This is an internal Scorpion Software documentation article and contains information that should not be exposed to public viewing.
After upgrading an existing Two Factor Auth server on a 64-bit operating system, the ResetMAP.exe tool isn't allowing the customer to log back in to their Management Console as it still shows a bad password error.
The registry values for CipherKey are mismatched between the regular node and the Wow6432Node. The exact reason this happens is unconfirmed, but likely a problem in writing the registry values to both places during an upgrade.
Note: This problem does not occur in all instances of x64 environments.
The CipherKey mismatch can cause problems with Master Admin Passwords, specifically the internal tool "ResetMAP.exe". When running ResetMAP, you can properly write a hashed value to the database but it will be hashed using the wrong registry key (Wow6432Node).
Overwrite the CipherKey in the Wow6432Node with the regular CipherKey.
MAKE SURE TO TAKE ALL RELEVANT PRECAUTIONS WHEN EDITING A CUSTOMER'S REGISTRY KEYS!
The recommended procedure is to copy both values into notepad and compare them with wordwrap turned off. This allows you to line them up letter by letter and quickly skim through the values. Make sure to double-check you copied the correct one, and that your Ctrl+C didn't get cut off by the remote session.
If they are certainly mismatched, take the value from HKEY_LOCAL_MACHINE\SOFTWARE\Scorpion Software\Anvil\CipherKey and overwrite the value at HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Scorpion Software\Anvil\CipherKey.
CAUTION! If you overwrite the wrong CipherKey, all future database communications may be encrypting based on the wrong key and the server can only be restored from a recent backup.
Once you have properly synchronized the 2 CipherKey values, run the ResetMAP.exe tool once more and it will use the updated key to properly hash the database value for the Master Admin Password, which is what the Management Console is hashing against.
Any software upgrades to AuthAnvil 2FA v4.0 and later.