Protection Engine 8.2 service hangs or does not start after importing a certificate for the Java console

book

Article ID: 210873

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

Symantec Protection Engine (SPE) 8.2 does not start correctly after importing a certificate via the certinstall.jar. When restarting the service, the filesize of keystore.public is 0 bytes.

In Windows, the service hangs in a "starting" state.

In Linux, the service appears to start but is not listening on its expected ports (by default: 1344, 8004, 8006)

Cause

An internal issue causes keystore.public to be written as a 0 byte file, causing the service to fail to start correctly.

Environment

SPE 8.2

Resolution

This issue will be fixed in an upcoming release of SPE. If a newer version than 8.2 is available, please upgrade to that version. If not, you can follow the steps below to restore functionality.

  1. Forcibly stop the symcscan process. On Windows, you may need to set the Startup Type for the service to "disabled".
  2. Delete the following files from <SPE install dir> on Windows and <SPE install dir>/bin on Linux:
    • keystore.public
    • keystore.private
  3. Start the Protection Engine service

This is applicable only for certificates imported for use with the local Java UI. It does not affect Secure ICAP. The steps above will cause SPE to generate a new certificate to use. SPE will not be using your imported certificate.

Additional Information

Managing SPE without the local Java console

SPE can also be managed either through the commandline or through the centralized console.

See the following link for information on managing SPE from the commandline:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2/Core_server_only_mode_10/about-the-core-server-only-mode-v128491244-d4995e18688.html

See the following link for information on using the Centralized Console:

https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/symantec-protection-engine/8-2/Getting_Started_0/quick-start-checklist-of-tasks-to-perform-in-the-c-v127681228-d4995e32946.html