Jan 2, 2014 12:51:30 PM com.opensystems.privatei.util.Logger:SEVERE: exception
java.lang.Exception: Error: -9 LockBox::LockBox : The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.
at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox(Native Method)
at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:69)
at com.emc.clb.LockBox.<init>(LockBox.java:230)
at com.rsa.envision.security.lockbox.FileLockBox.<init>(FileLockBox.java:25)
at com.rsa.envision.security.lockbox.FileLockBoxFactory.addFileLockBox(FileLockBoxFactory.java:74)
at com.rsa.envision.security.lockbox.FileLockBoxFactory.getFileLockBox(FileLockBoxFactory.java:57)
at com.rsa.envision.security.lockbox.InMemoryLockBox.<init>(InMemoryLockBox.java:33)
at com.rsa.envision.security.lockbox.InMemoryLockBox.getInstance(InMemoryLockBox.java:60)
at com.opensystems.privatei.PrivateIServer.initializeLockBox(PrivateIServer.java:372)
at com.opensystems.privatei.PrivateIServer.init(PrivateIServer.java:143)
RSA enVision
To correct, using lockbox utillity tool provided by engineering (ECE-1235) to re-create site/temp lockbox files.
General notes for using lockboxutil.exe
--Run this command line utility from DS1. You can run this from any folder, avoid running this from inside envision folders
--The tool only fixes the site lockbox with the supplied values and does not change any passwords in the system
--Both the site lockbox and dB lockbox will be re-created (overwritten if it exists)
--Make sure the .../CSD/config/lockbox folder is present before running the tool. Create this manually if folder is missing
--All passwords supplied while recreating sitelockbox should be same as what being used in the system. The utility does not test for the correctness of the passwords
--The ASrv hostnames to be included should be fully qualified. Eg: LS1-AS1.LS1.nic
?You need to supply the hostnames for all the ASrvs present in the setup
?Enter 'n' as the ASrv hostname after supplying all the other ASrv hostnames. Example input for an LS setup with 2 ASrvs is as follows
Enter list of Asrv fqdn hostnames one by one (input 'n' to mark the end)
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS1.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS2.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): n
--If sitelockbox exists then it will be overwritten after running this tool
?you can re-run the tool to overwrite existing passwords inside site lockbox with new ones
--lockbox.log file for debugging will be created in the same directory from where you execute the tool
Related Articles
Provisioning Node Mapping display changed in RSA Identity Governance & Lifecycle Number of Views Email node does not save changes in RSA Identity Governance & Lifecycle Number of Views Issue with FSM file shares being lost until the server is rebooted. Number of Views How to disable the automatic startup of RSA Identity Governance & Lifecycle when the server is rebooted Number of Views Identity router status changed to distressed after reboot in RSA SecurID Access Number of Views
Trending Articles
Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA Governance & Lifecycle 8.0.0 Administrators Guide RSA Governance & Lifecycle 8.0.0 Installation Guide
