Unable to ignite cryptographic keys
search cancel

Unable to ignite cryptographic keys

book

Article ID: 241742

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention

Issue/Introduction

Unable to access Enforce Login and Symantec DLP Incident Persister Service and Symantec DLP Detection Server Controller Service will not start.

Cause

Tomcat localhost log shows errors:

SEVERE [com.vontu.config.enforce.EnforceSpringConfiguration] Exception accessing Enforce KeyStore at location [file path to location of keystore]/enforce_keystore.jks
Cause:
com.vontu.security.KeyStorehouseException: Unable to ignite cryptographic keys.com.vontu.security.KeyStorehouseException: Unable to ignite cryptographic keys.

Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect

Caused by: java.security.UnrecoverableKeyException: Password verification failed
 at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:783)
 ... 166 more

java.security.UnrecoverableKeyException: Password verification failedjava.security.UnrecoverableKeyException: Password verification failed

Resolution

NOTE:  The workaround below should NOT be taken by customers who also have DLP Cloud Detection Service (Email, CloudSOC, or WSS Detectors added to Enforce)

 

  1. Move, delete, or rename the enforce_keystore.jks file from the keystore directory, restart the Symantec DLP Manager service.  The file will be recreated.
  2. Verify you are able to access the login screen, and restart the Symantec DLP Incident Persister service and Symantec DLP Detection Server Controller service.
  3. Login to the Enforce console and make sure you are able to access incidents and snapshot data is legible.

If you do have a DLP CDS, open a case with Support and reference this article.

Additional Information