Insight Discovery license fails with "Cannot decrytp text" on Windows

お困りですか?

アトラシアン コミュニティをご利用ください。

コミュニティに質問

プラットフォームについて: Server と Data Center のみ - この記事は、サーバーおよびデータセンター プラットフォームのアトラシアン製品にのみ適用されます。

問題

License is not being accepted when configuring Discovery application, causing it to crash after the settings save the first time. Users cannot use it at all after adding the license.

The following appears in the cmd log

C:\Users\ha-a\Desktop\Discovery_2.28.1.0\Discovery>
C:\Users\ha-a\Desktop\Discovery_2.28.1.0\Discovery>Discovery.exe -s
1/10/2021 4:42:04 PM : Error decrypting text.
1/10/2021 4:42:04 PM : Exceptions:
1/10/2021 4:42:04 PM : Cannot decrytp text.
at Insight.Discovery.ProviderClasses.LicenseProvider.Decrypt(String textToDecrypt) in C:\SourceCode\discovery_repo\ProviderClasses\LicenseProvider.cs:line 190
Show Setting Dialog...
1/10/2021 4:42:08 PM : Fatal error by loading credential list
1/10/2021 4:42:08 PM : Exceptions:
1/10/2021 4:42:08 PM : Attempting to deserialize an empty stream.
at Insight.Discovery.Tools.ObjectSerializer.DeserializeObject[T](String file, SerializeType sType) in C:\SourceCode\discovery_repo\DiscoTools\ObjectSerializer.cs:line 125
at Insight.Discovery.InfoClasses.CredentialList.Load(String password, String appPath) in C:\SourceCode\discovery_repo\InfoClasses\CredentialList.cs:line 119
1/10/2021 4:42:11 PM : Error decrypting text.
1/10/2021 4:42:11 PM : Exceptions:
1/10/2021 4:42:11 PM : Cannot decrytp text.
at Insight.Discovery.ProviderClasses.LicenseProvider.Decrypt(String textToDecrypt) in C:\SourceCode\discovery_repo\ProviderClasses\LicenseProvider.cs:line 190
Settings saved...

原因

There is some configuration on the host server that is blocking the decryption of the Discovery application license. If the system is blocking the decryption of the license, it will not be possible to use the tool on that system as the Discovery Tool will have to decrypt Credentials to be used during the scan.
When setting a secured Network, tools comes first, to enable their functionality, then hardening protocol step by step.


ソリューション

We need to exclude that group policy for the Discovery Tool server and then harden the policies for this server.
The group policy blocking the decryption of the license is most probably "System cryptography - Use FIPS compliant algorithms".
Looking into the Windows event log can provide us more information around which group policy is responsible for this problem. Contact the Network administrator to troubleshoot this further.

For encryption / decryption Discovery uses AES-256 algorithm which is used everywhere (Creditcards, WiFi and more).

For discovery it is salted with local server information, for which access may be blocked by the Group policy, hence the tool must be allowed to access Server information - for its own Security.




最終更新日: 2021 年 2 月 12 日

この内容はお役に立ちましたか?

はい
いいえ
この記事についてのフィードバックを送信する
Powered by Confluence and Scroll Viewport.