The “not quite” secure storage HANA Studio, Reconnect your Studio to HANA Servers!
For a while, I have been seeing people are having issues connecting their HANA Studio to the servers in CloudShare. You have setup your connection, all the icons are green
everything is working and looking good. Next day, you log back in to your account and suddenly it gets invalidated and turns red 😕 😡
So this is the story, HANA Studio has a feature that basically stores all your connection credentials inside a storage. This storage is secured by a master password that the studio auto generates during the first time you enter your server credentials. You must be already familiar with the following dialog box:
This is when your credentials are “encrypted” inside the secure storage.
However, as much as the encryption goes, when they key got corrupted, you won’t be able to decrypt the original information. And this is exactly what happens. For an unknown reason, the key sometimes got corrupted and your login got invalidated. You get “invalid user name / password”. This is not because your backend profile was changed, you got a wrong user name / password, you didn’t type it correctly, etc, it simply because your decrypt key got corrupted. The corrupted key makes the Studio logs you in with the incorrect information.
So here is the solution:
- Open the Studio properties. File > Properties
- On the Database User Logon, click on Secure Storage
3. Click change password. It might give you a pop up saying that decryption key is corrupted. Just say yes to it.
4. You got a new key and you’re good to go 😉 !!
If it still fails, my colleague Ferry Lianto put together a nice document on how to delete your secure storage entirely and basically reset the whole Studio here.
UPDATE: You can go to Eclipse doc page here for more info about the secure storage itself. Maybe you can find what the root cause is? Easter egg challenge? 😀
Have fun!
Rocky
Hi Rocky!
This is an interesting and somewhat disturbing sentence:
I have never seen such problems yet, so I would like to know what exactly causes the corruption. Did you have a support message opened for this?
Apart from that, I don't quite get your concern about the security.
HANA Studio stores password files encrypted.
OK.
If all is well and good, it uses these information to automatically log in to the HANA instances - if and only if you're running HANA studio with the same user on the same machine (roaming profiles don't work).
OK.
Now, when the file is corrupted or anything else doesn't fit in, the connection to the HANA instances can't be made.
That's exactly what we want!
The only way to get the connection to work again is to actually know and provide the correct logon data.
GREAT.
So, how exactly is this insecure?
- Lars
Hi Lars,
First of all, I never mentioned the Studio being insecure :). While most of the definitions about "secure" system is always not being able to get information without the owner's permission, I want to take that definition a little bit further. Particularly, in this context, my definition of secure system is also the owner should be able to retrieve his/her data at anytime
This particular issue happens in the Cloudshare's desktop where Dev Center users are working on. It happens usually after the environment gets suspended. With the desktop being deployed in the cloud and everything is virtualized, I do not know what exactly is going on under the hood when the environment is created, suspended and later on is resumed. Maybe some key or ID gets regenerated or something like that happens and it invalidates the key pair that is used to store the credential? Who knows.
I do not have any support ticket opened yet for this as I'm yet to figure out how to reproduce it. To me this still seems to be a random occurence. I just happened to know how to do "first-aid" 🙂
Best,
Rocky
Rocky,
what does a title like "The "not quite" secure storage HANA Studio, Reconnect your Studio to HANA Servers!" say, if not "HANA secure storage is not secure" ?
I think I get your point that you want to have access to system state information at any given time.
And that is the case already.
All you've got to do is to provide the correct logon data for either your DBA user or the <sid>adm user of the HANA box.
That's it.
For the issue at hand I recommend to have a support message opened, even if you cannot reproduce the behavior at will. Maybe others have faced a similar situation already or maybe development can have a look at the secure storage files to figure out what caused the corruption.
Cheers, Lars
Hi Lars,
I would not go to far in terms of language issue as I'm not the expert 😀 . In my understanding the terms "not quite" does not really negate the adjective, e.g. "not quite good" does not necessarily mean bad. Anyway, we can discuss the language issue aside if you don't mind.
I will test whether the latest revision still has the same issue or not. The current version on the Cloudshare desktop is still at rev. 38 which is already outdated today.
Best,
Rocky
Hi, Rocky,
I met the similar issue after I reset SAP Citrix in APJ, the HANA instance refuse to add instance due to locked secure storage.
I follow your guide by reset passwords. After that, it works. Thanks.
Hi Guys,
Since I upgraded to SP5 in my AWS cloud server few months ago, I
am getting intermittent connection issues. The HANA Studio crashes erratically
with error " Save Failed: - 708 Data Receive failed (Software caused
connection abort: recev failed].
I also check the AWS instance security group info and it looks
good.
I am on SP5 rev 48 both in the backend and front-end studio
version.
Any inputs would be greatly appreciated.
Thanks,
Rama
Have you tried using Elastic IP?
Regards,
Shalin
Hi, I am not even able to open the Property page. My SAP HANA Systems tab does not show my system. It is having a message "Secure Storage is Locked" and then there is an unlock button. If I click on the unlock button nothing happens. Please help.
I have been facing the same issue. Go to hdbstudio->Preferences->General->Security->Secure Storage and de-select Master-Key Providers. This worked for me.
Regards,
Marcus
Marcus,
good tip, but it didn't work when i had to restore windows7x64 to a prior state (before modifying of hosts file). what i did was to delete the windows64 encrypted password after reinstalling hana studio and client. i also had to go into secure storage to "manage" my SYSTEM password and re-enter the challenge questions. now, i only have to deal with "Server Not compatible" warning in my Content folder, but i'm not sure how.
thx,
greg
seems like i have to do it now every time that i want to use the studio :-<
1 delete system
2 go to secure storage
3 clear passwords
4 in contents tab delete eclipse/windows64 password
5 restart
6 add system
7 redo secure storage and challenge questions
8 repeat at the next login
@Gregory: does this "locked" secure storage only happens in the newer revision of SAP HANA? I seem to always opt out for this secure storage thus I never had this issue 🙂
i used to ignore it as well, but after my Windows7x64 "reimage" i had to go through the iteration more than once (v56).
This is what worked for me: