RSA Version/Condition: 7.2.0, 7.2.1, 7.5.0, 7.5.2
Platform: IBM WebSphere
[9/23/21 21:45:52:197 CEST] 0000007d SystemOut O ERROR (server.startup : 1) [CheckDatabase] Error reading Aveksa_System.cfg java.lang.IllegalStateException: An issue with handling encryption was encountered at com.aveksa.common.crypto.EncryptionMgr.encrypt(EncryptionMgr.java:459)
This issue occurs on the first attempt to load the third-party crypto libraries in the CheckDatabase step.
This is a known issue in the following versions of WebSphere:
- IBM WebSphere 9.0.5.7 and later running IBM JDK 1.8
- IBM WebSphere 8.5.5.19 and later running IBM JDK 1.8
- IBM WebSphere 8.5.5.14 and later running IBM JDK 1.7
This issue is resolved in the following patches/versions of RSA Identity Governance & Lifecycle:
- RSA Identity Governance & Lifecycle 7.2.0 (upgrade to 7.2.1 or later version and apply the patch where this issue is fixed)
- RSA Identity Governance & Lifecycle 7.2.1 P12
- RSA Identity Governance & Lifecycle 7.5.0 P07
- SecurID Governance & Lifecycle 7.5.2 P03 (see Note1 below)
- Defer applying the latest IBM fix pack until you can complete the patching of RSA Identity Governance & Lifecycle.
Note that you may apply an IBM WebSphere Interim Fix for a security vulnerability on an earlier WebSphere Fix Pack level that does not break RSA Identity Governance & Lifecycle deployment. For example, applying an Interim Fix as recommended by IBM on the following page should be fine as long as the WebSphere Fix Pack level is earlier than the ones listed above that cause problems with RSA Identity Governance & Lifecycle:
https://www.ibm.com/support/pages/node/6445171
Note a similar failure if you attempt to upgrade RSA Identity Governance & Lifecycle without applying the latest IBM fix pack:
000067915 - "JCE cannot authenticate the provider JsafeJCE" when starting SecurID Governance & Lifecycle
This issue is specific to IBM WebSphere and the IBM JRE and is not known to affect deployments on Wildfly or Weblogic.
Note1 - SecurID Governance & Lifecycle 7.5.2 original full installer (build 181918) was replaced with an updated full installer build 182642 (same build as the 7.5.2 P03 patch) in June 2022. Customers who installed 7.5.2 build 181918 before June 2022 need to patch to 7.5.2 P03.
Related Articles
Fortigate SSL VPN Timeout Issue with Approve/Biometrics Number of Views AFX Server remains in a 'Not running' State with 'An issue with handling encryption was encountered' error on startup in R… Number of Views Error while importing RSA Identity Management and Governance Collector metadata: java.lang.IllegalStateException: An issue… Number of Views Troubleshooting an update issue with an RSA Authentication Manager 8.x Web Tier deployment Number of Views Urgent Notice: Issue with Embedded IDR Image Downloads Number of Views
Trending Articles
RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide How to download and install the AFX Server Archive in RSA Identity Governance & Lifecycle The Template ({Connector Template Name}) has missing file content error when creating AFX Connectors in RSA Identity Gover… Downloading RSA Authentication Manager license files or RSA Software token seed records Troubleshooting RSA MFA Agent for Microsoft Windows
