After upgrading DVLS to 2022.3.2.0 we are experiencing error emails after logging in

Hello,

These error messages are related to the Security Provider that still exist on your DVLS instance. Sometimes the process to remove the security provider may fail because of SQL timeouts. This article explain how to configure the database connection string in the DVLS Console to prevent them.
https://kb.devolutions.net/dps_preventing_sql_timeouts_with_dps.html

To test it again, you could spin up a staging instance with a copy of the SQL database. Here is the article on how to create a DVLS test instance.
https://kb.devolutions.net/dvls_staging.html

If you need assistance to create the staging environment, please send an email to service@devolutions.net and we will send you a link to book a support session.

Best regards,

Hi

I have set up another instance with a new copy of the database and i recieve error when removing the Security Provider https://kb.devolutions.net/dps_removesecurityprovider.html

It´s after step 10 that I get the following error


Activating encryption at rest...
Validating current instance requirements...
Stopping Application Pool...
ReEncrypting Attachments...
Padding is invalid and cannot be removed.
Encryption at rest activation failed. Please manually restore the database and restart the app pool and scheduler service.
Starting Application Pool...


If the encryption at rest activation completed with errors, please restore your database to the backup taken prior the operation.

Hello,

Thank you for your feedback.

Our engineering team has already fixed the problem you are experiencing. The fix will be available in the next DVLS version 2022.3.4 that should be soon available. You can subscribe to this forum's section to be automatically notified once a new version is available.
https://forum.devolutions.net/forums/105/general-availability-releases

Let me know if that works once you will test it using the DVLS Console 2022.3.4.

Best regards,

Hi


DVLS Console is updated to 2022.3.4.0
The instance is updated to 2022.3.4.0

But still the error appears at step 10

Activating encryption at rest...
Validating current instance requirements...
Stopping Application Pool...
ReEncrypting Attachments...
Padding is invalid and cannot be removed.
Encryption at rest activation failed. Please manually restore the database and restart the app pool and scheduler service.
Starting Application Pool...


If the encryption at rest activation completed with errors, please restore your database to the backup taken prior the operation.

Hello,

Thank you for your feedback.

The problem that was fixed in version 2022.3.4 is the one about the 2 emails you get when someone logs in. I'm sorry about the confusion.

It seems that there is a problem to encrypt one of the attachments saved in the database. When you follow the procedure, are you able to open the attachments before trying to encrypt the database on step 10?

Best regards,

Ahh no worries :)

I will update then so i will stop recieving the emails

Is there any quick and easy way to se how many and which entries that has attachments ? We have over 3000 entries so i need to figure out which has attachments and then which attachment it is that causes the problem in step 10.

Hello,

Thank you for your feedback.

About the attachments encryption step, is the Padding is invalid and cannot be removed error occurred shortly after the ReEncrypting Attachments... step? If so, we are suspecting that the process is trying to decrypt the first attachment which is not encrypted.

To know which entries are having an attachment, I don't think we have any reports available for that.

You can add the Attachment Count column but that won't display any number for the Documents entry type.



With this SQL query, you can get the list of attachments and documents saved in the database.

SELECT Connections.Name as 'Entry name', Connections.GroupName as 'Folder name', Repository.Name as 'Vault name'
From Connections
Inner Join Attachment
ON Attachment.ConnectionID = Connections.ID
INNER Join Repository 
ON Repository.ID = Connections.RepositoryID
ORDER BY Repository.Name, Connections.GroupName, Connections.Name

Best regards,

Hi

Ok , so i have run the SQL query and go the entries where attachments are found

I have gone through them and found some that i couldn´t open and some RTF documents (i recall this being obsolete a while back?)

After removing these i do get another error now

I haven´t yet restarted with a fresh copy of the orginal PROD datbase , i just tried again after i got the first error and the removed a few attachments entries and tried to do the "Activate Encryption At Rest" again.


Activating encryption at rest...
Validating current instance requirements...
Stopping Application Pool...
ReEncrypting Attachments...
Length of the data to decrypt is invalid.
Encryption at rest activation failed. Please manually restore the database and restart the app pool and scheduler service.
Starting Application Pool...


If the encryption at rest activation completed with errors, please restore your database to the backup taken prior the operation.

Did a try with new fresh restore of PROD database and removed the attachments that i had located.

But i still get this new error now "Length of the data to decrypt is invalid."


Activating encryption at rest...
Validating current instance requirements...
Stopping Application Pool...
ReEncrypting Attachments...
Length of the data to decrypt is invalid.
Encryption at rest activation failed. Please manually restore the database and restart the app pool and scheduler service.
Starting Application Pool...


If the encryption at rest activation completed with errors, please restore your database to the backup taken prior the operation.

Hello,

Thank you for your feedback.

As we can see with the new error message, it tries to decrypt the attachments and they are not encrypted in the database. I will inform the engineering team and will get back to you once the issue will be fixed.

For your information, I have submitted an improvement request to have a report in RDM to list all documents and attachments in the database similar to the SQL query I have provided.

Best regards,

Hi Erica

Any news regarding the issue with non encrypted attachments ?

Hi Magnus,

Could you please try the latest DVLS console version?

You should get more information if the operation still fails. Our engineers have added more logs as stated in version 2022.3.5 release notes of the console.

Best regards,

Hi Erica

So i have tried with version 2022.3..7 now and i still get error but i get another information error, "Data is Null. This method or property cannot be called on Null values."



Activating encryption at rest...
Validating current instance requirements...
Stopping Application Pool...
ReEncrypting Attachments...
Data is Null. This method or property cannot be called on Null values.
Encryption at rest activation failed. Please manually restore the database and restart the app pool and scheduler service.
Starting Application Pool...


If the encryption at rest activation completed with errors, please restore your database to the backup taken prior the operation.

Hello,

Thank you for your feedback. I have created a ticket on our side and we are going to investigate that. We will keep you posted as soon as possible.

Best regards,

Hello Magnus,

I sent you a private message with an SQL request that you could run and send me the result. It could help us.

Best regards,