ISSUE / SYMPTOMS
The Protect console crashes upon attempting to open the application.
The GUI will display one of the following errors:
"At least one of your credentials can no longer be decrypted. Please edit or delete every credential with a 'User Name' of 'None' in the Credential Manager."
"Protect can no longer decrypt credentials for this user. This typically happens when someone does a hard password reset on a Windows Account."
"The console service can no longer decrypt shared credentials. All users who have shared credentials with the console service must go to the Credential Manager and re-share them to restore functionality."
The ST.Protect.managed.log will show the following error:
System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.
RESOLUTION
In some instances these issues can be resolved by deleting invalid and/or duplicate credentials from the Manage > Credentials section of Protect. However, if there is no way to access the Protect console and get into the credential manager, the workaround is to use the attached SQL query.
The attached SQL query will delete ALL credentials stored in the Protect database for ALL users.
Basic Steps to use the attached SQL query:
1. Ensure Protect is closed.
2. Open SQL Server Management Studio
3. Connect to the database that contains the Protect database you want to delete the credentials from.
4. Backup the database.
5. Open DeleteCredentials.sql into a query window.
6. Read disclaimer at the top.
7. Execute the script
8. *Note: 2 tables TMPUserCredential and TMPUserCredentialUsage are created and
need to be renamed or deleted to run the script again
- These tables can be deleted at some point in the future when
you have entered new credentials and do not want the old ones back
9. Close SQL Server Management Studio, and try opening Protect now.
APPLIES TO
vCenter Protect 8.x
Shavlik Protect 9.x