search cancel

After changing Enforce console authentication method, Incident Persister fails to start

book

Article ID: 257183

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Enforce

Issue/Introduction

After configuring another authentication method for Enforce server login, the Incident Persister service will not start.

The Incident Persister.log shows the following:

Jan 4, 2023 3:18:38 PM (SEVERE) Thread: 16 [com.vontu.incidenthandler.IncidentPersister.start] Unexpected error starting Incident Persister.
java.lang.RuntimeException: Invalid JDBC configuration file
    at com.vontu.util.jdbc.JDBCTestConnection.testDatabaseConnectionAndCheckSchemaVersion(JDBCTestConnection.java:60)
    at com.vontu.util.jdbc.JDBCTestConnection.testDatabaseConnectionAndCheckSchemaVersion(JDBCTestConnection.java:113)
    at com.vontu.util.jdbc.JDBCTestConnection.checkDatabaseConnection(JDBCTestConnection.java:138)
    at com.vontu.incidenthandler.IncidentPersister.start(IncidentPersister.java:125)
    at com.vontu.incidenthandler.IncidentPersister.main(IncidentPersister.java:240)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.tanukisoftware.wrapper.WrapperSimpleApp.run(WrapperSimpleApp.java:325)
    at java.lang.Thread.run(Thread.java:750)
Caused by: java.lang.NullPointerException
    at java.util.StringTokenizer.<init>(StringTokenizer.java:199)
    at java.util.StringTokenizer.<init>(StringTokenizer.java:221)
    at com.vontu.util.jdbc.JDBCConfig.initialize(JDBCConfig.java:105)
    at com.vontu.util.jdbc.JDBCConfig.<init>(JDBCConfig.java:64)
    at com.vontu.util.jdbc.JDBCConfig.<init>(JDBCConfig.java:69)
    at com.vontu.util.jdbc.JDBCTestConnection.testDatabaseConnectionAndCheckSchemaVersion(JDBCTestConnection.java:56)
    ... 10 more

Environment

Release : DLP 16.0

RHEL 7.x

Cause

From Incident Persister log, we can see that SpringSecurityContext.xml file lacks permissions.  To identify the issue, look at the following line.

Source: com.vontu.enforce.domainlayer.user.authentication.SpringAuthenticationConfiguration.load
Message: Failed to load spring security configuration:
java.io.FileNotFoundException: /opt/Symantec/DataLossPrevention/EnforceServer/16.0.00000/Protect/tomcat/webapps/ProtectManager/WEB-INF/springSecurityContext.xml (Permission denied)

QRTZ scheduler is dependent on Spring, and thus when this file fails to load, Incident Persister stops.

Resolution

springSecurityContext.xml owner was not set with DLP service account permissions. When Incident Persister tried to load scheduler in Database, this failed. Reset permissions on file to mirror other files with chown -reference command in  Linux or manually using chown.  The owner must be the Symantec DLP service account.