"Failed to generate agent installer packages. Try again later." error due to password verification failure
search cancel

"Failed to generate agent installer packages. Try again later." error due to password verification failure

book

Article ID: 399688

calendar_today

Updated On:

Products

Data Loss Prevention Core Package Data Loss Prevention Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce

Issue/Introduction

When trying to create an agent installation package using the Agent Packaging feature of the Enforce Console an error "Failed to generate agent installer packages. Try again later." is thrown. 

The following exception can be found in the tomcat localhost log which by default is located in C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>\logs\tomcat:

Replace <version> with the currently running DLP release version. Note that this is a shortened extract of the exception.

com.vontu.communication.transport.exception.CertificateException: Error generating client truststore Keystore was tampered with, or password was incorrectcom.vontu.communication.transport.exception.CertificateException: Error generating client truststore Keystore was tampered with, or password was incorrect
	at com.vontu.communication.transport.CertificateGenerator.generateClientTruststore(CertificateGenerator.java:674)
	...
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:792)
	at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:57)
	at sun.security.provider.KeyStoreDelegator.engineLoad(KeyStoreDelegator.java:224)
	at sun.security.provider.JavaKeyStore$DualFormatJKS.engineLoad(JavaKeyStore.java:71)
	at java.security.KeyStore.load(KeyStore.java:1445)
	at com.symantec.dlp.util.keystore.KeystoreEntry.<init>(KeystoreEntry.java:59)
	at com.symantec.dlp.util.keystore.KeystoreEntry.<init>(KeystoreEntry.java:50)
	at com.vontu.communication.transport.CertificateGenerator.getListOfAliasesFromKeystore(CertificateGenerator.java:407)
	at com.vontu.communication.transport.CertificateGenerator.generateClientTruststore(CertificateGenerator.java:654)
	... 352 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
	at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:790)
	... 360 more

 

Cause

Password mismatch of DLP_Default_Truststore.jks and it's corresponding entry in the database.

Resolution

To resolve the issue follow the steps listed below:

  1. Stop all Symantec DLP services on the Enforce server. Make sure to follow the correct order of the services as described in the below document:
    Restart DLP Enforce services in the correct order
  2. Navigate to D:/ProgramData/Symantec/DataLossPrevention/EnforceServer/<version>/keystore where <version> should be replaced with the currently running release of the DLP product.
  3. Copy DLP_Default_Truststore.jks to a backup location.
  4. Rename DLP_Default_Truststore.jks to DLP_Default_Truststore.jks_bak in the keystore directory.
  5. Start all the Symantec DLP services on the Enforce server in the order outlined in the document linked in step 1.

After a while the DLP_Default_Truststore.jks file will be automatically recreated. Once the Symantec DLP services are running and the JKS is back in the keystore directory attempt to generate the agent package again.

Powered by Wolken Software