KOTS Installation Error: "Public Key Retrieval is not allowed"

Riya Ray
Riya Ray
  • Updated

Author: Riya Ray

Updated: September 2024

Last Updated: September 2025

Audience: Everyone

Environmental details: 

  • Self-hosted, Replicated - KOTS

Summary

Jama Connect KOTS is installed, but the Application is still not accessible. Checking into the logs, you can see the error "Public Key Retrieval is not allowed" is thrown (see below):

ERROR http-nio-8080-exec-6 contour [1f4195] [com.jamasoftware.contour.setup.service.impl.SchemaServiceImpl] - Failed to check if the schema exists for tenant id contour
com.mysql.jdbc.exceptions.jdbc4.MySQLNonTransientConnectionException: Public Key Retrieval is not allowed

Solution

  1. Navigate to the Admin console config tab and update the "Database connection parameters" value under the Advanced Database Settings panel:
  2. allowPublicKeyRetrieval=true
  3. Save this new configuration.
  4. Once done, run the below commands:
  5. kubectl exec core-0 -- sh -c 'rm -rf /home/contour/tenant_properties /home/contour/tenant.properties /home/contour/setup.properties /home/contour/services.properties /home/contour/node.properties /home/contour/database.properties'
  6. kubectl delete job tenant-manager
  7. kubectl delete sts core hazelcast activemq
  8. Delete the row in the tenantstate Table by running the query below on your Database:
  9. delete from tenantstate;
  10. Deploy the last changes from the KOTS Admin console.

Cause

This issue is happening because PublicKeyRetrieval is not enabled on the instance. 

In MySQL, allowPublicKeyRetrieval is a boolean client-side parameter that enables the client to automatically request the server's public key when using caching_sha2_password authentication. When a client connects to a MySQL server that uses the caching_sha2_password authentication plugin, it needs the server's public key to encrypt the password before sending it to the server. 

The allowPublicKeyRetrieval=true setting instructs the client (e.g., a JDBC driver) to automatically initiate this process, fetching the public key from the server. Post MySQL 8.0.*, the default authentication plugin setting is set to caching_sha2_password.

Prevention

Please update the PublicKeyRetrieval value under the Advanced Database Settings on the Admin console.

Additional Information/Metadata

  • Jama Connect® KOTS Installation troubleshooting
  • Admin Console settings/ parameters

 

Related to

Was this article helpful?

0 out of 1 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.