Jan 2, 2014 12:51:30 PM com.opensystems.privatei.util.Logger:SEVERE: exception
java.lang.Exception: Error: -9 LockBox::LockBox : The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.
at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox(Native Method)
at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:69)
at com.emc.clb.LockBox.<init>(LockBox.java:230)
at com.rsa.envision.security.lockbox.FileLockBox.<init>(FileLockBox.java:25)
at com.rsa.envision.security.lockbox.FileLockBoxFactory.addFileLockBox(FileLockBoxFactory.java:74)
at com.rsa.envision.security.lockbox.FileLockBoxFactory.getFileLockBox(FileLockBoxFactory.java:57)
at com.rsa.envision.security.lockbox.InMemoryLockBox.<init>(InMemoryLockBox.java:33)
at com.rsa.envision.security.lockbox.InMemoryLockBox.getInstance(InMemoryLockBox.java:60)
at com.opensystems.privatei.PrivateIServer.initializeLockBox(PrivateIServer.java:372)
at com.opensystems.privatei.PrivateIServer.init(PrivateIServer.java:143)
RSA enVision
To correct, using lockbox utillity tool provided by engineering (ECE-1235) to re-create site/temp lockbox files.
General notes for using lockboxutil.exe
--Run this command line utility from DS1. You can run this from any folder, avoid running this from inside envision folders
--The tool only fixes the site lockbox with the supplied values and does not change any passwords in the system
--Both the site lockbox and dB lockbox will be re-created (overwritten if it exists)
--Make sure the .../CSD/config/lockbox folder is present before running the tool. Create this manually if folder is missing
--All passwords supplied while recreating sitelockbox should be same as what being used in the system. The utility does not test for the correctness of the passwords
--The ASrv hostnames to be included should be fully qualified. Eg: LS1-AS1.LS1.nic
?You need to supply the hostnames for all the ASrvs present in the setup
?Enter 'n' as the ASrv hostname after supplying all the other ASrv hostnames. Example input for an LS setup with 2 ASrvs is as follows
Enter list of Asrv fqdn hostnames one by one (input 'n' to mark the end)
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS1.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): LS1-AS2.LS1.nic
Enter Asrv fqdn hostname (Eg: LSSite-AS1.LSSite.nic): n
--If sitelockbox exists then it will be overwritten after running this tool
?you can re-run the tool to overwrite existing passwords inside site lockbox with new ones
--lockbox.log file for debugging will be created in the same directory from where you execute the tool
Related Articles
Email node does not save changes in RSA Identity Governance & Lifecycle Number of Views Plus (+) characters changed to (%2b) in email text sent from Workflow Email Nodes in SecurID Governance & Lifecycle Number of Views A device has changed from Unknown to a known device type and there is data that needs to be migrated. Number of Views E-mail Template Example for the Self-Service Console Number of Views Identity router status changed to distressed after reboot in RSA SecurID Access Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
