After installing DLP Network Prevent for Email the prevent.ks file is missing from the C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_version>\Protect\keystore directory. The prevent.ks file is necessary for configuring the keystore to enable the key chain between Exchange and DLP.
Release : 15.8, 16.0, 16.0RU1 and 16.0 RU2
Component : Network Prevent for Email.
Unknown why the prevent.ks is sometimes not created.
Manually create the prevent.ks file on the Email Prevent server:
Execute the keytool utility with the -genkeypair and -keystore options to add a new public and private key to the keystore:
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "dname_string" -alias smtp_prevent -keypass key_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass store_password -validity expiration_days
For example:
keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=John Doe, OU=DLP_Development,O=Symantec, L=SanFrancisco, S=California, C=USA" -alias smtp_prevent -keypass prevent_keystore_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\<DLP_Version>\Protect\keystore\prevent.ks -storepass prevent_keystore_password -validity 90
NOTE:
1]You will need to change the "-dname" in the command to the parameters of your organization.
2] prevent_keystore_password is the password you set for the keystore and the Network Prevent for Email Server key.
Windows:
Linux: