The Data Repository cluster was migrated from old hosts to new hosts.

The old cluster hosts were not enabled for FIPS. It's database save was loaded via restore to the new cluster hosts where FIPS was enabled.

As a result the database entry for the dauser was not configured properly to use SHA512 encryption, a requirement of FIPS. Instead it was using MD5 encryption which isn't supported by FIPS.

The error is the result of FIPS rejecting the attempt to connect to the database using a database user with MD5 encryption instead of the supported SHA512 encryption.

We can see the problem running the following command in a Vsql prompt on the Data Repository Vertica database. Note how the dauser is using MD5 encryption.

Run this command to obtain that output:

select * from password_auditor;

The key problem here is transferring a DB from a cluster without FIPS enabled to a cluster with FIPS enabled. When migrating a Vertica cluster ensure the source and destination clusters are configured the same for FIPS before the migration. If the source cluster is not FIPS enabled, ensure the destination cluster is also not enabled for FIPS. After the migration the new destination cluster can then be FIPS enabled.

To resolve this take the following steps:

1. Disable FIPS on the new cluster hosts at the OS level.
2. Run the following command in a Vsql prompt on the Data Repository Vertica database.
   1. Replace <dapass> with the dauser password. This sample shows the successful command run when the default 'dapass' password is used.
      •  alter user dauser security_algorithm 'SHA512' identified by '<dapass>';
      • Sample output would be:
        • 
3. If successful a new run of the command "select * from password_auditor;" should now show the dauser using SHA512 encryption instead of MD5.
   • 

After making this change the dadaemon service should start and successfully connect to the Data Repository Vertica database cluster.