"Error 2206: Cryptographic key ignition failed" after a fresh v11.1 Enforce installation on Linux

book

Article ID: 160554

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

After a fresh install of an 11.1 Linux Enforce server, the following message is displayed in the web interface:

Code 2206
Summary Cryptographic key ignition failed
Detail Failed to ignite the cryptographic keys using the master key. Please look in the enforce server logs for more information.

The following messages are present in the logs:

localhost.yyyy-mm-dd.log:
WARNING [com.vontu.manager.system.keystore.KeystoreRotationTask] (MANAGER.803) Unable to check if keys rotation is required because the keystore has not yet been ignited. Will try again in 1 day(s)


IncidentPersister_0.log:
(SEVERE) Thread: 10 [com.vontu.incidenthandler.keystore.KeyStoreIgniter.igniteKeys] KeyIgnition failedcom.vontu.enforce.domainlayer.crypto.MasterKeyException: The master key could not be read
(SEVERE) Thread: 10 [com.vontu.incidenthandler.IncidentPersister.main] Incident Persistor was unable to initialize
com.vontu.incidenthandler.PersisterInitializationException: Unable to initialize Model
Caused by: com.vontu.incidenthandler.PersisterInitializationException: KeyIgnition failed
Caused by: com.vontu.enforce.domainlayer.crypto.MasterKeyException: The master key could not be read
Caused by: com.vontu.enforce.domainlayer.crypto.MasterKeyException: The master key file could not be read
Caused by: java.io.FileNotFoundException: /opt/Vontu/Protect/config/CryptoMasterKey.properties (Permission denied)

Resolution

Correct the permissions on the CryptoMasterKey.properties file with the command run as root then recycle the Vontu Manger service:

chmod 644 /opt/Vontu/Protect/config/CryptoMasterKey.properties