This guide is intended to assist a Server administrator with proactively transferring Alteryx Server encryption keys when moving Alteryx Server to a new host (on-premises or cloud), and in other cases where your infrastructure changes.
The encryption key transfer process allows you to run workflows which use encrypted assets, such as DCM connections and Server data connections.
Access to the original controller/host.
Target machine must have identical version of Alteryx Server installed.
System Administrator rights on the target and original Server.
Access to all shared credentials used for running workflows including, the service account (if not Local System), the Run As user, and any workflow credentials.
Controller Token from the original Server and port number if different than the default port.
Alteryx Service must be running on the original host.
# | Step | Details |
|---|---|---|
1.1 | Get Original Host Controller Token | Copy Controller Token from Alteryx System Settings > Controller > General > Token section or run the following command as an admin from Command Prompt or Powershell: {Install Directory}\Alteryx\bin> .\AlteryxService.exe getserversecret Default is C:\Program Files\Alteryx\bin> .\AlteryxService.exe getserversecret |
1.2 | Get Original Host Details | Non-TLS Enabled: Get IP address or FQDN or Hostname of the original host and port number if any, other than default port. TLS Enabled: Get IP address or FQDN of the original host and port number if any, other than default port. |
# | Step | Details |
|---|---|---|
2.1 | Get AlteryxService.exe Path | {Install Directory}\Alteryx\> .\AlteryxService.exe Default is C:\Program Files\Alteryx\bin> .\AlteryxService.exe |
The following steps are all performed on the target host.
# | Step | Details |
|---|---|---|
3.1 | Command | transferdcmesecret |
3.2 | Prepare Command | Note Path is gathered in step 2.1 {Install Directory}\Alteryx\bin> .\AlteryxService.exe. Non-TLS Enabled With default port: {Install Directory}\Alteryx\bin> .\AlteryxService.exe transferdcmesecret=<IP Address | Hostname | FQDN>:<port number>,<Unencrypted Controller Token From Step 1.1> Note: Port number is optional for default. Example: C:\Program Files\Alteryx\bin>.\AlteryxService.exe transferdcmesecret=172.x.2x.2xx,81d73a13f264c4b5b43d6e28e9419dc8861d1091ffc46f23f5afaabaaaaab With specified port number: {Install Directory}\Alteryx\bin> .\AlteryxService.exe transferdcmesecret=<IP Address | Hostname | FQDN>:<port number>,<Unencrypted Controller Token From Step 1.1> Example: C:\Program Files\Alteryx\bin>.\AlteryxService.exe transferdcmesecret=172.x.2x.2xx:81,81d73a13f264c4b5b43d6e28e9419dc8861d1091ffc46f23f5afaabaaaaab TLS Enabled With default port: {Install Directory}\Alteryx\bin> .\AlteryxService.exe transferdcmesecret=<https://IP Address | FQDN>:<optional port number>,<Unencrypted Controller Token From Step 1.1> Note: Port number is optional for default. It is mandatory for non-default. Example: C:\Program Files\Alteryx\bin>.\AlteryxService.exe transferdcmesecret=https://172.x.2x.2xx,81d73a13f264c4b5b43d6e28e9419dc8861d1091ffc46f23f5afaabaaaaab With specified port number: {Install Directory}\Alteryx\bin> .\AlteryxService.exe transferdcmesecret=<https://IP Address | FQDN>:<port number>,<Unencrypted Controller Token From Step 1.1> Example: C:\Program Files\Alteryx\bin>.\AlteryxService.exe transferdcmesecret=https://172.x.2x.2xx:443,81d73a13f264c4b5b43d6e28e9419dc8861d1091ffc46f23f5afaabaaaaab |
3.3 | Execute the Command | Open Command Prompt or PowerShell window in admin mode and run the command from step 2.1. |
Note
If you see any errors on the console window, please refer to the Known Error Messages table.
Known Error Messages
Error Message | Cause |
|---|---|
Invalid parameters. Could not retrieve original key. | Incorrect Controller Token from Original host. |
Failed to get server address, server <servername>: No such host is known. | Incorrect or communication issues with specified IP Address/Hostname/FQDN. |
Failed to connect to server <servername>, port <xxxx>: No connection could be made because the target machine actively refused it. | Incorrect port number. |
# | Step | Details |
|---|---|---|
4.1 | Start or Restart Alteryx Service | Go to Task Manager > Service, select Alteryx Service and then select Start or Restart. |