Mail Prevent keystore prevent.ks is missing from ProgramData keystore folder after installing DLP Network Prevent for Email.
search cancel

Mail Prevent keystore prevent.ks is missing from ProgramData keystore folder after installing DLP Network Prevent for Email.

book

Article ID: 221127

calendar_today

Updated On:

Products

Data Loss Prevention Network Monitor and Prevent for Email and Web

Issue/Introduction

After installing DLP Network Prevent for Email the prevent.ks file is missing from the C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_version>\Protect\keystore directory. The prevent.ks file is necessary for configuring the keystore to enable the key chain between Exchange and DLP. 

Environment

Release : 15.8, 16.0, 16.0RU1 and  16.0 RU2

Component : Network Prevent for Email.

Cause

Unknown why the prevent.ks is sometimes not created.

Resolution

Manually create the prevent.ks file on the Email Prevent server:

Execute the keytool utility with the -genkeypair and -keystore options to add a new public and private key to the keystore:

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "dname_string" -alias smtp_prevent -keypass key_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass store_password -validity expiration_days

For example: 

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=John Doe, OU=DLP_Development,O=Symantec, L=SanFrancisco, S=California, C=USA" -alias smtp_prevent -keypass prevent_keystore_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass prevent_keystore_password -validity 90


NOTE:
1]You will need to change the "-dname" in the command to the parameters of your organization.
2] prevent_keystore_password is the password you set for  the keystore and the Network Prevent for Email Server key.

 

 

Additional Information

Keytool.exe location

Windows:

  • <DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin

Linux:

  • /opt/AdoptOpenJRE/ jdk8u<version>-jre/bin