Troubleshooting

You many encounter this error when trying to install or upgrade to Keyfactor Command version 10 or later:

2022-03-04 09:58:55.7262 CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel [Error] - Unable to configure database
2022-03-04 09:58:55.9821 CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel [Error] - An error occurred while preparing the database
at CSS.CMS.Install.ConfigurationWizard.ViewModels.DatabaseViewModel.b(Object A_0, RunWorkerCompletedEventArgs A_1)

A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 - The certificate chain was issued by an authority that is not trusted

Keyfactor Command version 10 requires an encrypted connection to the SQL server. If the SQL server is not configured correctly to receive a secure connection (is not configured with a valid certificate that is trusted by the Keyfactor Command server), you may receive this message.

For information about configuring TLS TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. for SQL server, see:

You may encounter this error on an enrollment when the CA A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. rejects the request. If the request is clearly not excessively long, review the request for invalid characters. Be sure to also check the default subject (see the Subject Format application setting on the Application Settings: Enrollment Tab and the subject defaults in certificate templates for both Configuring System-Wide Settings and Enrollment Defaults Tab). Quotation marks should not be used in the fields of the default subject except in the case where these are part of the desired subject value, as they are processed as literal values. This is a change from earlier versions of Keyfactor Command where quotation marks were used around fields containing embedded commas.

This error can also appear of the CA receives an enrollment request with no subject at all.

You may encounter this error either in the Keyfactor Command Management Portal or when submitting a Keyfactor API request. This error is typically not accompanied by any error in the Keyfactor Command logs. This error can occur if the IIS WebDAV Publishing feature is installed on the Keyfactor Command server. Keyfactor Command is not compatible with this IIS feature. Uninstall the WebDAV Publishing feature, reboot if required, and try your command again.

This error may appear during certificate enrollment against a certificate authority A certificate authority (CA) is an entity that issues digital certificates. Within Keyfactor Command, a CA may be a Microsoft CA or a Keyfactor gateway to a cloud-based or remote CA. running the Keyfactor CA Policy Module if the license for the policy module has expired. See License Expiration Monitoring and Rotation for license update information.

You may occasionally see error messages in the service log similar to the following if you are running Keyfactor Command in a redundant environment:

2023-01-12 16:55:00.0618  Keyfactor.LockProviders.SqlLockProvider [Error] - Unable to acquire lock on resource 'TimerServiceJob_https://ejbca3_keyother_com:8443 - CorpIssuingCA2 - Differencing 1/13/2023 12:55:00 AM'.

2023-01-12 16:55:00.0618  b [Error] - An error occured attempting to produce an instance of 'NoOverlapJobLoggingWrapper`1': Unable to acquire lock on resource 'TimerServiceJob_https://ejbca3_keyother_com:8443 - CorpIssuingCA2 - Differencing 1/13/2023 12:55:00 AM'.
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at Keyfactor.LockProviders.SqlLockProvider.AcquireLock(LockType type, String key)
at b.NewJob(TriggerFiredBundle bundle, IScheduler scheduler)

2023-01-12 16:55:00.0618  Quartz.Core.ErrorLogger [Error] - An error occurred instantiating job to be executed. job= 'DEFAULT.CASynchronizationService-56'
2023-01-12 16:55:00.0618  Quartz.Core.ErrorLogger [Error] - An error occurred instantiating job to be executed. job= 'DEFAULT.CASynchronizationService-56'
2023-01-12 16:55:00.0618  Quartz.Simpl.RAMJobStore [Info] - All triggers of Job DEFAULT.CASynchronizationService-56 set to ERROR state.

These message indicate that the Keyfactor Command Service on two different Keyfactor Command servers both attempted to run the same job at the same time and this server was unable to acquire a lock to run that job—the other server ran the job instead. This normally does not indicate any problem. If these errors occur frequently, it may be helpful to increase the timeout value for the job locking mechanism. To do this:

1. On each Keyfactor Command server, open a text editor (e.g. Notepad) using the “Run as administrator” option.

2. In the text editor, browse to open the CMSTimerService.exe.config file. This file is located in the Service directory within the install directory, which is the following directory by default:

   C:\Program Files\Keyfactor\Keyfactor Platform\Service

3. In the CMSTimerService.exe.config file, locate the Keyfactor.TimerJobs.LockTimeout key in the appSettings section and increase the value appropriately for your environment. The value is specified in milliseconds, so the default value of 5000 indicates that the Keyfactor Command Service will attempt to acquire a lock on the job for 5 seconds before producing an error if the lock cannot be obtained.

   

   Figure 426: Adjust the Keyfactor.TimerJobs.LockTimeout Value

4. Restart the Keyfactor Command Service (see Enable and Start the Keyfactor Command Service in the Keyfactor Command Server Installation Guide) to read the updated configuration.