000036118 - Saving RSA Live credentials in NetWitness Endpoint fails with "Could not store into lockbox"

Document created by RSA Customer Support Employee on Mar 12, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036118
Applies ToRSA Product Set: RSA NetWitness Endpoint
RSA Version/Condition: 4.2.x, 4.3.x, 4.4.x
Platform: Windows
IssueWhen trying to save the ECATUI, Configure > Monitoring and External Components, RSA Live credentials, and it fails with the error "Could not store into lockbox".

User-added image
CauseThe RSA ECAT API Server service doesn't have permission to write to the lockbox files.
The lockbox files have become corrupt, and are no longer writeable.
Resolution1. Check the RSA ECAT services have permission to write to files in the Server directory?

On the ECAT Server in services.msc, look at the windows account that will "Log On As" for the RSA ECAT services:
RSA NWE Meta Service

For example in this screenshot the local administrator account runs the ECAT services:
User-added image

Make sure this windows account(s) have write permission in the Server directory, (default path C:\Program Files\RSA\ECAT\Server)
Right-click the Server directory, Properties, Security tab

For example, in this screenshot, the Administrators group has Full control in the Server directory which gives Write permission.
User-added image

2. If the Server directory permissions check above wasn't the cause of the issue, then perhaps the lockbox files are not writable.

Re-create the lockbox files.

a. On the ECAT Server in the ECATUI, Configure > Monitoring and External Components.
Make a copy of all the settings you have previously made, so these values can be re-entered later.

b. Exit the ECATUI, and stop all the ECAT services on the ECAT Server.

c. On the ECAT Server, in the Server directory (default path C:\Program Files\RSA\ECAT\Server) make a copy of all 4 km* files (km, km.bak, km.bak.FCD, km.FCD) to another location. These are the lockbox files and its backups.

User-added image

d. Delete the 4 km* files.

e. Start all the ECAT services, the km* files will automatically be re-created in the Server directory.

f. In the ECATUI, Configure > Monitoring and External Components re-enter all the settings, starting with RSA Live. Ensure the RSA Live credentials can now be saved.