Encryption of communications between Manager and the database server (ForcedEncryption)
search cancel

Encryption of communications between Manager and the database server (ForcedEncryption)


Article ID: 164913


Updated On:


Data Center Security Server Data Center Security Server Advanced


You would like more details on setup of the communication between the Symantec Data Center Server manager (SDCSS) and the SQL database over SSL


Microsoft SQL server can use Secure Socket Layer (SSL) to encrypt data that is transmitted across network between an instance of SQL server. 

Info about ForcedEncryption in SQL: 




When you enable ForcedEncryption in the database, you need to modify the server.xml to allow ssl connection. Below are the listed steps that will be required in DCS Management server for SSL encrypted communication

1. Stop the management server service. It should be listed as Symantec Data Center Management Service in services.

2. Navigate to the install directory which is normally located in "C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf"  

           a. Create a backup copy of the server.xml in the above directory

3. Open the original server.xml with notepad to edit the following strings.

4. Find the following strings: 




5: Update the 3 strings in step 5 to enable ssl as follows: 




6. Save the server.xml in the same directory

7. For DCS 6.5.x and 6.6.x DCS Management servers, registry keys need to be updated additionally. This is not required for newer DCS versions.

     a.  For 6.5.x servers, open registry editor and go to below registry key:
           1. Edit "JVM Option Count" registry value and set it to 1 higher than what it is currently set to (default installation its set to 8, so set it to 9)

           2. Add a new Registry String Value "JVM Option Number N" where N is equal to 1 less than the "JVM Option Count" that was updated in step 2 (default installation requires: "JVM Option Number 8")

           3.  Set the value to: -Djsse.enableCBCProtection=false

     b.  For 6.6.x server and newer, open registry editor and go to below registry key 

                HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\SISManager\Parameters\Java

             1.  Edit “Options” registry value

             2.  add below value to the end of value data


8. Start DCS management server service

9. Test connection to database by logging into Console

Additional Information

ForcedEncryption is enabled on SQL database.