RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) Server fails to start with error: An issue with handling encryption was encountered
Originally Published: 2018-11-22
Article Number
Applies To
RSA Version/Condition: 7.0.1+
Issue
When trying to restart the AFX, it couldn't restart throwing the below errors:
In mule_ee.log:
******************************************************************************************************* * - - + APPLICATION + - - * - - + DOMAIN + - - * - - + STATUS + - - * ******************************************************************************************************* * AFX-CONN-MS-Exchange-2010 * default * FAILED * * AFX-CONN-Active_DirectoryConnector * default * FAILED * * AFX-SETTINGS-Microsoft-Exchange-2010 * default * FAILED * * AFX-SETTINGS-OracleDatabase * default * FAILED * * AFX-TEST * default * DEPLOYED * * AFX-SETTINGS-ActiveDirectory * default * FAILED * * AFX-CONN-MQ_Connector_T24 * default * FAILED * * AFX-CONN-MQ_Connector_T24_1 * default * FAILED * * 05_AFX-PREINIT * default * DEPLOYED * * 10_AFX-INIT * default * FAILED * * AFX-CONN-ERP-Connector * default * FAILED * * 15_AFX-MAIN * default * FAILED * ******************************************************************************************************* Pinging the JVM took 3 seconds to respond.
In esb.AFX-INIT.log:
java.lang.IllegalStateException: An issue with handling encryption was encountered ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJPBE ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJSecretKeyEncryptor ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: javax.crypto.BadPaddingException: Invalid padding. ...
Cause
So the Master Encryption Key Storage Directory had to be checked, which is the directory where the master key is stored. This was starting from version 7.0.1. The default directory for hardware and software appliances is: /home/oracle/security.
There was a step where encryption/decryption was involved, that is dependent on the key found in the mentioned Master Encryption Key Storage Directory. This is where we found irrelevant files (that were not supposed to be there), other than the required key files. This caused a problem with mapping the correct key file. Hence, the above errors occurred, and the starting of the AFX server was stalled. So it was an issue beyond the AFX component itself.
Resolution
Related Articles
“An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle Number of Views "Invalid Lockbox Configuration File" caused by space after masterpassword in server configuration files Number of Views Error while importing RSA Identity Management and Governance Collector metadata: java.lang.IllegalStateException: An issue… Number of Views In RSA Identity Governance & Lifecycle, a SQL exception error in the UI is encountered when saving Delay node on a Workflow Number of Views AFX Server remains in a 'Not running' State with 'An issue with handling encryption was encountered' error on startup in R… Number of Views
Trending Articles
RSA Release Notes for RSA Authentication Manager 8.8 RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA Authentication Manager 8.9 Release Notes (January 2026) How to create and configure certificates for HTTPS access when using intermediate CA certs in RSA Identity Governance & Li…
Don't see what you're looking for?
