Content Management and Capture

Expand all | Collapse all

dcskey import command never worked

  • 1.  dcskey import command never worked

    Posted Mon November 09, 2020 02:41 AM
    Hi,
    I and my colleagues have been trying to import a key from a Windows user account.
    We wanted to separate a Datacap managing user from an admin account.
    We have followed this Support instruction to import a key for each Windows user account.
    https://www.ibm.com/support/pages/requirements-importing-encryption-keys-ibm-datacap-taskmaster-capture

    In the past 3 years, we have tried several times but every time "dcskey -i" command failed.
    (OS version was Windows 2012,2016,10. Datacap version was 9.1 - 9.1.7)
    The following Support pages didn't help.

    https://www.ibm.com/support/pages/key-not-valid-use-specified-state-ibm-datacap-taskmaster-capture
    https://www.ibm.com/support/pages/key-not-valid-use-specified-state-ibm-datacap-taskmaster-capture

    The last time, we worked around by saving the credentials in plain text as explained by this Support site.
    https://www.ibm.com/support/pages/custom-code-unable-decrypt-encrypted-strings-ibm-datacap-taskmaster-capture

    I think "dcskey i" command has a product issue.
    Or is that it can only work when Datacap users are all local users and not on Active Directory?
    I'd like finally know how to use (or get it fixed) this command so we won't have to save the credential in plain text and explain to the customer the problem.
    Has anyone seen it work?

    ------------------------------
    dsakai
    ------------------------------


  • 2.  RE: dcskey import command never worked

    Posted Thu November 19, 2020 04:09 PM
    It always worked for me, across several Datacap versions and many environments. Can you please add more details? What steps are you taking for importing it? What error message do you see while importing it? Are you copying the key from your Datacap (Taskmaster) server?

    ------------------------------
    Manesh Gurav
    ------------------------------



  • 3.  RE: dcskey import command never worked

    Posted Thu November 19, 2020 08:38 PM
    Edited by dsakai Thu November 19, 2020 09:15 PM
    Thanks for your reply.
    This is how we did the last time.

    1) Prepare datacap admin user (dcadmin) and maintenance user (dcuser) on Windows Active Directory.
    2) Install and configure Datacap 9.1.7 using dcadmin on a single Windows 2016 machine.
    3) Open a command prompt and move to c:\Datacap\Taskmaster. Execute "dcskey -e".
    4) Reboot PC.
    5) Change password of dcuser. *Due to the client's policy, the password changes periodically.
    6) Login to dcuser.
    7) Open a command prompt and move to c:\Datacap\Taskmaster. Execute "dcskey -i".
    8) An error is displayed: "Keys couldn't be imported. Key not valid for use in specified state."
    9) I think we also did "dcskey -d" before trying import,
    but saw an error "Keys couldn't be deleted. Key not valid for use in specified state."

    I am guessing that "dcskey import" does not work once the other user executes "dcskey export"
    and first entry is written into dc_KTF.xml file in C:\Datacap\Taskmaster.
    This first entry can be shared among the users on the same machine,
    but once a user (different from the installation user) changes password,
    there is no way for dcskey command (either delete or import) to reflect this password change.

    The following site had what seemed to be the solution.
    https://www.ibm.com/support/pages/key-not-valid-use-specified-state-ibm-datacap-taskmaster-capture

    But I could not do this.
    I was not able to identify Taskmaster encryption keys because there were many of them.

    May be password should not change once a key is made, but this almost always goes against the client's security policy.


  • 4.  RE: dcskey import command never worked

    Posted Fri November 20, 2020 11:19 AM
    Are you doing a single-server (single-box) installation of Datacap? The Windows 2016 machine that you mentioned is your server and not a client workstation. Is that correct?

    ------------------------------
    Manesh Gurav
    ------------------------------



  • 5.  RE: dcskey import command never worked

    Posted Mon November 23, 2020 08:21 PM
    Yes.  The Windows 2016 Server is the single-server (single-box) installation of Datacap.


    ------------------------------
    dsakai
    ------------------------------