INF\lib>..\..\..\..\jre\bin\java.exe -cp server.jar;commonapi.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword administrator Password1
Which gave output:
Using TeamCity configuration directory path: C:/Documents and Settings/tamw/.BuildServer
Password changed successfuly
Stop teamcity
You should pass path to your buildserver
e.g. if you installed build server to dir "c:\.BuildServer"
........\jre\bin\java.exe -cp server.jar;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword username newpassword c:\.BuildServer
To change user password:
Shutdown server
Switch to the /webapps/ROOT/WEB-INF/lib directory
Invoke the following command:
Windows platform:
java -cp server.jar;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword
Unix platform:
java -cp server.jar:common-api.jar:commons-codec-1.3.jar:util.jar:hsqldb.jar ChangePassword
You can skip the option, if you are using default path for TeamCity data files: /.BuildServer
[Ref: http://confluence.jetbrains.com/display/TCD7/Changing+user+password+with+default+authentication+scheme]
Here's what worked for me.
Shut down server services
> cd c:\TeamCity\webapps\ROOT\WEB-INF\lib>
then
> ..\..\..\..\jre\bin\java.exe -cp server.jar ;common-api.jar;commons-codec-1.3.jar;util.jar;hsqldb.jar ChangePassword admin password1 C:\ProgramData\JetBrains\TeamCity\
Without the path at the end, it would fail with:
Exception in thread "main" java.sql.SQLException: Table not found in statement [
UPDATE users SET PASSWORD = ? WHERE USERNAME = ? AND REALM IS NULL]
at org.hsqldb.jdbc.Util.throwError(Util.java:58)
at org.hsqldb.jdbc.jdbcPreparedStatement.<init>(jdbcPreparedStatement.ja
va:1833)
at org.hsqldb.jdbc.jdbcConnection.prepareStatement(jdbcConnection.java:5
80)
at ChangePassword.main(ChangePassword.java:14)
We are using Teamcity 7 with MS SQL Server as the RDBMS.
To reset your password you can use the following query:
UPDATE users SET password = LOWER(SUBSTRING(sys.fn_sqlvarbasetostr(HASHBYTES('md5','your_new_password')),3,32))
where username = "your_user_name";
Alternatively, You could use the TeamCity Server Log and retrieve the Super User token.
Using the token, go to the URL : http://(server):(port)/login.html?super=1
ie: http://localhost:92/login.html?super=1
Once you logged in, you could always create a new user or reset the password for the account in question.
I passed in the same situation and did login with super user, follow steps below:
1 - Get Token in the "teamcity-server.log" in the path "XX:\TeamCity\logs";
2 - Access and login using token at url: "/login.html?super=1";
More about it:
https://confluence.jetbrains.com/display/TCD18/Super+User

Resources