Troubleshooting - Solution Configuration Manager - 23.1 - 23.1 - Brainware - external - Brainware/Solution-Configuration-Manager/23.1/Solution-Configuration-Manager-Installation-Guide/Troubleshooting - 2025-05-05 - This section describes various issues that users may face and their resolutions.

Login screen appears without labels

In the trace.log file: at Configurator.Web.Core.Localization.LocalizationHelper.DetectLanguage(String[] requestLanguages)

This problem occurs when you have an incorrect connection string or certificate issue. You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.

Similar issues for reference: Server Error, Keyset does not exist.

Server Error, Keyset does not exist

In the trace.log file: ERROR Configurator.Web.Core.Localization.LocalizationHelper (null) - System.ArgumentException: Key is null or emptyParameter name: publicAndPrivateKeyXmlat AEScryptkey.AsymmetricEncryption.Decrypt(Byte[] data, Int32 keySize, String publicAndPrivateKeyXml)at AEScryptkey.AsymmetricEncryption.DecryptText(String text, Int32 keySize, String publicAndPrivateKeyXml)at Configurator.Utility.CryptoHelper.Decrypt(String encryptedStr)

This problem occurs due to either of the following reasons:

• When you have an incorrect connection string or certificate issue.
• You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.
• Your “app pool” user does not have permission to read the private key of the certificate.

If you are using the SCM installer to create a self-signed certificate then you don’t need to provide the private key permission to the user, as the installer provides the necessary permission automatically. But if you are using an existing certificate then you must ensure that the user has permission to read the private key of that certificate.

For more details refer to SSL Certificate and Manage User Account Permissions for SSL Certificate .

Your connection is not private (Privacy error)

Note: The screen may vary based on what browser you are using.

This problem occurs due to either of the following reasons:

• You are using a self-signed certificate. A self-signed certificate should only be used for testing, KT or POC purposes. It is not recommended to use self-signed certificate in production server. It is normal to get security alerts while using self-signed certificates. If it is not a production server then you can simply ignore the message and proceed (which will be marked as unsafe option).
• You are using a certificate which is not valid or not trusted by your system. It is recommended that you use SCM after obtaining an SSL certificate from a reliable Certificate Authority (CA) and installing it. Once the proper certificate (trusted by your system) is installed, refer to Using an existing SSL certificate section in SSL Certificate for more details.

No trace.log found in the directory, trace.log is not getting generated

This may occur due to lack of write permission of the AppPool user in the installation directory.

Check permission of the pool user to the installation directory. Open IIS Manager and click on Application Pools on the left navigation pane. Then observe the “Identity” mentioned for “SCM Pool” (if installed with default pool name, otherwise select the proper pool name). In the following example the user / Identity is “NetworkService”.

This pool user must have read and write permission of the installation directory. Navigate to the installation directory (by default it is “C:\inetpub\wwwroot\SCMWeb”) and allow full control to the pool user as shown below.

Whichever account is used, the AppPool identity user must have read and modify permission on the web application's physical path and migration packet share(s). If appropriate permissions are not set, connection string passwords will be stored in plain text in the web.config file and no trace log will be created. This user must also have necessary permission to access to the private keys of the SSL certificate.

After the permissions are properly configured, in the next login to SCM web application, the trace log should be generated.

Passwords are not getting encrypted in web.config file

This problem occurs due to either of the following reasons:

• Lack of write permission of the AppPool user in the installation directory - You can follow the steps mentioned in the No trace.log found in the directory, trace.log is not getting generated error in this topic.
• Misconfiguration for certificate - For more details refer to SSL Certificate and Manage User Account Permissions for SSL Certificate .

Your account has been locked for too many failed login attempts

This error is thrown when a user tries multiple fail attempts (incorrect password). The account will be locked based on the “ResetTimeInterval” configured in the web.config file. After the “ResetTimeInterval” the account will be automatically unlocked.

For more information, refer to Configure failed login attempts for more details.

Login failing, no error message or reason provided in the UI

In the trace.log file: The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.

This may happen if you are using HTTP instead HTTPS without making configuration changes to allow HTTP. By default, the application is configured only for allowing HTTPS requests.

For more information, refer to the Manual Customization section in SSL Certificate.

Not Found error or HTTP Error 404. The requested resource is not found.

This error may happen due to either of the following reasons:

• You are trying to access the SCM application using “localhost” or “IP” in the URL.
• Use the FQDN name (server name) of your server to access the SCM application instead of “localhost” or IP address. Using the FQDN name in the URL will fix this issue.
• If you still want to use IP address or “localhost” instead of FQDN name in the URL, refer to the Frequently Asked Questions (FAQ) section.
• Some IIS components are missing - Refer to the SCM Technical Specifications and verify if any components are missing or not.

System error , in Configure Project after select project

In the trace.log file: at AEScryptkey.AsymmetricEncryption.DecryptText(String text, Int32 keySize, String publicAndPrivateKeyXml)

To resolve this issue, refer to Cannot decrypt password. Please change the existing password for Connection issue and follow the steps.

Can not decrypt password. Please change the existing password for Connection Number

This may occur due to either of the following reasons:

• The “CertificateHash” been manually updated after installation, but the application is using the old Solution Database connection strings generated by the old Certificate.
• Even after fresh installation if the old SCM database is still being referred to by the application, it indicates that the connection string for the solution databases are stored using some other TLS certificate than the one used while the new installation. This may happen if during installation, the existing SCM database option is selected, or manually modified in the web.config file.

For both the cases, follow the below steps:

1. Click Edit next to the connection number mentioned in the message in red color. This will make the row editable.
2. Enter the appropriate password and then click Test Connection. A confirmation message appears.
3. If the connection is successful, click Update. This will encrypt the password using current TLS certificate and update the database accordingly.
4. If the error persists for a different connection number, then repeat the same steps again for that connection number.

Key not valid for use in specified state

In the trace.log file: ERROR Configurator.Web.Global (null) - System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

This may occur if the certificate is imported from a .pfx file and while importing, the Mark this key as exportable option is not selected.

If you have the original .pfx file of that certificate then you need to delete the installed certificate and re-import from the .pfx file and select the Mark this key as exportable option while importing.

Refer to the above screenshot (while importing certificate from .pfx file).

Privacy error with no link to proceed

In some cases, instead of the login page, a page similar to the screenshot may appear. This page does not have any options to proceed furthur.

This may occur if SCM is installed with a preexisting certificate, where the “Host Name” in the binding of default website is preconfigured as blank.

To fix this issue you can either openSCM in different browser like Microsoft Edge, or configure the “Host Name” with the FQDN name of the server in the SSL binding of the default website.

Internal Server Error, the requested page can’t be accessed because the related configuration data for the page is invalid

This may happen if the version of oracle.manageddataaccess.client used in the SCM applicationdoes not match with the version mentioned in the machine.config file in the host system.

You have to update the oracle.manageddataaccess.client version in the machine.config file (default location C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config) with the version mentioned in the SCM application’s web.config file.

Open the machine.config file from the above mentioned location and update the oracle.manageddataaccess.client with the version mentioned in the SCM application’s web.config file.

Machine.config file example: <section name="oracle.manageddataaccess.client" type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.122.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342" />