RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) Server fails to start with error: An issue with handling encryption was encountered
Originally Published: 2018-11-22
Article Number
Applies To
RSA Version/Condition: 7.0.1+
Issue
When trying to restart the AFX, it couldn't restart throwing the below errors:
In mule_ee.log:
******************************************************************************************************* * - - + APPLICATION + - - * - - + DOMAIN + - - * - - + STATUS + - - * ******************************************************************************************************* * AFX-CONN-MS-Exchange-2010 * default * FAILED * * AFX-CONN-Active_DirectoryConnector * default * FAILED * * AFX-SETTINGS-Microsoft-Exchange-2010 * default * FAILED * * AFX-SETTINGS-OracleDatabase * default * FAILED * * AFX-TEST * default * DEPLOYED * * AFX-SETTINGS-ActiveDirectory * default * FAILED * * AFX-CONN-MQ_Connector_T24 * default * FAILED * * AFX-CONN-MQ_Connector_T24_1 * default * FAILED * * 05_AFX-PREINIT * default * DEPLOYED * * 10_AFX-INIT * default * FAILED * * AFX-CONN-ERP-Connector * default * FAILED * * 15_AFX-MAIN * default * FAILED * ******************************************************************************************************* Pinging the JVM took 3 seconds to respond.
In esb.AFX-INIT.log:
java.lang.IllegalStateException: An issue with handling encryption was encountered ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJPBE ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJSecretKeyEncryptor ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: javax.crypto.BadPaddingException: Invalid padding. ...
Cause
So the Master Encryption Key Storage Directory had to be checked, which is the directory where the master key is stored. This was starting from version 7.0.1. The default directory for hardware and software appliances is: /home/oracle/security.
There was a step where encryption/decryption was involved, that is dependent on the key found in the mentioned Master Encryption Key Storage Directory. This is where we found irrelevant files (that were not supposed to be there), other than the required key files. This caused a problem with mapping the correct key file. Hence, the above errors occurred, and the starting of the AFX server was stalled. So it was an issue beyond the AFX component itself.
Resolution
Related Articles
Error while importing RSA Identity Management and Governance Collector metadata: java.lang.IllegalStateException: An issue… Number of Views “An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle Number of Views How to fix the problem when backing out of V3 extension input. Number of Views The server encountered an unexpected condition which prevented it from fulfilling the request when logging out of Self-Ser… Number of Views In RSA Identity Governance & Lifecycle, a SQL exception error in the UI is encountered when saving Delay node on a Workflow Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
Don't see what you're looking for?
