Troubleshooting - Troubleshooting - This section describes various issues that users may face and their resolutions. - Brainware - Solution Configuration Manager - Brainware/Solution-Configuration-Manager/25.2/Solution-Configuration-Manager-Installation-Guide/Troubleshooting - 25.2 - 25.2

Solution Configuration Manager Installation Guide
Platform
Brainware
Product
Solution Configuration Manager
Release
25.2
License
ft:lastPublication
2026-03-19T22:07:50.717227
ft:locale
en-US

This section describes various issues that users may face and their resolutions.

Login screen appears without labels

In the trace.log file: at Configurator.Web.Core.Localization.LocalizationHelper.DetectLanguage(String[] requestLanguages)

This problem occurs when you have an incorrect connection string or certificate issue. You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.

Similar issues for reference: Server Error, Keyset does not exist.

Server Error, Keyset does not exist

In the trace.log file: ERROR Configurator.Web.Core.Localization.LocalizationHelper (null) - System.ArgumentException: Key is null or emptyParameter name: publicAndPrivateKeyXmlat AEScryptkey.AsymmetricEncryption.Decrypt(Byte[] data, Int32 keySize, String publicAndPrivateKeyXml)at AEScryptkey.AsymmetricEncryption.DecryptText(String text, Int32 keySize, String publicAndPrivateKeyXml)at Configurator.Utility.CryptoHelper.Decrypt(String encryptedStr)

This problem occurs due to either of the following reasons:

  • When you have an incorrect connection string or certificate issue.
  • You are either providing wrong hash of the certificate or selected a wrong certificate or the certificate does not exist.
  • Your “app pool” user does not have permission to read the private key of the certificate.

If you are using the SCM installer to create a self-signed certificate then you don’t need to provide the private key permission to the user, as the installer provides the necessary permission automatically. But if you are using an existing certificate then you must ensure that the user has permission to read the private key of that certificate.

For more details refer to Work with the SCM Certificate and Manage User Account Permissions for SSL Certificate .

Your connection is not private (Privacy error)

Note: The screen may vary based on what browser you are using.

This problem occurs due to either of the following reasons:

  • You are using a self-signed certificate. A self-signed certificate should only be used for testing, KT or POC purposes. It is not recommended to use self-signed certificate in production server. It is normal to get security alerts while using self-signed certificates. If it is not a production server then you can simply ignore the message and proceed (which will be marked as unsafe option).
  • You are using a certificate which is not valid or not trusted by your system. Refer to Work with the SCM Certificate for more details.

No trace.log found in the directory, trace.log is not getting generated

This may occur due to lack of write permission of the AppPool user in the installation directory.

Check permission of the pool user to the installation directory. Open IIS Manager and click on Application Pools on the left navigation pane. Then observe the “Identity” mentioned for “SCM Pool” (if installed with default pool name, otherwise select the proper pool name). In the following example the user / Identity is “NetworkService”.

This pool user must have read and write permission of the installation directory. Navigate to the installation directory (by default it is “C:\inetpub\wwwroot\SCMWeb”) and allow full control to the pool user as shown below.

Whichever account is used, the AppPool identity user must have read and modify permission on the web application's physical path and migration packet share(s). If appropriate permissions are not set, connection string passwords will be stored in plain text in the web.config file and no trace log will be created. This user must also have necessary permission to access to the private keys of the SSL certificate.

After the permissions are properly configured, in the next login to SCM web application, the trace log should be generated.

Passwords are not getting encrypted in web.config file

This problem occurs due to either of the following reasons:

Your account has been locked for too many failed login attempts

This error is thrown when a user tries multiple fail attempts (incorrect password). The account will be locked based on the “ResetTimeInterval” configured in the web.config file. After the “ResetTimeInterval” the account will be automatically unlocked.

For more information, refer to Configure failed login attempts for more details.

Login failing, no error message or reason provided in the UI

In the trace.log file: The application is configured to issue secure cookies. These cookies require the browser to issue the request over SSL (https protocol). However, the current request is not over SSL.

This may happen if you are using HTTP instead HTTPS without making configuration changes to allow HTTP. By default, the application is configured only for allowing HTTPS requests.

For more information, refer to Work with the SCM Certificate.

Not Found error or HTTP Error 404. The requested resource is not found.

This error may happen due to either of the following reasons:

  • You are trying to access the SCM application using “localhost” or “IP” in the URL.
  • Use the FQDN name (server name) of your server to access the SCM application instead of “localhost” or IP address. Using the FQDN name in the URL will fix this issue.
  • If you still want to use IP address or “localhost” instead of FQDN name in the URL, refer to the Frequently Asked Questions (FAQ) section.
  • Some IIS components are missing - Refer to the SCM Technical Specifications and verify if any components are missing or not.

System error , in Configure Project after select project

In the trace.log file: at AEScryptkey.AsymmetricEncryption.DecryptText(String text, Int32 keySize, String publicAndPrivateKeyXml)

To resolve this issue, refer to Cannot decrypt password. Please change the existing password for Connection issue and follow the steps.

Can not decrypt password. Please change the existing password for Connection Number

This may occur due to either of the following reasons:

  • The “CertificateHash” been manually updated after installation, but the application is using the old Solution Database connection strings generated by the old Certificate.
  • Even after fresh installation if the old SCM database is still being referred to by the application, it indicates that the connection string for the solution databases are stored using some other TLS certificate than the one used while the new installation. This may happen if during installation, the existing SCM database option is selected, or manually modified in the web.config file.

For both the cases, follow the below steps:

  1. Click Edit next to the connection number mentioned in the message in red color. This will make the row editable.
  2. Enter the appropriate password and then click Test Connection. A confirmation message appears.
  3. If the connection is successful, click Update. This will encrypt the password using current TLS certificate and update the database accordingly.
  4. If the error persists for a different connection number, then repeat the same steps again for that connection number.

Key not valid for use in specified state

In the trace.log file: ERROR Configurator.Web.Global (null) - System.Security.Cryptography.CryptographicException: Key not valid for use in specified state.

This may occur if the certificate (mentioned in the web.config file in the section "CertificateHash") is imported from a .pfx file and while importing, the Mark this key as exportable option is not selected.

If you have the original .pfx file of that certificate then you need to delete the installed certificate and re-import from the .pfx file and select the Mark this key as exportable option while importing.

Refer to the above screenshot (while importing certificate from .pfx file).

Note: Removing / deleting any existing certificate may affect other program or applications depending on the certificate.

Privacy error with no link to proceed

In some cases, instead of the login page, a page similar to the screenshot may appear. This page does not have any options to proceed furthur.

This may occur if SCM is installed with a preexisting certificate, where the “Host Name” in the binding of default website is preconfigured as blank.

To fix this issue you can either openSCM in different browser like Microsoft Edge, or configure the “Host Name” with the FQDN name of the server in the SSL binding of the default website.

Internal Server Error, the requested page can’t be accessed because the related configuration data for the page is invalid

This may happen if the version of oracle.manageddataaccess.client used in the SCM applicationdoes not match with the version mentioned in the machine.config file in the host system.

You have to update the oracle.manageddataaccess.client version in the machine.config file (default location C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config) with the version mentioned in the SCM application’s web.config file.

Open the machine.config file from the above mentioned location and update the oracle.manageddataaccess.client with the version mentioned in the SCM application’s web.config file.

Machine.config file example: <section name="oracle.manageddataaccess.client" type="OracleInternal.Common.ODPMSectionHandler, Oracle.ManagedDataAccess, Version=4.122.1.0, Culture=neutral, PublicKeyToken=89b483f429c47342" />

Note: Other applications on the host machine that are using oracle.manageddataaccess.client and are also configured to read from machine.config file might get affected.

Error appears when Administrator tries to install SCM using windows authentication to log in to the database

When configuring Windows Authentication for database access in the SCM application, the IIS application pool user must be manually added as a user in the SQL Server database. By default, the SCM application operates within the NT AUTHORITY\NETWORK SERVICE account. This account or a custom account used as the application pool identity must have the necessary database permissions to allow authentication and access.

For details, see Install BIC SCM through Brainware Solution Configuration Manager Installer.

PackageConversionScript.ps1 cannot be loaded because running scripts is disabled on this system

Error: PackageConversionScript.ps1 cannot be loaded because running scripts is disabled on this system.

Cause: This error occurs when PowerShell's Execution Policy is set to a restrictive level, such as Restricted or AllSigned, which prevents the execution of unsigned scripts or any scripts from untrusted sources. By default, PowerShell may block the execution of scripts for security reasons to prevent malicious activity.

Solution:

To resolve this error, you can adjust the PowerShell Execution Policy to allow the script to run by completing the following steps:

  1. Right-click the PowerShell icon and click Run as Administrator.
  2. Run the Get-ExecutionPolicy command to check the current execution policy.
    Note: If the policy is set to Restricted, you need to change it to a more permissive policy such as RemoteSigned or Unrestricted.
  3. Execute the Set-ExecutionPolicy RemoteSigned command to allow all scripts from trusted sources to run. A confirmation message is displayed.
    Note: Alternatively, you can execute the Set-ExecutionPolicy Unrestricted commoand. if you want to allow all scripts to run, including those from untrusted sources
  4. Type Y (Yes) and press Enter.
  5. Run the .\PackageConversionScript.ps1 script.
    Note:
    • If you want to revert the execution policy back to its default restrictive setting (for security reasons), you can set it back to Restricted or your original policy by executing the Set-ExecutionPolicy Restricted command.
    • This error message is not related to the SCM application. It is a system error to enable the policy to run a powershell script.

Important Considerations:

  • Always be cautious when changing the execution policy, especially when setting it to Unrestricted, as it could allow the execution of potentially harmful scripts.
  • Make sure the script you're running is from a trusted source.

ERR_SSL_KEY_USAGE_INCOMPATIBLE / ERR_CERT_INVALID

When a user uses a self-signed certificate that has been created by IIS wizard window as an existing certificate to install SCM, the user gets an error upon installation where the application fails to launch and may show errors such as the following:

Or,

Message: ERR_SSL_KEY_USAGE_INCOMPATIBLE

Solution: Create a certificate using the following PowerShell script :

$cert = New-SelfSignedCertificate -DnsName "yourdomain.com" -CertStoreLocation "Cert:\LocalMachine\My" -FriendlyName "MyTestCert"

This script creates a certificate that can be viewed in IIS as well as MMC.

When a user uses this certificate to install SCM along with an existing certificate, SCM gets installed and launches successfully without any error.