84 views

Symptoms


With Edge Encryption configurations created on the instance, running Mass Encryption Job or Mass Decryption Job will fail with one of the following errors:
  • Error - <table.column> is an encrypted field. Will not decrypt.
  • Error - <table.column> is an encrypted field. Will not encrypt.
This error can also occur if you disable an Edge Encryption Configuration on a column field and then create a new record that updates the Configuration field that was disabled via the proxy but it still gets encrypted even though the Configuration is disabled.  The field should not get encrypted because the Configuration is no longer Active on the instance. 
 
In this condition, during proxy startup errors like the following example are in the proxy edgeencryption.log file:
 
2018-03-28 08:08:55,323 ERROR Encryption configuration for table task was deleted from the ServiceNow instance
2018-03-28 08:08:55,323 ERROR Encryption configuration for field task.short_description was deleted from the ServiceNow instance
2018-03-28 08:08:55,323 ERROR Encryption configuration for field task.description was deleted from the ServiceNow instance
2018-03-28 08:08:55,323 ERROR 3 records were deleted from the encryption configuration table. Contact support to restore the encryption configurations.
 
If a Mass Decryption Job is run, the following example error occurs:
2018-03-28 08:23:45,320 WARN Unable to queue job 007e19b20fc95380e0ad96d552050e27 from instance
java.lang.IllegalArgumentException: task.short_description is an encrypted field. Will not decrypt.
at com.snc.edgeencryption.jobs.mass_encryption.MassFieldDecryptionJob.<init>(MassFieldDecryptionJob.java:25)
at com.snc.edgeencryption.jobs.CloudEdgeJobFactory.createMassDecryptionJob(CloudEdgeJobFactory.java:131)
at com.snc.edgeencryption.jobs.CloudEdgeJobFactory.createJob(CloudEdgeJobFactory.java:94)
at com.snc.edgeencryption.jobs.CloudEdgeJobManager.queueJob(CloudEdgeJobManager.java:75)
at com.snc.edgeencryption.CloudEdgeConfigClient.processAssignedJobs(CloudEdgeConfigClient.java:450)
at com.snc.edgeencryption.CloudEdgeConfigClient.updateJobs(CloudEdgeConfigClient.java:379)
at com.snc.edgeencryption.CloudEdgeConfigClient.ping(CloudEdgeConfigClient.java:260)
at com.snc.edgeencryption.CloudEdgeConfigClient.periodicPing(CloudEdgeConfigClient.java:239)
at com.snc.edgeencryption.CloudEdgeConfigClient.access$400(CloudEdgeConfigClient.java:82)
at com.snc.edgeencryption.CloudEdgeConfigClient$CloudEdgeConfigClientPing.run(CloudEdgeConfigClient.java:819)
at java.lang.Thread.run(Thread.java:745)
2018-03-28 08:23:45,320 INFO Job 007e19b20fc95380e0ad96d552050e27 queued
2018-03-28 08:23:45,367 INFO Job 007e19b20fc95380e0ad96d552050e27 started
2018-03-28 08:23:45,367 ERROR Job 007e19b20fc95380e0ad96d552050e27 caught exception during execution
com.snc.edgeencryption.jobs.InvalidJobException: java.lang.IllegalArgumentException: task.short_description is an encrypted field. Will not decrypt.
at com.snc.edgeencryption.jobs.InvalidJob.execute(InvalidJob.java:16)
at com.snc.edgeencryption.jobs.AJob.run(AJob.java:44)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.IllegalArgumentException: task.short_description is an encrypted field. Will not decrypt.
at com.snc.edgeencryption.jobs.mass_encryption.MassFieldDecryptionJob.<init>(MassFieldDecryptionJob.java:25)
at com.snc.edgeencryption.jobs.CloudEdgeJobFactory.createMassDecryptionJob(CloudEdgeJobFactory.java:131)
at com.snc.edgeencryption.jobs.CloudEdgeJobFactory.createJob(CloudEdgeJobFactory.java:94)
at com.snc.edgeencryption.jobs.CloudEdgeJobManager.queueJob(CloudEdgeJobManager.java:75)
at com.snc.edgeencryption.CloudEdgeConfigClient.processAssignedJobs(CloudEdgeConfigClient.java:450)
at com.snc.edgeencryption.CloudEdgeConfigClient.updateJobs(CloudEdgeConfigClient.java:379)
at com.snc.edgeencryption.CloudEdgeConfigClient.ping(CloudEdgeConfigClient.java:260)
at com.snc.edgeencryption.CloudEdgeConfigClient.periodicPing(CloudEdgeConfigClient.java:239)
at com.snc.edgeencryption.CloudEdgeConfigClient.access$400(CloudEdgeConfigClient.java:82)
at com.snc.edgeencryption.CloudEdgeConfigClient$CloudEdgeConfigClientPing.run(CloudEdgeConfigClient.java:819)
... 1 more
2018-03-28 08:23:45,383 INFO Job 007e19b20fc95380e0ad96d552050e27 completed

Cause


The Edge Encryption configurations have become desynchronized from the configurations stored on the proxies.

Resolution


To resynchronize the Edge Encryption Configurations:
  1. Shut down one proxy.

  2. In the /conf subdirectory of the proxy installation directory, move the encryptionconfiguration.json file to a backup location.

  3. In the proxy installation directory, move all the files from the /rules subdirectory to a backup location.

  4. Start the proxy.

  5. Repeat these steps for all proxies that that show any of the logging error examples.

 

Article Information

Last Updated:2018-04-02 18:44:05
Published:2018-04-03