Debugging password encryption problems in the agent

Debugging agent communications involves agent and engine components.

Check the following issues if there are problems after you enable password encryption:

If all of those checks are done but the problem persists, try enabling trace and examining the output logs. To enable trace, do the following:

  1. Open bfagent.conf.
  2. Uncomment the following line:
    activity_log bfagent.log

    You can specify another path instead of bfagent.log.

Path issues with bfcrypt.dll

In bfagent.conf, the password_encrypt_module property must point to the correct path to bfcrypt.dll. Example:

password_encrypt_module /opt/buildforge/bfcrypt.dll
With trace turned on, a problem with this path is indicated by output like the following:
[    8928] bfcryptloader.c : 208: Loading password encryption module.
[    8928] bfcryptloader.c : 223: module: bfcrypt
[    8928] bfcryptloader.c : 232: Loading module: C:/BuildForge71.181.Agent/bfcr
ypt.dll
[    8928] bfcryptloader.c : 262: Failed loading DLL, error code = 0

A successful load produces output like the following:


[   12248] bfpwdlocloader.c: 134: Looking for password locator: ssl_key_password_locator
[   12248] bfpwdlocloader.c: 244: Looking for password for prop ssl_key_password from bfagent.conf.
[   12248] bfcryptloader.c : 208: Loading password encryption module.
[   12248] bfcryptloader.c : 223: module: bfcrypt
[   12248] bfcryptloader.c : 232: Loading module: ./bfcrypt.dll
[   12248] bfcryptloader.c : 269: Loading procedure bfcrypt_init.

Failed password decryption

When a password fails to decrypt because of the wrong key or some other reason, the log contains a line like the following:
[    4912] agent.c         : 237: AUTH failed

If you are sure that the password is correct, you can further diagnose the problem. Enable debugging for the bfcrypt.dll module. To enable debugging, set the following environment variable:

BFDEBUG_SECURITY=1

It needs to be set globally if the agent is running as a service.

Debug output is placed in bfcrypt.txt in the directory where the agent is launched.

The following output indicates that the correct key is not in bfpwcrypt.conf on the agent:


load_keys_from_file: Parsed 1 key configurations.decrypt: 
    Looking for key matching info: 922492fe0c4010008304c3670e1e0e1e, length=32
decrypt: Comparing against: 4d553f110c401000ac08000051f651f6, length=32
decrypt: Warning!  No matching key found.

The following output indicates a correct key match:


load_keys_from_file: Parsed 2 key configurations.decrypt: 
    Looking for key matching info: 922492fe0c4010008304c3670e1e0e1e, length=32
decrypt: Comparing against: 7427ab360c4010008f9d000049664966, length=32
decrypt: Comparing against: 922492fe0c4010008304c3670e1e0e1e, length=32
decrypt: Found match: 922492fe0c4010008304c3670e1e0e1e, length=32


Feedback