000013480 - Webserver failed to start - Lockbox fingerprint has changed

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000013480
Applies ToError in pi_webserver.log:
Jan 2, 2014 12:51:30 PM com.opensystems.privatei.util.Logger:SEVERE: exception
java.lang.Exception: Error: -9 LockBox::LockBox : The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.
 at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox(Native Method)
 at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:69)
 at com.emc.clb.LockBox.<init>(LockBox.java:230)
 at com.rsa.envision.security.lockbox.FileLockBox.<init>(FileLockBox.java:25)
 at com.rsa.envision.security.lockbox.FileLockBoxFactory.addFileLockBox(FileLockBoxFactory.java:74)
 at com.rsa.envision.security.lockbox.FileLockBoxFactory.getFileLockBox(FileLockBoxFactory.java:57)
 at com.rsa.envision.security.lockbox.InMemoryLockBox.<init>(InMemoryLockBox.java:33)
 at com.rsa.envision.security.lockbox.InMemoryLockBox.getInstance(InMemoryLockBox.java:60)
 at com.opensystems.privatei.PrivateIServer.initializeLockBox(PrivateIServer.java:372)
 at com.opensystems.privatei.PrivateIServer.init(PrivateIServer.java:143)
RSA enVision
IssueWebserver failed to start - Lockbox fingerprint has changed
CauseThe passphrase does not match in Lockbox, possibly due to master account password change.

To correct, using lockbox utillity tool provided by engineering (ECE-1235) to re-create site/temp lockbox files.
General notes for using lockboxutil.exe

--Run this command line utility from DS1. You can run this from any folder, avoid running this from inside envision folders
--The tool only fixes the site lockbox with the supplied values and does not change any passwords in the system
--Both the site lockbox and dB lockbox will be re-created (overwritten if it exists)
--Make sure the .../CSD/config/lockbox folder is present before running the tool. Create this manually if folder is missing
--All passwords supplied while recreating sitelockbox should be same as what being used in the system. The utility does not test for the correctness of the passwords
--The ASrv hostnames to be included should be fully qualified. Eg: LS1-AS1.LS1.nic
?You need to supply the hostnames for all the ASrvs present in the setup
?Enter 'n' as the ASrv hostname after supplying all the other ASrv hostnames. Example input for an LS setup with 2 ASrvs is as follows
Enter list of Asrv fqdn hostnames one by one (input 'n' to mark the end)
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS1.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS2.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): n

--If sitelockbox exists then it will be overwritten after running this tool
?you can re-run the tool to overwrite existing passwords inside site lockbox with new ones
--lockbox.log file for debugging will be created in the same directory from where you execute the tool

Legacy Article IDa63570