Connecting Robot throws: Encryption Failed

News Knowledge Base
,
1

Connecting Robot throws: Encryption Failed

Issue Description

Connecting Robot throws: Encryption Failed.

Below are a few ways in which the error may present itself.

Studio Error:

UiPath.Orchestrator.Core.Exceptions.LocalizedException: Error code - 1021, Message - 'Encryption failed.' ---> System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
 at int Internal.Cryptography.UniversalCryptoDecryptor.GetPaddingLength(ReadOnlySpan block)
 at int Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(ReadOnlySpan inputBuffer, Span outputBuffer) x 2
 at byte[] Internal.Cryptography.UniversalCryptoTransform.TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
 at async ValueTask System.Security.Cryptography.CryptoStream.ReadAsyncCore(Memory buffer, CancellationToken cancellationToken, bool useAsync)

Orchestrator Error:

UiPath.Orchestrator.Core.Exceptions.LocalizedException: Error code - 1021, Message - 'Encryption failed.' ---> System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters. at byte[] Convert.FromBase64CharPtr(Char* inputPtr, int inputLength) at byte[] 
UiPath.Orchestrator.Core.Exceptions.LocalizedException: Error code - 1021, Message - 'Encryption failed.' ---> System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
 at int Internal.Cryptography.UniversalCryptoDecryptor.GetPaddingLength(ReadOnlySpan block)
 at int Internal.Cryptography.UniversalCryptoDecryptor.UncheckedTransformFinalBlock(ReadOnlySpan inputBuffer, Span outputBuffer)

Root Causes

The cause of this typically means that a setting in Orchestrator that gets encrypted has become corrupted. If this error is seen, it could mean the following:

  1. The encryption key in Orchestrator changed. This should not happen and would only happen with user intervention.
  2. An encrypted value in the DB is corrupted. Its possible that the issue would not have been noticed until after upgrading to 23.4. If this is the case it would most likely be related to deployment settings. The cause of this would probably be user interaction (i.e. they accidently modified the DB.)


Diagnosing

  1. If this happens with Automation Cloud, just open a ticket with UiPath. Include the Robot logs and application event logs from the Bot machine.
  2. Check the timestamp of the UiPath.Orchestrator.dll.config file.
    1. It is located at: C:\Program Files (x86)\UiPath\Orchestrator\UiPath.Orchestrator.dll.config
    2. If the file has been changed, check to see if the encryption key was modified. (Search for 'EncryptionKey')
    3. If the file was not changed, or it can be confirmed the encryption key was not changed, continue on.
    4. If the file was changed, try restoring the previous version.
  3. Try and determine if there were any other recent changes outside of manual modification or upgrade. For example, if there was a migration of Orchestrator to a different server, etc. Anything where the encryption key might have gotten changed or regenerated. If there was a change, document what the change was. (In most cases it would be migration in which an Orchestrator install was done to a blank DB and then pointed to a previously existing DB. The encryption key has to be valid and that means it would have to be changed through a tool and not by a user.)
    1. If the encryption key was changed due to some recent activity, try and restore it to the previous value.
    2. Make sure to document what the changes were that lead to this issue.
  4. If the issue occurred after an upgrade or none of the other steps above have helped, try the following:
    1. Login to the tenant that the Robot is trying to connect to.
    2. Go to Tenant->Settings->Deployment
    3. If using external deployment settings with secure authentication, try re-entering the password.
    4. If Internal Deployment is used, switch to external deployment with secure authentication and see if any credentials exist. If they do exist, try re-entering the password. (There are some cases where this can happen after an upgrade to 23.4.X. It could be that the encryption key was updated in the past and this setting was not updated as well. But it only affects 23.4+)
  5. After the above, try connecting the Robot again.
  6. If it connects, try to test if the Robot can still fetch credential assets/run unattended. If the encryption key was changed, all Unattended Robot credentials and credential assets would need to be regenerated.
  7. If none of the above helps, raise a ticket with UiPath and include the following:
    1. Event logs from the Robot and Orchestrator: https://uipath-survey.secure.force.com/CaseView/articles/Knowledge/How-to-get-Application-Logs-from-the-Event-Viewer?lang=en_US
    2. Info about what has changed in the system.
    3. Any information collected in the above steps.