|Applies To||RSA Product Set: RSA NetWitness Endpoint|
RSA Version/Condition: 4.2.x, 4.3.x, 4.4.x
|Issue||When trying to save the ECATUI, Configure > Monitoring and External Components, RSA Live credentials, and it fails with the error "Could not store into lockbox".|
|Cause||The RSA ECAT API Server service doesn't have permission to write to the lockbox files.|
The lockbox files have become corrupt, and are no longer writeable.
|Resolution||1. Check the RSA ECAT services have permission to write to files in the Server directory?|
On the ECAT Server in services.msc, look at the windows account that will "Log On As" for the RSA ECAT services:
RSA ECAT API Server
RSA ECAT Server
RSA NWE Meta Service
For example in this screenshot the local administrator account runs the ECAT services:
Make sure this windows account(s) have write permission in the Server directory, (default path C:\Program Files\RSA\ECAT\Server)
Right-click the Server directory, Properties, Security tab
For example, in this screenshot, the Administrators group has Full control in the Server directory which gives Write permission.
2. If the Server directory permissions check above wasn't the cause of the issue, then perhaps the lockbox files are not writable.
Re-create the lockbox files.
a. On the ECAT Server in the ECATUI, Configure > Monitoring and External Components.
Make a copy of all the settings you have previously made, so these values can be re-entered later.
b. Exit the ECATUI, and stop all the ECAT services on the ECAT Server.
c. On the ECAT Server, in the Server directory (default path C:\Program Files\RSA\ECAT\Server) make a copy of all 4 km* files (km, km.bak, km.bak.FCD, km.FCD) to another location. These are the lockbox files and its backups.
d. Delete the 4 km* files.
e. Start all the ECAT services, the km* files will automatically be re-created in the Server directory.
f. In the ECATUI, Configure > Monitoring and External Components re-enter all the settings, starting with RSA Live. Ensure the RSA Live credentials can now be saved.