<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 05:44:33 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-58447] mongo Will Attempt to Connect to System Certificate Store on Windows, Even if File-Based Cert and Key Pair is Used</title>
                <link>https://jira.mongodb.org/browse/SERVER-58447</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;When running mongoDB v4.0+ under a domain user account, it will attempt to connect to the system certificate store, even if not configured to be used in the .conf file. This will cause the server to make a type 3 connection to the domain controller. If this connection is disallowed by group policy, mongoDB will crash with the following error:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;Failed global initialization: InvalidSSLConfiguration: CryptAcquireContextW failed The requested operation cannot be completed. The computer must be trusted &lt;/span&gt;&lt;span style=&quot;color: #006699; font-weight: bold; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;for&lt;/span&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt; delegation and the current user account must be configured to allow delegation&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;This does not affect local accounts or the System account.&lt;/p&gt;</description>
                <environment></environment>
        <key id="1815769">SERVER-58447</key>
            <summary>mongo Will Attempt to Connect to System Certificate Store on Windows, Even if File-Based Cert and Key Pair is Used</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="5">Cannot Reproduce</resolution>
                                        <assignee username="adrian.gonzalez@mongodb.com">Adrian Gonzalez Montemayor</assignee>
                                    <reporter username="tom.slattery@osii.com">Tom Slattery</reporter>
                        <labels>
                    </labels>
                <created>Mon, 12 Jul 2021 20:07:28 +0000</created>
                <updated>Mon, 16 Oct 2023 18:33:20 +0000</updated>
                            <resolved>Mon, 16 Oct 2023 18:33:20 +0000</resolved>
                                    <version>4.0.18</version>
                                                                        <votes>0</votes>
                                    <watches>7</watches>
                                                                                                                <comments>
                            <comment id="5782297" author="JIRAUSER1260495" created="Mon, 16 Oct 2023 18:33:20 +0000"  >&lt;p&gt;I&apos;ve been trying to reproduce this without any luck. I took the following steps:&lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;I spawned a windows base 2016 ec2 for a domain controller server&lt;/li&gt;
	&lt;li&gt;I spawned a windows base 2016 ec2 for the domain user&lt;/li&gt;
	&lt;li&gt;Created AD and testuser in domain controller&lt;/li&gt;
	&lt;li&gt;Added to testuser Deny access to this computer from the network policy&lt;/li&gt;
	&lt;li&gt;Couldn&apos;t log in through RDP using testuser because of the policy so logged in using Administrator&lt;/li&gt;
	&lt;li&gt;Launched a powershell using testuser&lt;/li&gt;
	&lt;li&gt;Run the binaries using the provided configuration&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;The ticket will be closed while we wait for more steps or logs to reproduce.&lt;/p&gt;</comment>
                            <comment id="5732921" author="JIRAUSER1260495" created="Tue, 26 Sep 2023 21:23:29 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=liam.briggs%40aspentech.com&quot; class=&quot;user-hover&quot; rel=&quot;liam.briggs@aspentech.com&quot;&gt;liam.briggs@aspentech.com&lt;/a&gt; Sorry for the delay but can you still provide logs? Thanks&lt;/p&gt;</comment>
                            <comment id="5436092" author="JIRAUSER1273621" created="Thu, 18 May 2023 20:05:58 +0000"  >&lt;p&gt;I thought this may be cause by using schannel as the SSL provider, but after compiling 4.2 with OpenSSL as the provider I ran into the same issue with the same error.&#160;&lt;/p&gt;</comment>
                            <comment id="5412829" author="JIRAUSER1273621" created="Tue, 9 May 2023 20:37:23 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=eric.sedor%40mongodb.com&quot; class=&quot;user-hover&quot; rel=&quot;eric.sedor@mongodb.com&quot;&gt;eric.sedor@mongodb.com&lt;/a&gt; I&apos;m also facing this issue and have been able to reproduce it on version 4.0.28 and can provide logs.&#160;&lt;/p&gt;</comment>
                            <comment id="3955658" author="eric.sedor" created="Wed, 21 Jul 2021 17:32:42 +0000"  >&lt;p&gt;Thanks &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=tom.slattery%40osii.com&quot; class=&quot;user-hover&quot; rel=&quot;tom.slattery@osii.com&quot;&gt;tom.slattery@osii.com&lt;/a&gt;, I&apos;ll pass this to an appropriate team to consider.&lt;/p&gt;

&lt;p&gt;For completeness sake can you please upload the full &lt;tt&gt;mongod.log&lt;/tt&gt; file for a failed startup attempt including that error to &lt;a href=&quot;https://amphora.corp.mongodb.com/public/upload/eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJmb2xkZXJfaWQiOiIxNDE2OTkxMjU4NTgiLCJleHAiOjE2Mjk0ODA4ODF9.CTqbL_1f7Poz57f5vp-mM3RBwSUiRhuzlhl6pVwSrPE&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this secure upload portal&lt;/a&gt;? Files uploaded to this portal are visible only to MongoDB employees and are routinely deleted after some time.&lt;/p&gt;</comment>
                            <comment id="3929151" author="JIRAUSER1261141" created="Mon, 12 Jul 2021 20:08:24 +0000"  >&lt;p&gt;Please note - this can be downgraded in severity. This is not a major defect.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                            <attachment id="324695" name="mongo.conf" size="681" author="tom.slattery@osii.com" created="Mon, 12 Jul 2021 19:59:53 +0000"/>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>6.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18555" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname># of Sprints</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_12751" key="com.atlassian.jira.plugin.system.customfieldtypes:multiselect">
                        <customfieldname>Assigned Teams</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="25129"><![CDATA[Server Security]]></customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 21 Jul 2021 17:32:42 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        16 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>adrian.gonzalez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            16 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>adrian.gonzalez@mongodb.com</customfieldvalue>
            <customfieldvalue>eric.sedor@mongodb.com</customfieldvalue>
            <customfieldvalue>liam.briggs@aspentech.com</customfieldvalue>
            <customfieldvalue>tom.slattery@osii.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzrpwv:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hx1ym2:9</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="6926">Security 2023-05-29</customfieldvalue>
    <customfieldvalue id="7323">Security 2023-06-12</customfieldvalue>
    <customfieldvalue id="7325">Security 2023-07-10</customfieldvalue>
    <customfieldvalue id="7326">Security 2023-07-24</customfieldvalue>
    <customfieldvalue id="7403">Security 2023-08-07</customfieldvalue>
    <customfieldvalue id="7704">Security 2023-10-02</customfieldvalue>
    <customfieldvalue id="7705">Security 2023-10-16</customfieldvalue>
    <customfieldvalue id="7706">Security 2023-10-30</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10750" key="com.atlassian.jira.plugin.system.customfieldtypes:textarea">
                        <customfieldname>Steps To Reproduce</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>&lt;p&gt;Run mongoDB with the attached .conf file as a domain user with &lt;b&gt;Computer Configuration &amp;gt; Policies &amp;gt; Windows Settings &amp;gt; Security Settings &amp;gt; Local Policies &amp;gt; User Rights Assignment &amp;gt; Deny Access to This Computer From the Network&lt;/b&gt;&#160;set for the user or group, or remove the user from&#160;&lt;b&gt;Access this Computer from the Network&lt;/b&gt;. These policies will need to be set on the Domain Controller, not the database server, and the Domain Controller and Database Server will need to be separate devices. This has been observed on mongoDB 4.0.18.&lt;/p&gt;</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                    <customfieldvalue><![CDATA[eric.sedor@mongodb.com]]></customfieldvalue>
    

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hzrc5z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>