search cancel

After upgrade from 15.1 to 15.5 Enforce keystore errors observed and all detection servers unknown

book

Article ID: 174815

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

After upgrading to DLP 15.5 on Windows from DLP 15.1, Enforce is unable to establish a connection with the detection servers.  Localhost logs indicate a keystore error.  This has been frequently seen if the default installation directory is different in the 15.5 install than what was used in 15.1 (i.e. \Program Files and \programdata in 15.1, and in 15.5 you are using \Program Files and \programdata)

Errors from MonitorController.log file:

File: Enforce\logs\debug\MonitorController0.log
Date: 5/17/19 8:40:06 AM
Class: com.vontu.logging.LocalLogWriter
Method: write
Level: SEVERE
Message:  Certificate authority file is corrupt.. Certificate authority file certificate_authority_v1.jks is corrupt
.

File: Enforce\logs\debug\MonitorController0.log
Date: 5/17/19 8:40:06 AM
Class: com.vontu.monitor.controller.informationmonitor.mapper.MonitorChannelKeystoreUpdater
Method: generateKeyAndTrustStoreAndAddData
Level: SEVERE
Message:  Certificate authority file missing or corrupt. Cannot generate server keystore and trustore for this server <detection server name>

File: Enforce\logs\debug\MonitorController0.log
Date: 5/17/19 8:40:06 AM
Class: com.vontu.enforce.domainlayer.certificate.CertificateService
Method: getValidatedRootCertificate
Level: SEVERE
Message:  Root certificate file certificate_authority_v1.jks not found

File: Enforce\logs\debug\MonitorController0.log
Date: 5/17/19 8:40:07 AM
Class: com.hazelcast.instance.Node
Method:
Level: WARNING
Message:  [127.0.0.1]:5702 [enforceMessaging] [3.6.5] Terminating forcefully...

 

Cause

This issue occurs when during upgrading to DLP version 15.5, some configuration files may have been reverted to default values rather than using values specified in the installation of the 15.5 software prior to migrating.   There are a number of configuration files that contain paths to the keystore folder which aren't updated to reflect the correct path for required items such as keystores.  These keystore files are required to initiate communications between Enforce and Detection Server. 

This will cause the SymantecDLP Detection Server Controller Service to:

  • Crash
  • Fail to startup fully
  • Cause Detection Servers to be in an "Unknown" state in the Enforce Console.

Environment

DLP 15.5

Resolution

Please review and update the correct paths in the following configuration files on the Enforce server, and detection server(s).  These should be modified to match the actual location of the keystore folder instead of the standard path /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore.

Restart the SymantecDLPDetectionServerControllerService on Enforce and the SymantecDLPDetectionServerservices on the detection server and verify the servers change from an "Unknown" to a "Running" status

For example:

Manager.properties(Enforce)

SSLkeystore.dir = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore

MonitorController.properties(Enforce)

ssl.keystore.file.path = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore/enforce_keystore.jks

com.symantec.dlp.detectionserver.communicationkeystores.directory = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore

Protect.properties(Enforce)

com.vontu.inline_smtp.keystore = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore/prevent.ks

com.vontu.manager.enforce.keystore.file = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore/enforce_keystore.jks

Icap.Keystore.Path = /ProgramData/Symantec/DataLossPrevention/EnforceServer/15.5/keystore/secureicap.jks

Aggregator.properties(Detection Server)

endpointKeystoreDir = /ProgramData/Symantec/DataLossPrevention/DetectionServer/15.5/keystore/monitor.<timestamp>.sslkeystore

Communication.properties(Detection Server)

/Program Files/Symantec/DataLossPrevention/Detection Server/15.5/keystore/monitor.<timestamp>.sslkeystore