Qlik Sense cannot be accessed and used as expected. Qlik Sense Repository System logs shows error:
...
Not possible to decrypt encrypted string in database; this is probably due to the secrets key on server certificate has been changed and the old database value hasn't; sending back empty result and leaving the value unchanged in database
...
The script logs for reloading monitoring apps may show similar lines as the ones below:
...
20201228T174644.330+0100 Error: HTTP protocol error 401 (Unauthorized):
20201228T174644.330+0100
20201228T174644.330+0100 Requested resource requires authentication.
20201228T174644.331+0100 Execution Failed
20201228T174644.339+0100 Execution finished.
...
Environment:
- Qlik Sense Enterprise for Windows, all versions
Cause:
Passwords and other connection values are stored encrypted in the database in a hash created based on currently used self-signed certificates. When the system reads the hash it uses the content of self-signed certificates currently installed to decrypt the passwords.
Resolution:
There are two possible resolutions:
- Revert to the backup of your server and root certificates. Qlik Sense does not run an automated backup of its certificates. This option requires that the certificates were backed up by the system admin or 3rd party automation tools.
OR
- Go to the Qlik Management Console (QMC) > Data Connections & User Directory Connectors >
(a) Open each Data Connection / User Directory Connector
(b) Enter a null password for each data connection, i.e. ; (semi-colon) which will be interpreted as an escape character
(c) If the connection does have a password, then do step (b) followed by re-entering the password
This causes the system to write new encrypted strings to the database using the current certificate.
