Changing the Security Configuration

The security configuration of inmation components can be changed at runtime. Note that the connection mode (passive or active) cannot be changed at runtime currently.

Changing the Security Mode

Multiple security modes are currently only supported by the Connector component. Changing the configuration has different effects depending on the current state of the connection between the involved inmation components.

Connection not Established

If a connection to the component is not yet established, changing the security mode in case of a passive component selects the mode and passphrase the Core component uses to connect to the remote component. In case of an active component, a change selects the protocol and passphrase the Core component assumes to be used by the remote component when it tries to establish a connection.

Connection Established

If a connection is successfully established, a security mode change is communicated to the remote component which then disconnects and re-configures itself. In case of a passive remote component, the Core will re-connect using the new security mode. An active remote component will try to establish a new connection to the Core service after it re-configured itself.

A security mode change together with a passphrase change will not communicate the changed passphrase to the remote component.

Changing the Passphrase

A passphrase change is communicated to the remote component only if the security mode did not change at the same time. In this case, the remote component stores the new passphrase and disconnects the current connection.

Using an empty passphrase will use the factory default passphrase.

Troubleshooting

Connection errors can occur due to many different reasons:

  1. General network connectivity problems such as:

    • Unreachable network address (link down, host down, firewall issues, etc.)

    • Name resolution errors

    • inmation Service not running

  2. Wrong security configuration

    • Mismatched security modes

    • Wrong passphrase

Use the following checklist to trouble-shoot connection problems:

  • From the machine running the Core service, try to ping the host running a passive inmation component

  • For active components, try to ping the host running the inmation Core service from the machine running the component service

  • Make sure that the Communication properties of the remote component object match its current security configuration (security mode and passphrase)

Resetting Lost Passphrase

In case the core cannot connect to a component and you don’t know which passphrase the component is listening for, you can reset the passphrase. There are two different ways that you can reset the passphrase, but the first approach is recommended.

Connect with a temporary password

For simplicity, the instructions below describe the process with an example for the connector service, but it also works with server, relay and local core.

  1. Stop the Windows service.

  2. Run the following command: inmation.exe -e connector --passphrase-clear <temporary_pwd> (Make sure the passphrase conforms to the password policy)

  3. Change the SRP passphrase of the Connector to the temporary passphrase and wait until the Connector connected.

  4. Change the SRP passphrase property of the Connector (e.g. in DataStudio) to the new passphrase.

  5. The Connector disconnects now.

  6. Stop the command from step 2.

  7. Start the windows service again. Core and connector should now be able to connect.

If the service image file is reset later then the component will use the passphrase specified during installation. See Service Installation

Reset the passphrase to the factory default

This approach works similar for connector, server and relay. It does not work for local cores.

  1. Stop the Windows service.

  2. Run the following command: inmation.exe -e connector --reset passphrase --launch 0

  3. Wait until the command automatically exits.

  4. Start the Windows service.

  5. Change the SRP passphrase of the Connector object to null.

  6. Wait until the component sucessfully connected.

  7. Now change the passphrase to the desired value.

If you reset the passphrase then the password specified during setup is deleted. If the service image file is reset later then the connector will listen for the factory default password and not the password that was given during the installation. See Service Installation