Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000034797 - RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) failure on startup with the message "Error processing initialization response"

Document created by RSA Customer Support

on Feb 24, 2017•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000034797
Applies To	RSA Product Set: RSA Identity Governance and Lifecycle RSA Version/Condition: 7.0.1+ Product Name: AFX
Issue	RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) fails to startup. In the console, under AFX Servers, the status shows as Not running. The following errors are logged in /home/oracle/AFX/esb/logs/esb.AFX-INIT.log: 2017-02-02 09:13:06.707 [INFO] org.mule.lifecycle.AbstractLifecycleManager:193 - Starting: 'connector.https.mule.default.dispatcher.697427580'. Object is: HttpsClientMessageDispatcher 2017-02-02 09:13:06.948 [INFO] com.aveksa.afx.server.init.SubmitInitializationRequestComponent:150 - Initialization response received 2017-02-02 09:13:06.951 [INFO] com.aveksa.afx.server.init.InitializationResponseProcessorComponent:37 - Processing initialization response 2017-02-02 09:13:06.975 [ERROR] com.aveksa.afx.server.init.InitializationResponseProcessorComponent:103 - Error processing initialization response java.lang.IllegalStateException: An issue with handling encryption was encountered at com.aveksa.common.crypto.EncryptionMgr.decrypt(EncryptionMgr.java:501) ..... Caused by: com.aveksa.common.crypto.EncryptionException: Value to be decrypted has no associated encryptor for its embedded key version: keyVersion[qG7]; Value[ENCAqG7(hvZ...)] -- Check that the security key file is not missing at com.aveksa.common.crypto.EncryptionMgr.decrypt(EncryptionMgr.java:495) ... 53 more The following errors are logged in /home/oracle/AFX/esb/logs/mule_ee.log: ERROR 2017-02-02 09:13:07,030 [WrapperListener_start_runner] org.mule.module.launcher.DefaultArchiveDeployer: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + Failed to deploy artifact '10_AFX-INIT', see below + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ org.mule.module.launcher.DeploymentInitException: EncryptionException: Value to be decrypted has no associated encryptor for its embedded key version: keyVersion[qG7]; Value[ENCAqG7(hvZ...)] -- Check that the security key file is not missing
Cause	This issue may occur if the encrypted configuration data for the AFX server is encrypted with a different key than the system-wide encryption keys stored in /home/oracle/security. This may occur for a variety of reasons, including the following examples: The database has been restored from a different system with different encryption keys. One node in a multi-node cluster is incorrectly using different encryption keys than the SON node. The AFX deployment archive has been exported from a different system than it was deployed on. All passwords in the AFX configuration, including the Default Truststore Password, are encrypted with the system encryption keys. If the keys do not match any encrypted data in the AFX configuration including the connector definitions, the error will be generated. The system-wide encryption keys were introduced in 7.0.1 and later versions.
Resolution	Recover the Encryption Key from the master key storage directory as per the instructions on page 34 of the RSA Identity Governance and Lifecycle V7.0.1 Database Setup and Management Guide.
Workaround	If you elect not to recover the Encryption Key from the master key storage directory, then the AFX startup failure can be resolved by re-encrypting the AFX Default Truststore Password. Under the AFX > Servers menu, Select the AFX instance that has failed. Edit the AFX server and select the Default Truststore Password. Enter the password changeme and save the changes. Restart the AFX server from the command line. afx restart This will ensure that the Default TrustStore is encrypted with the current keys. NOTE: If you have imported any AFX connectors from another system you will have to edit each of the connectors and update any encrypted fields (passwords) by re-entering the password and saving the connector definition.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links