User is unable to log into the DLP Enforce Console

book

Article ID: 160659

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

After upgrading Symantec Data Loss Prevention (DLP), the user is unable to log into the Enforce Console.

Error: "Keystore was tampered with, or password was incorrect" found in tomcat\localhost<date>.log

 

 

After upgrading DLP, users cannot access the Enforce UI.

In the tomcat localhost log files, look for the following bolded errors:

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [com.vontu.security.keystorecontainer.KeyStoreContainer]: Factory method 'getManagerKeyStoreContainer' threw exception; nested exception is com.vontu.security.KeyStorehouseException: Unable to ingnite cryptographic keys.
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189)
at org.springframework.beans.factory.support.ConstructorResolver$3.run(ConstructorResolver.java:582)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:579)
... 71 more
Caused by: com.vontu.security.KeyStorehouseException: Unable to ingnite cryptographic keys.
at com.vontu.security.keystorecontainer.KeyStoreContainer.readStoreFromStream(KeyStoreContainer.java:220)
at com.vontu.security.keystorecontainer.FileKeyStore.doLoad(FileKeyStore.java:49)
at com.vontu.security.keystorecontainer.KeyStoreContainer.ignite(KeyStoreContainer.java:202)
at com.vontu.config.manager.ManagerSpringConfiguration.getManagerKeyStoreContainer(ManagerSpringConfiguration.java:309)
at com.vontu.config.manager.ManagerSpringConfiguration$$EnhancerBySpringCGLIB$$3d227ca7.CGLIB$getManagerKeyStoreContainer$4(<generated>)
at com.vontu.config.manager.ManagerSpringConfiguration$$EnhancerBySpringCGLIB$$3d227ca7$$FastClassBySpringCGLIB$$689b44e8.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:356)
at com.vontu.config.manager.ManagerSpringConfiguration$$EnhancerBySpringCGLIB$$3d227ca7.getManagerKeyStoreContainer(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162)
... 74 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:780)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:56)
at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:70)
at java.security.KeyStore.load(KeyStore.java:1445)
at com.vontu.security.keystorecontainer.KeyStoreContainer.readStoreFromStream(KeyStoreContainer.java:216)
... 87 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:778)
... 92 more

Resolution

This issue can happen if the "<DLP_HOME>\Protect\tomcat\conf\.keystore" password has been changed to something other than the default value of "protect".

  1. Stop the "Symantec DLP Manager" service ("Vontu Manager" service for previous versions of DLP)
  2. Verify the "keystorePass=" is set to the correct password for the keystore (default password="protect")
    • Path: <DLP_HOME>\Protect\tomcat\conf\server.xml
    • File: "Server.xml"
    • Property: keystorePass
    • If the password is not set to the correct password for the Keystore please replace it with the correct password. 
    • Note: Password MUST be enclosed in double-quotes
  3. Verify the "com.vontu.manager.tomcat.keystore.password" is set to the correct password for the keystore (default password="protect")
    • Path: <DLP_HOME>\Protect\config\protect.properties
    • File: "Protect.properties"
    • Property: com.vontu.manager.tomcat.keystore.password
    • If the password is not set to the correct password for the Keystore please replace it with the correct password.
    • Note: Password is NOT surrounded by double-quotes in this file.
  4. Restart the "Symantec DLP Manager" service ("Vontu Manager" service for previous versions of DLP)