Update to GoldMine 2018.2 Causes Failures

If you update from GoldMine 2018.1 to 2018.2 using the default installation options, you will likely fail to get into GoldMine after the update.

Maybe you didn’t have time to read the 78-page installation guide or the 8-page, 50-item readme before you updated GoldMine to 2018.2. Here are a couple errors you’re likely to run into.

Issue #1 – Encryption

GoldMine now implements encryption in the database connection. (This has nothing to do with GoldMine Web encryption.) If you leave this setting as its default during installation:

GM 2018.2 update 1

You will likely encounter this error when trying to start GoldMine:  “SSL Provider:  The certificate chain was issued by an authority that is not trusted.”

GM 2018.2 update 1

This means SQL server is using a certificate that wasn’t issued by a widely-trusted Certification Authority, probably a self-signed certificate, GoldMine refuses to run.

Your options are to install and configure a trusted certificate on your SQL server (not documented in the GoldMine installation guide), or to tell GoldMine to trust self-signed certificates. For the latter, find your dbalias.ini file (in GoldMine’s root folder) and change TRUSTSELFSIGNEDCERTIFICATES to “yes”:

[Security]
TRUSTSELFSIGNEDCERTIFICATES=yes

Issue #2 – Login Fails

Once you solve the certificate issue and try to log in, the login will probably fail with “Could not login into GoldMine. Incorrect Password!”:

GM 2018.2 update 3

If you try and fail three times, the account will be locked out:  “You account has been blocked. Please contact your GoldMine Administrator for assistance.”

GM 2018.2 update 4

This is documented, somewhat confusingly, in the readme as item 6:  “In GoldMine 2018.2 version we added password complexity rules and password validation on login. In previous versions, passwords were saved in the database using upper case letters. Existing users that do not change their password after the upgrade must enter their password using upper case letters at login in GoldMine Premium Edition or GoldMine Connect. ”

What they fail to tell you is that as IMMEDIATELY AFTER THE UPGRADE, YOU MUST LOG IN WITH ALL CAPS or your login will fail. Once you log in successfully, you can go to Tools > User Settings > Properties and change you password, typing with upper and lower case case as usual. After that, you can go back to using your mixed-case password.

This issue is documented fairly well in this help desk article:  https://community.ivanti.com/docs/DOC-69376.

If you are the unlucky person who locked yourself out of your only master-user account, meaning you can’t log on to unlock the locked account, you’ll have to follow a special procedure to temporarily re-register GoldMine and create a secondary master user as a back door:  https://community.ivanti.com/docs/DOC-49650. Hopefully you have a copy of your GoldMine license key stored outside of GoldMine; you’ll need it to re-register.

Not an Issue – Read-Only Database Alias

Another security enhancement is that you now need a separate database user (with read-only privileges) if you want to use SQL queries or filters from inside GoldMine. This will prevent accidental or malicious direct updates to the database. Fortunately, in this case, GoldMine did add a pane to the installation wizard that clearly explains this requirement:

GM 2018.2 update 5

This is a non-blocking requirement, i.e. you can still log in to the database even before you create the extra user. Following the instructions in this installer pane, I was able to quickly find the correct place to provide a read-only database user:

GM 2018.2 update 6

It’s a good thing that GoldMine is implementing better security. It would be even better if they provided clear instructions during the upgrade (not just in the readme) about the implications of database encryption and password case.

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.

This site uses Akismet to reduce spam. Learn how your comment data is processed.