The customer is using a newer version of Java than we have currently certified, in this case they were using OpenJRE 1.8.352
When attempting to restore the Enforce server to a DR server instance they encountered the following error when attempting to process the reinstallationresource.zip file using the installer.
AES/CBC/PKCS5Padding == AES128
java.security.NoSuchAlgorithmException: Cannot find any provider supporting AES/CBC/PKCS5Padding
at javax.crypto.Cipher.getInstance(Cipher.java:543)
at com.symantec.dlp.utilities.encryption.properties.EncryptedProperties.createCipher(EncryptedProperties.java:49)
at com.symantec.dlp.utilities.encryption.properties.EncryptedProperties.<init>(EncryptedProperties.java:73)
at com.symantec.dlp.utilities.encryption.properties.EncryptedProperties.<init>(EncryptedProperties.java:67)
at com.symantec.dlp.utilities.encryption.properties.EncryptedProperties.<init>(EncryptedProperties.java:62)
at com.vontu.util.jdbc.DatabasePasswordProperties.<init>(DatabasePasswordProperties.java:85)
at com.symantec.dlp.DatabaseSettingsChangeUtility.DatabaseSettingsChangeUtility.generateDatabasePasswordPropertiesFile(DatabaseSettingsChangeUtility.java:121)
at com.symantec.dlp.DatabaseSettingsChangeUtility.DatabaseSettingsChangeUtility.changeDatabaseSettings(DatabaseSettingsChangeUtility.java:79)
at com.symantec.dlp.DatabaseSettingsChangeUtility.DatabaseSettingsChangeUtility.main(DatabaseSettingsChangeUtility.java:106)
Release : 15.8
Appears to the java incompatibility.
Customer downgraded version of OpenJRE.
Note, also check installer has write access to JRE installation directory.