LAN Crypt Admin Windows Database Integrity Check, Repair, and Migration to LAN Crypt Admin Windows Version 11 with the CheckDatabase Console Tool

Functionality of the CheckDatabase Console Tool
Prerequisites for Use
3 Using the CheckDatabase Console Tool
Technical support
Legal notice

Functionality of the CheckDatabase Console Tool

The CheckDatabase console tool offers comprehensive support for administering the LAN Crypt database and includes three main functions:

Integrity Check and Repair: Verifies MAC values to determine if database entries have been manually manipulated and repairs them if necessary.
Certificate Validation: Checks certificate entries in the database for consistency.
Database Migration: Allows a secure and easy migration of the database structures to the optimized structures of LAN Crypt Admin Windows Version 11, improving database performance.

Prerequisites for Use

In the folder LCAdmin\install\CheckDatabase, you will find the 32-bit binary CheckDatabase.exe and the three required .DLL files: lcda.dll, sglcapi.dll, and SGLCScriptApiV4.dll. These files are necessary for the application to function.

3 Using the CheckDatabase Console Tool

To use CheckDatabase.exe, ensure you are in the console in the same directory as the .exe file and the three .DLL files.

Overview of the Console Tool Parameters:

Parameter	Description
`-?`, `-h`, `--help`	Displays the help screen
`-r`, `--repair`	Repairs/replaces hash values to restore database integrity
`-m`, `--migrate`	Migrates to new certificate data structures in LAN Crypt Admin Windows Version 11 (performance improvement)
`-o`, `--owner`	Database owner, default = dbo
`-d`, `--odbc`	ODBC name, default = SGLCsqlServer
`-u`, `--user`	Database username, default = Windows user credentials
`-p`, `--password`	Database password, default = Windows user credentials
`-s`, `--so`	LAN Crypt Security Officer, default = Master Security Officer
`--sqlDialect`	SQL dialect, default = 0 (Microsoft), 1 (Oracle)
`-l`, `--limit`	Limits the number of specific certificate entries displayed during certificate checks in the console, default = 100

Note

The parameters -r/--repair and -m/--migrate cannot be used simultaneously.

Checking the Database

To check the status of the database, use a command such as:

CheckDatabase.exe -o <database owner> -d <ODBC name> -u <database user name> -p <database password>

The database will be checked against three criteria, and the analysis results will be displayed in the console: MAC errors, missing CertData entries, and missing CertificationMeta entries.

MAC errors indicate integrity violations in the database. If data has been manually manipulated, the associated MAC entry (hash value) no longer matches. Such errors can affect the functionality of the administration. Missing CertData entries mean that information about created certificates is missing from the database.

Note

If MAC errors or missing CertData entries are found during the database analysis, it is recommended to manually check the data.

Missing CertificationMeta entries indicate that certain database entries have not yet been migrated to the optimized database structure of LAN Crypt Admin Windows Version 11.

Repairing MAC Errors

If MAC errors are detected during the database check, the MAC values can be repaired. However, the original state of the database before manual manipulation will not be restored. Instead, the MAC values will be adjusted to the modified data.

Example command for repair:

CheckDatabase.exe -r -o <database owner> -d <ODBC name> -u <database user name> -p <database password>

Migrating the Database Structure to Version 11

To improve performance when accessing certificates, migrating the database to version 11 of the administration is recommended. In this process, the database structures for certificates are expanded, and CertificationMeta entries are created for all valid user certificates.

Example command for migration:

CheckDatabase.exe -m -o <database owner> -d <ODBC name> -u <database user name> -p <database password>

Alternative example for migration with default configuration:

CheckDatabase.exe -m

Technical support

To access technical support for Utimaco products do the following:

All maintenance contract customers can access further information and/or knowledge base items at the following link support.Utimaco.com. As a maintenance contract customer, send an email to technical support using the support@Utimaco.de email address and let us know the exact version number, operating system and patch level of your Utimaco software and, if applicable, a detailed description of any error messages you receive or applicable knowledge base items.

Legal notice

Copyright © 2024 Utimaco IS GmbH, 2018 - 2024 conpal GmbH, 1996 - 2018 Sophos Limited and Sophos Group. All rights reserved. conpal®, AccessOn® and AuthomaticOn® are registered trademarks of conpal GmbH.

All other product and company names mentioned are trademarks or registered trademarks of their respective owners.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise unless you are either a valid license where the documentation can be reproduced in accordance with the license terms or you otherwise have the prior permission in writing of the copyright owner.

You find copyright information on third party suppliers in the 3rd Party Software document in your product directory.

Last updated 05.09.2024