Chat now with support
Chat with Support

Defender 6.5 - Administration Guide

Getting started Managing Defender objects in Active Directory Configuring security tokens Securing VPN access Securing Web sites Securing Windows-based computers Defender Management Portal (Web interface) Securing PAM-enabled services Delegating Defender roles, tasks, and functions Automating administrative tasks Administrative templates Integration with Active Roles Push Notifications Appendices
Appendix A: Enabling diagnostic logging Appendix B: Troubleshooting common authentication issues Appendix C: Troubleshooting DIGIPASS token issues Appendix D: Defender classes and attributes in Active Directory Appendix E: Defender Event Log messages Appendix F: Defender Client SDK Appendix G: Defender Web Service API

Changing password for encrypted database

To change the password

  1. In IIS Manager, stop the Defender Web Interface site.
  2. On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
    1. In the Old Password box, type the password with which the database was encrypted.
    2. In the New Password and Confirm New Password boxes, type the new password with which you want to encrypt the database.
    3. Click Apply, and then close the dialog box.
  3. Use the aspnet_regiis.exe tool to decrypt the database connection string in the Web.config file, so that you can specify the new password in that file. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to decrypt the database connection string in the Web.config file on an x86 system:

%WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW"

  1. In the Web.config file, update the database connection string with the new password:
    1. In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
    2. In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to include the new password. Example:

      connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091;password=NewDatabasePassword"

      where NewDatabasePassword is the password you have set in Step 2 of this procedure.

    3. Save and close the Web.config file.
  2. Use the aspnet_regiis.exe tool to encrypt the database connection string in the Web.config file, so that the password is not displayed as plain text. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to encrypt the database connection string on an x86 system:

    %WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pef "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW" -prov "DataProtectionConfigurationProvider"

  3. In IIS Manager, start the Defender Web Interface site.

Decrypting database

To decrypt the database

  1. On the Defender Management Portal computer, run DBEncrypt.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools, and complete the dialog box that appears:
    1. Clear the Encrypt Database check box.
    2. In the Old Password box, type the password with which the database was encrypted.
    3. Click Apply, and then close the dialog box.
  2. Use the aspnet_regiis.exe tool to decrypt the database connection string in the Web.config file. You can find aspnet_regiis.exe in one of these folders:
    • On an x86 system - %WinDir%\Microsoft.NET\Framework\v4.0.30319
    • On an x64 system - %WinDir%\Microsoft.NET\Framework64\v4.0.30319

    Sample command to decrypt the database connection string in the Web.config file on an x86 system:

    %WinDir%\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe -pdf "connectionStrings" "%ProgramFiles%\One Identity\Defender\Management Portal\WWW"

  3. In the Web.config file, update the database connection string to remove the password:
    1. In a text editor, open the Web.config file located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\WWW
    2. In the Web.config file, locate the <connectionStrings> element, and modify the SelfReg.sdf connection string within that element to remove the password. Example:

      connectionString="data source=|DataDirectory|\SelfReg.sdf;Max Database Size=4091"

    3. Save and close the Web.config file.

DB Migration

By default, the Defender Management Portal uses SQL Server Compact database. However, from Defender release 6.3.1 and above SQL Server Express database can be used as the Management Portal database. This tool can be used to switch the Defender database from SQL Compact to SQL Express.

To migrate the database

  1. On the Defender Management Portal computer, run DBSwap.exe located in the folder %ProgramFiles%\One Identity\Defender\Management Portal\Tools.
  2. Select the checkbox for “Switch to SQL Express”.
  3. Click on Submit button, database is switched to SQL Express successfully.
  4. On the warning message displayed:

    1. If you are switching to SQL Express database for the first time:
      -clicking on Yes will switch database to SQL Express successfully.
      -clicking on No, you will have to switch back to Compact database.
    2. If you are already using the SQL Express database for Management portal, clicking Yes will overwrite the data on Express databases with data from the SQL Compact databases.
  5. Similarly, select checkbox for “Migrate logs from Compact Databases to Express Databases” and click on Submit button, logs will be migrated successfully.

Note: The data in the destination database will be overwritten after the migration. Hence it is recommended to use this option only while switching to SQL Express for the first time to avoid any data loss.

Defender Security Server log cache

Each Defender Security Server generates logs, which are retrieved by the Log Receiver Service running on the Defender Management Portal computer. The retrieved logs are then used to do the following:

  • Display authentication statistics on the Dashboard tab of the Defender Management Portal.
  • Provide troubleshooting information on the Helpdesk tab of the Defender Management Portal.
  • Display information on the Actions tab of the Defender Management Portal.

Defender Security Servers deployed in your environment automatically detect the Log Receiver Service and provide their logs to the service.

In situations where the connection between the Defender Security Server and the Log Receiver Service is interrupted, the logs to be sent to the service are cached in a .dat file on the Defender Security Server. After the connection is restored, the log data cached in the .dat file is sent to the Log Receiver Service.

If the Log Receiver Service is running and the connection between this service and the Defender Security Server is working properly, the .dat file should not grow in size.

On a Defender Security Server, you can find the .dat file in the following folder:

%ProgramFiles%\One Identity\Defender\Security Server\Logs

The name of the .dat file has the following format:

<ServerName>.LogQueue.dat

Where <ServerName> is the name of the computer on which the Defender Management Portal is installed.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating