RSA Identity Governance and Lifecycle Access Fulfillment Express (AFX) Server fails to start with error: An issue with handling encryption was encountered
Originally Published: 2018-11-22
Article Number
Applies To
RSA Version/Condition: 7.0.1+
Issue
When trying to restart the AFX, it couldn't restart throwing the below errors:
In mule_ee.log:
******************************************************************************************************* * - - + APPLICATION + - - * - - + DOMAIN + - - * - - + STATUS + - - * ******************************************************************************************************* * AFX-CONN-MS-Exchange-2010 * default * FAILED * * AFX-CONN-Active_DirectoryConnector * default * FAILED * * AFX-SETTINGS-Microsoft-Exchange-2010 * default * FAILED * * AFX-SETTINGS-OracleDatabase * default * FAILED * * AFX-TEST * default * DEPLOYED * * AFX-SETTINGS-ActiveDirectory * default * FAILED * * AFX-CONN-MQ_Connector_T24 * default * FAILED * * AFX-CONN-MQ_Connector_T24_1 * default * FAILED * * 05_AFX-PREINIT * default * DEPLOYED * * 10_AFX-INIT * default * FAILED * * AFX-CONN-ERP-Connector * default * FAILED * * 15_AFX-MAIN * default * FAILED * ******************************************************************************************************* Pinging the JVM took 3 seconds to respond.
In esb.AFX-INIT.log:
java.lang.IllegalStateException: An issue with handling encryption was encountered ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJPBE ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to get unencrypted password for encryptor: CryptoJSecretKeyEncryptor ... Caused by: com.aveksa.common.crypto.EncryptionException: Failed to decrypt text ... Caused by: javax.crypto.BadPaddingException: Invalid padding. ...
Cause
So the Master Encryption Key Storage Directory had to be checked, which is the directory where the master key is stored. This was starting from version 7.0.1. The default directory for hardware and software appliances is: /home/oracle/security.
There was a step where encryption/decryption was involved, that is dependent on the key found in the mentioned Master Encryption Key Storage Directory. This is where we found irrelevant files (that were not supposed to be there), other than the required key files. This caused a problem with mapping the correct key file. Hence, the above errors occurred, and the starting of the AFX server was stalled. So it was an issue beyond the AFX component itself.
Resolution
Related Articles
“An issue with handling encryption was encountered" with IBM JDK 1.8.0_281 and later in RSA Identity Governance & Lifecycle Number of Views Automatic certificate expiry notification does not seem to work as expected Number of Views The server encountered an unexpected condition which prevented it from fulfilling the request when logging out of Self-Ser… Number of Views Error while importing RSA Identity Management and Governance Collector metadata: java.lang.IllegalStateException: An issue… Number of Views In RSA Identity Governance & Lifecycle, a SQL exception error in the UI is encountered when saving Delay node on a Workflow Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.9 Release Notes (January 2026) An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
