After installing DLP Network Prevent for Email the prevent.ks file is missing from the C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\keystore directory. The prevent.ks file is necessary for configuring the keystore to enable the key chain between Exchange and DLP. 

Release : 15.8

Component : Network Prevent for Email.

Unknown why the prevent.ks is sometimes not created.

Manually create the prevent.ks file on the Email Prevent server:

Execute the keytool utility with the -genkeypair and -keystore options to add a new public and private key to the keystore:

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "dname_string" -alias smtp_prevent -keypass key_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\keystore\prevent.ks -storepass store_password -validity expiration_days

For example: 

keytool -genkeypair -keyalg RSA -keysize 2048 -sigalg SHA256withRSA -dname "CN=John Doe, OU=DLP_Development,O=Symantec, L=SanFrancisco, S=California, C=USA" -alias smtp_prevent -keypass prevent_keystore_password -keystore C:\ProgramData\Symantec\DataLossPrevention\DetectionServer\15.8.00000\Protect\keystore\prevent.ks -storepass prevent_keystore_password -validity 90

Note: You will need to change the "-dname" in the command to the parameters of your organization.

Keytool.exe location

Windows:

• 15.7: <DRIVE>:\Program Files\Symantec\DataLossPrevention\ServerJRE\<version>\bin
• 15.8: <DRIVE>:\Program Files\AdoptOpenJRE\jdk8u<version>-jre\bin

Linux:

• 15.7: /opt/Symantec/DataLossPrevention/ServerJRE/<version>/bin
• 15.8: /opt/AdoptOpenJRE/ jdk8u<version>-jre/bin