Over the past eight weeks we have seen several support cases where users of Aginity Pro on MacOS have had Pro crash upon opening. This occurs right after changing their password as dictated by their organization’s Network Account Server rules. It appears that only Macs that use domain authentication are impacted by this.
We believe the root cause is a bug in MacOS itself where it is not preserving your passwords as expected when you attempt to update the Keychain password but instead it appears to regenerate a new Keystore thereby causing Aginity Pro to generate an new encryption key (as if it were a brand new install) that does not match the existing encrypted application database. This ultimately causes the crash since the keys don’t match.
To find out if you are bound to a Network Account Server (NAS), navigate to System Preferences -> Users & Groups -> Login Options. See if there is anything listed under Network Account Server. If YES you are bound if NO you are not.
We believe as referenced in this article that this is a known issue with the Keystore on Mac Mojave O/S (10.14.4 and above). If you see the image below after resetting your password:
Short Term Work Around
You can do these steps to access your catalog whether you open Aginity Pro or have not opened it after a domain-password reset we can walk you through these steps after updating to restore your existing encryption key into the Mac Keystore and Aginity Pro will work fine. If you are at all confused please contact us at firstname.lastname@example.org and we can do this interactively with you to ensure it goes smoothly!
1. Open up Finder in Mac and hit Command+Shift+G to open up the Goto Folder box
2. Enter "~/Library/Keychains” to navigate to the users Keychain directory
3. In the Keychain directory you should see the old Keychain database file that was generated and archived when you hit the Update Keychain Password. The current one will be named login.keychain-db and you should see an archived one named login_renamed_1.keychain-db or the date and time should correspond to you hitting the Update Keychain Password button. Remember this file name for the next steps.
4. Launch the Keychain Access application by using the Apple Spotlight (CMD+Space) as shown:
5. Once you open it click the + button to add a new Keychain.
6. Add the archived keychain file (login_renamed_1.keychain-db or similar from Step 3)
8. Right click and select Unlock Keychain “filename”. You will need to enter in your old password (prior to the Domain change you just made) since this Keystore is the old one.
9. Search for the com.aginity.pro.database.key entry and Copy “com.aginity.pro.database.key” if you have not opened Aginity Pro or if you have opened Aginity Pro, Click on Copy Password to Clipboard.
10. If you have not Opened Aginity Pro, navigate to the top “login” keychain item and right click and select Paste “com.aginity.pro.database.key” as shown below since the entry does not exist, if you have opened Aginity Pro ignore this step and move onto Step 11.
11. If you have opened Aginity Pro there is a new entry for "com.aginity.pro.database.key" in the login Keychain but with the wrong encryption password. You will need to Right Click and choose Get Info, click the radio button for "Show Password", enter your current password twice and then Paste in the password from Step 9 as shown below. Don't forget to "Save Changes".
You know should be able to re-open Aginity Pro without error.
Aginity will remove the need to rely on Apple’s keychain in our next release.
What If None of this Works then What?
Re-installing Aginity Amp and Importing Catalog
Recovering SQL from Current Application Log
- After getting your log file saved as described above, please follow the Workaround section of this Knowledge Base Article to do a clean install of Aginity Pro. Most important you must remove or rename the ~/Library/Application Support/aginity-pro directory.
- To recover SQL statements from your query history, the best thing we can do is mine our Log file to get at the SQL that was stored in Catalog. This is time consuming and we realize frustrating but all the SQL you’ve written is captured here
- Start by Opening the Log File that you previously saved., “log.log"
- If you navigate to the top of the log and search for: "Execute query in provider:” it will display each SQL statement executed and you will get those that you have run before and added to catalog as shown below.
2019-09-18 10:26:03.568 [server] INFO [dw-277 - POST /api/rpc/db-browser] c.a.a.p.d.BaseDataProvider - Execute query in provider: "select
, ROW_NUMBER() OVER(ORDER BY ROWID) as ROWNUM
2019-09-18 10:26:04.214 [server] INFO [dw-277 - POST /api/rpc/db-browser] c.a.a.p.d.BaseDataProvider - Reading is finished and 2 rows are read.