1] Check the problem node's master.key file
If you are adding a new node to an existing HA cluster, you may just need to copy the right key file over to the broken node's file system. Locate the master.key file on a working node and compare its text to the broken node's key text, they should match.
2] Remove the join.key and access.admin.token from the bad node
Sometimes if you start an HA node with the wrong master.key, these files will be generated with it. They can cause a Bad Padding exception if they're from the wrong key, even after you fixed the master.key issue. This is because the application will not generate a new token or join.key if the file already exists.
The good news is the join.key and access.admin.token are regenerated if they are removed, it's safe to delete them:
3] Reset the master.key
In the worst case, the master.key file was lost for good. If this happens you can still recover, there is a dedicated guide to follow here.
If you are adding a new node to an existing HA cluster, you may just need to copy the right key file over to the broken node's file system. Locate the master.key file on a working node and compare its text to the broken node's key text, they should match.
# 7.X location cat /var/opt/jfrog/artifactory/etc/security/master.key ## Example 7.X key text ## a0dcb68a6f512b373ecc8b8a81e16133635a13aeda33c44317e2d314fb98bd9e # 6.X location cat /var/opt/jfrog/artifactory/etc/security/master.key ## Example 6.X key text ## 883be1f46af582bff31e84648c6948b4If this is not an HA cluster, check to see if there is a backup copy of the master.key. If you found you have tried to start Artifactory with the wrong master.key, proceed to step 2 and delete the join.key and access.admin.token.
2] Remove the join.key and access.admin.token from the bad node
Sometimes if you start an HA node with the wrong master.key, these files will be generated with it. They can cause a Bad Padding exception if they're from the wrong key, even after you fixed the master.key issue. This is because the application will not generate a new token or join.key if the file already exists.
The good news is the join.key and access.admin.token are regenerated if they are removed, it's safe to delete them:
#These will regenerate on startup rm $JFROG_HOME/var/etc/artifactory/security/access/access.admin.token rm $JFROG_HOME/var/etc/security/join.key
3] Reset the master.key
In the worst case, the master.key file was lost for good. If this happens you can still recover, there is a dedicated guide to follow here.