The following topics can assist with troubleshooting.

For RabbitMQ deployment recommendations, see this documentation.

Cannot Delete epmd.exe after Uninstalling RabbitMQ and Erlang

This error happens when you uninstall RabbitMQ (and optionally Erlang) but cannot delete one or more programs or folders associated with RabbitMQ or Erlang.

One common example would be "epmd.exe". This occurs because these files are still being held open by an active process and can present a problem if you uninstalled in order to perform a clean reinstall. To fix this:

  • Open command prompt as Administrator and run:


  • Find the epmd.exe process (or whichever process cannot be deleted) and note the process ID:

    taskkill /pid {PROCESSID} /F

  • Delete the file or folder

Can't Remove Erlang Cookie During Installation

Example error:

Failed to copy system cookie: Access to the path 'C:\Users\user1\\.erlang.cookie' is denied.. Manual deletion might be necessary;Access to the path 'C:\Users\user1\\.erlang.cookie' is denied.;. Would you like to Retry?

You can manually delete the cookie from the location the Helper has no access to and retry.

Management Plugin Does Not Load

The management plugin is the web page where the user logs in to manage RabbitMQ. This is usually located at http://localhost:15672

When installing RabbitMQ using the helper:

  • The management plugin should be enabled automatically
  • The specified user should be automatically created and
  • The user should have appropriate permissions granted

However, if any error occurs during the installation while using the Helper, the management plugin may not be enabled. See the following 2 ways to fix:

  1. Open the Helper and run:

    Enable-RabbitMqManagement -Verbose

  2. Open the RabbitMQ Command Prompt and run:

    rabbitmq-plugins enable rabbitmq_management

Getting Exceptions but Not Seeing Details

When running a Helper cmdlet you may run into an exception but you do not see any details or inner exceptions.

You can either wrap the cmdlet call and select the exception to get a list of key-value pairs of exception messages:

try { Stop-RabbitMq } catch { Select-Exception $_.Exception}

Or you can select topmost/combined message:

try { Stop-RabbitMq } catch { (Select-Exception $_.Exception)[0].Value}

Need the PowerShell Command Help Content?

#markdown links

Get-Command -Module Delinea.RabbitMq.Helper.PSCommands | Sort | % { Write-Host "Get-Help $_ -Full | Out-File $_.txt" };

#detailed help file generation script Get-Command -Module Delinea.RabbitMq.Helper.PSCommands | Sort | % { Write-Host "Get-Help $_ -Detailed | Out-File $_.txt" };

#full help file generation script Get-Command -Module Delinea.RabbitMq.Helper.PSCommands | Sort | % { Write-Host "Get-Help $_ -Full | Out-File $_.txt" };

RabbitMQ "broken" After Hostname Change

This error occurs when you rename the RabbitMQ Hostname. This results in the creation of a new database directory with the current hostname. The result is the SecretServer username no longer exists in the database so breaks every function that requires the RabbitMQ Site Connector.

To resolve this:

  • Manually recreate the user with the credentials in the Site Connector "View Credentials".
  • Then apply the required permissions to match the guest user.

Best Practice: Do not change your RabbitMQ Hostname.

TypeError: Cannot read properties of undefined (reading 'length')

If the following error display on the RabbitMQ Management UI, manually clear the browser cache on which the Management is used.


Vulnerability scans return AMQP Cleartext Authentication on port 5672 on RabbitMQ server(s)

This is an issue with RabbitMQ and not a problem with Secret Server. It can easily be resolved and is fully supported by Secret Server.

Steps to resolve the issue:

  1. Enable RabbitMQ TLS

  2. Switch the Secret Server site connector to Use SSL = Yes.

  3. Go to Admin > Distributed Engine > Site Connectors > select the affected RabbitMQ site connector(s) > Use SSL = Yes.

  4. To disable the TCP listener in RabbitMQ configuration in C:\RabbitMQ\rabbitmq.conf, edit the following line: listeners.tcp = none

  5. Click here for more information.

You have the option to fully disable non-TLS listeners. This would limit node access to only TLS-enabled clients who use the designated port.

# disables non-TLS listeners, only TLS-enabled clients will be able to connect
listeners.tcp = none

listeners.ssl.default = 5671

ssl_options.cacertfile = /path/to/ca_certificate.pem
ssl_options.certfile = /path/to/server_certificate.pem
ssl_options.keyfile = /path/to/server_key.pem
ssl_options.verify = verify_peer
ssl_options.fail_if_no_peer_cert = true