After installing DLP Network Prevent for Email the prevent.ks file is missing from the C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_version>\Protect\keystore directory. The prevent.ks file is necessary for configuring the keystore to enable the key chain between Exchange and DLP. 

Release : 15.8, 16.0, 16.0RU1 and  16.0 RU2

Component : Network Prevent for Email.

The prevent.ks file is no longer created by default. You should now create this keystore at the time you are creating your server certificate.

For instructions on creating the certificate and keystore using the automated script please follow the link to the KB article below...

Example Script to automate keytool commands

For instructions on manually creating the prevent.ks file on the Email Prevent server, please see the instructions below:

Execute the keytool utility with the -genkeypair and -keystore options to add a new public and private key to the keystore:

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "dname_string" -alias smtp_prevent -keypass key_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass store_password -validity expiration_days

For example: 

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=John Doe, OU=DLP_Development,O=Symantec, L=SanFrancisco, S=California, C=USA" -alias smtp_prevent -keypass prevent_keystore_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass prevent_keystore_password -validity 90

NOTE:
     1]You will need to change the "-dname" in the command to the parameters of your organization.
     2] prevent_keystore_password is the password you set for  the keystore and the Network Prevent for Email Server key.

Keytool.exe location

Windows:

• <DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin

Linux:

• /opt/AdoptOpenJRE/ jdk8u<version>-jre/bin