Symantec Directory : dxEnc.conf file missing on new installation
search cancel

Symantec Directory : dxEnc.conf file missing on new installation

book

Article ID: 251182

calendar_today

Updated On:

Products

CA Directory

Issue/Introduction

After performing a new install and copying the configuration files from  one of the existing (working) installation, you are not able to start the DSA(s) that has 'data-encryption' parameter set, reporting the following errors:

** ALARM **: Cannot open dxEnc.conf file (config/dxEnc.conf) 
>>> set data-encryption = {encrypted-attrs = uniqueIdentifier,AuthType,CustID,Token,uid,telephoneNumber,cn}; 
Error: Syntax Error: Line 40 in /opt/CA/Directory/dxserver/config/servers/dsaname.dxi near '}' Invalid data encryption dxEnc.conf file 
>>> set data-encryption = {encrypted-attrs = uniqueIdentifier,AuthType,CustID,Token,uid,telephoneNumber,cn}; 
Error: Syntax Error: Line 40 in /opt/CA/Directory/dxserver/config/servers/dsaname.dxi near '}' Cannot set data-encryption 
** ALARM **: Error in initialization files

In the above example, following line was set within SERVERS dsaname.dxi file:

set data-encryption = uniqueIdentifier,AuthType,CustID,Token,uid,telephoneNumber,cn; (this was copied over as part of config files copied over from existing node to this newly setup node).

Environment

Release : 14.1

Component : CA Directory

Resolution

The problem is related to the fact that somehow the install process was not able to successfully generate the MasterKey File.

Reviewing the install log, you will see something similar to following:

===================== DXSERVER INSTALLATION (CONTINUED)  ======================

  Setting up environment for account dsa...

ERROR - Occurred creating Masterkey file. Please run dxcertgen manually to generate MasterKey File
  DXserver has installed successfully
  Checking current install of Directory... 14.1.16555

In order to address this, simply run 'dxcertgen masterkey' command at the system prompt to generate the MasterKey File (i.e. the missing dxEnc.conf). Once done, the DSA should be able to start successfully.

Additional Information

Reference:
https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/administrating/tools-to-manage-ca-directory/dxtools/dxcertgen-tool-generate-and-work-with-certificates.html#concept.dita_882810b1cbf0660ca8cf98244c7e9b92302d9c4b_dxcertgenmasterkeyCommandGeneratemasterkeyforencryptionofattributes