Insight Discovery license fails with "Cannot decrytp text" on Windows
Platform notice: Server and Data Center only. This article only applies to Atlassian products on the Server and Data Center platforms.
Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Problem
License is not being accepted when configuring Discovery application, causing it to crash after the settings save the first time. Users cannot use it at all after adding the license.
The following appears in the cmd log
C:\Users\ha-a\Desktop\Discovery_2.28.1.0\Discovery>
C:\Users\ha-a\Desktop\Discovery_2.28.1.0\Discovery>Discovery.exe -s
1/10/2021 4:42:04 PM : Error decrypting text.
1/10/2021 4:42:04 PM : Exceptions:
1/10/2021 4:42:04 PM : Cannot decrytp text.
at Insight.Discovery.ProviderClasses.LicenseProvider.Decrypt(String textToDecrypt) in C:\SourceCode\discovery_repo\ProviderClasses\LicenseProvider.cs:line 190
Show Setting Dialog...
1/10/2021 4:42:08 PM : Fatal error by loading credential list
1/10/2021 4:42:08 PM : Exceptions:
1/10/2021 4:42:08 PM : Attempting to deserialize an empty stream.
at Insight.Discovery.Tools.ObjectSerializer.DeserializeObject[T](String file, SerializeType sType) in C:\SourceCode\discovery_repo\DiscoTools\ObjectSerializer.cs:line 125
at Insight.Discovery.InfoClasses.CredentialList.Load(String password, String appPath) in C:\SourceCode\discovery_repo\InfoClasses\CredentialList.cs:line 119
1/10/2021 4:42:11 PM : Error decrypting text.
1/10/2021 4:42:11 PM : Exceptions:
1/10/2021 4:42:11 PM : Cannot decrytp text.
at Insight.Discovery.ProviderClasses.LicenseProvider.Decrypt(String textToDecrypt) in C:\SourceCode\discovery_repo\ProviderClasses\LicenseProvider.cs:line 190
Settings saved...Cause
There is some configuration on the host server that is blocking the decryption of the Discovery application license. If the system is blocking the decryption of the license, it will not be possible to use the tool on that system as the Discovery Tool will have to decrypt Credentials to be used during the scan.
When setting a secured Network, tools comes first, to enable their functionality, then hardening protocol step by step.
Resolution
We need to exclude that group policy for the Discovery Tool server and then harden the policies for this server.
The group policy blocking the decryption of the license is most probably "System cryptography - Use FIPS compliant algorithms".
Looking into the Windows event log can provide us more information around which group policy is responsible for this problem. Contact the Network administrator to troubleshoot this further.
For encryption / decryption Discovery uses AES-256 algorithm which is used everywhere (Creditcards, WiFi and more).
For discovery it is salted with local server information, for which access may be blocked by the Group policy, hence the tool must be allowed to access Server information - for its own Security.