INSTALLING, CONFIGURING AND TROUBLESHOOTING LOCKBOX FOR EMC® DOCUMENTUM® D2 ABSTRACT This white paper contains information about installing, configuring and troubleshooting steps for lockbox setup in Documentum D2 application. April, 2015 EMC WHITE PAPER To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local representative or authorized reseller, visit www.emc.com, or explore and compare products in the EMC Store Copyright © 2014 EMC Corporation. All Rights Reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com. Part Number H14166 2 TABLE OF CONTENTS EXECUTIVE SUMMARY .............................................................................. 4 AUDIENCE ......................................................................................................... 4 INTRODUCTION ........................................................................................ 5 MANUAL CONFIGURATION OF D2 LOCKBOX ............................................. 5 Lockbox configuration in Documentum Content Server ........................................... 5 Lockbox configuration in Web Application Server .................................................. 10 USING THE NEW D2 CONFIGURATION UTILITY ...................................... 14 SILENT INSTALLATION OF LOCKBOX ...................................................... 26 D2CONFIGIMPORT USING COMMAND LINE ............................................ 27 TROUBLESHOOTING D2 LOCKBOX .......................................................... 28 CONCLUSION .......................................................................................... 31 REFERENCES ........................................................................................... 31 3 EXECUTIVE SUMMARY This whitepaper explains information on configuring Lockbox for Documentum D2 application. As part of the effort to improve and enhance the performance and capabilities of its product line, EMC, from time to time releases revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all revisions of the hardware or software currently in use. For the most up-to-date information on product features, refer to your product Release Notes document. If a product does not function properly or does not function as described in this document, please contact your EMC representative. All information included in this document is provided "as-is" and does not guarantee EMC's support or approval. Please consult the official product documentation or the Product Support team regarding any questions of supportability. Note: We vouch that the content in this document is accurate at the time of publication. However, as information is added, new versions of this document may be released to EMC online support website. Kindly check the website to ensure that you are using the latest version of this document. AUDIENCE This white paper is intended for Documentum administrators, technical support engineers, developers and QA engineers who deploy Documentum D2 application. The readers are expected to have expertise in deployment of Documentum products. 4 INTRODUCTION Lockbox is a component of the RSA Common Security Toolkit (CST) which securely stores passwords for Documentum D2 in an encrypted file. The stored passwords are put as <key, value> pairs. Lockbox uses keys to store and retrieve the passwords. Documentum D2 uses Lockbox that were earlier present as clear text in the various properties files, such as D2FS.properties, d2fstrust.properties, D2-JMS.properties, and D2-Config.properties. Note: The RSA CST is an internal security technology designed to provide a common set of security-related services available for integration into all EMC products. The Lockbox configuration for D2 can be done in either of the following ways: Using the new D2 Configurator Utility Manual configuration of D2 Lockbox MANUAL CONFIGURATION OF D2 LOCKBOX In manual configuration, the lockbox should be configured in both content server and web application server as mentioned in the following sections. LOCKBOX CONFIGURATION IN DOCUMENTUM CONTENT SERVER Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points: 1. Identify the architecture of lockbox installation The architecture of lockbox file must match with the Java Virtual Machine architecture in the installing environment. The JVM architecture can be found out by executing the java –version command in the console. Figure 1 Example of 64bit server JVM 5 Figure 2 Example of 32bit server JVM The lockbox architecture files can be found in platform specific folder installed by D2 installer. For instance, <lockbox install path>/win_vc80_x64 folder extracted by the D2 installer contains files specific to 64-bit architecture under windows platform. Each folder consists of README.txt file which lists the compatibility with the supported operating systems. In the above example, the README.txt under win_vc80_x64 folder lists compatibility with following Windows operating systems: o Microsoft Windows Server 2003 x86_64 (64-bit) o Microsoft Windows Server 2008 x86_64 (64-bit) o Microsoft Windows Server 2012 x86_64 (64-bit) 2. Install/Copy libraries Once the architecture of lockbox is identified – If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform folder> mentioned above. o Note: For Documentum Content Server 7.0 or earlier versions, copy LB.jar and LBJNI.jar that are extracted from the D2 installer into <Documentum install path>\<Jboss version>\server\DctmServer_MethodServer\lib folder. 3. Set environment variables for lockbox libraries The lockbox library references must be set in the environment variable according to the platform architecture. For Microsoft Windows, set the PATH environment variable: set PATH=<lockbox install path>\<platform folder>;%PATH% Example: set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH% 6 For Linux environment, set LD_LIBRARY_PATH and PATH variables: export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH export PATH=<lockbox install path>/<platform folder>:$PATH For IBM AIX, set LIBPATH and PATH variables: export LIBPATH=<lockbox install path>:$LIBPATH export PATH=<lockbox install path>/<platform folder>:$PATH 4. Set environment variables to look up lockbox jars The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files: o LB.jar o LBJNI.jar Also, the installer will extract C6-Common-<version>.jar into <D2 install path> folder. Add these jar locations into the PATH variable. For Microsoft Windows operating system: set CLASSPATH=<D2 install path>\C6-Common-<version>.jar;<lockbox install path>\LB.jar;<lockbox install path>\LBJNI.jar;%CLASSPATH% Example: set CLASSPATH=C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH% For Linux operating system: export CLASSPATH=<D2 install path>/C6-Common-<version>.jar:<lockbox install path>/LB.jar:<lockbox install path>/LBJNI.jar:$CLASSPATH 5. Generate lockbox file and set D2.passphrase using command line C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below command to set the passphrasejava com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file> D2Method.passphrase <plain text password> [optional lockbox passphrase] Example in Microsoft Windows environment: java.exe –cp “C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar” com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password Important Note: a. D2Method.passphrase must be identical across all physical systems. 7 b. If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one physical system to another physical system must be avoided. c. To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the specified lockbox location, the command does not change or update the passphrase. d. About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase, D2 generates a random passphrase when creating D2.lockbox file. You can create a passphrase using java PassphraseGenerator command in the following way: java com.emc.common.java.crypto.PassphraseGenerator <length> 6. Configuring lockbox on Content Server 7.1 You may skip to next step if you are using Documentum Content Server 7.0 or earlier versions. If you are running Documentum Content Server 7.1 version, the following changes need to be done. JAVA METHOD SERVER 1. The java method server location for Documentum Content Server 7.1 version is located at: <Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/ Copy the D2.lockbox file generated in the above step into “classes” folder. 2. Create emc/d2/lockbox/main folder under <Documentum install path>/<JBoss version>/modules/ Example: C:/Documentum/JBoss7.1/modules/emc/d2/lockbox/main 3. Copy LB.jar and LBJNI.jar files that are extracted by the D2 installer to the main/ folder. 4. Create module.xml under main/ folder and copy the below xml content. <module xmlns="urn:jboss:module:1.1" name="emc.d2.lockbox"> <resources> <resource-root path="LB.jar"/> <resource-root path="LBJNI.jar"/> </resources> </module> 5. Open <install path of Documentum>/<JBoss version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/META-INF/jboss-deployment-structure.xml in a text editor. Add the following lines under the <deployment> section: <dependencies> <module name="emc.d2.lockbox"/> </dependencies> 8 DOCUMENTUM PROCESS ENGINE 1. If Documentum Process Engine is installed for Documentum Content Server 7.1 version, the classes folder location is as under: <Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/APP-INF/classes/ Copy the D2.lockbox file generated in the above step into classes folder. 2. Open <Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/META-INF/jbossdeployment-structure.xml in a text editor. Add the following lines under the <deployment> section: <dependencies> <module name="emc.d2.lockbox"/> </dependencies> 7. Configuring lockbox for Content Server 7.0 or earlier versions Copy the D2.lockbox file generated in the above step into classes folder of – a. Java Method Server located at - <install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deploy/ServerApps.ear/APP-INF/classes/ b. Documentum Process Engine at - <install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/ 8. Restart Content Server Restart of Documentum Content Server is needed for the environment changes to take effect. 9 LOCKBOX CONFIGURATION IN WEB APPLICATION SERVER Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points: 1. Identifying the architecture of lockbox installation Same as seen in content server section. Click here to move to the section. 2. Install/Copy libraries Once the architecture of lockbox is identified – If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform folder> mentioned above. 3. Set environment variables for lockbox libraries Set environment variables specific to the platform architecture For Microsoft Windows, set the PATH environment variable: set PATH=<lockbox install path>\<platform folder>;%PATH% Example: set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH% For Linux environment, set LD_LIBRARY_PATH and PATH variables: export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH export PATH=<lockbox install path>/<platform folder>:$PATH For IBM AIX, set LIBPATH and PATH variables: export LIBPATH=<lockbox install path>:$LIBPATH export PATH=<lockbox install path>/<platform folder>:$PATH 4. Set environment variables to look up lockbox jars The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files: o LB.jar o LBJNI.jar Also, D2 installer extracts C6-Common-<version>.jar into <D2 install path>\webapps\D2-Config\WEB-INF\lib folder. Add these jar locations into the PATH variable. For Microsoft Windows operating system: set CLASSPATH=<webapp root>\webapps\D2-Config\WEB-INF\lib\C6-Common-<version>.jar;<lockbox install path>\LB.jar;<lockbox install path>\LBJNI.jar;%CLASSPATH% Example: set CLASSPATH=C:\apache-tomcat\webapps\D2-Config\WEB-INF\lib\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH% For Linux operating system: export CLASSPATH=<webapp root>/webapps/D2-Config/WEB-INF/lib/C6-Common<version>.jar:<lockbox install path>/LB.jar:<lockbox install path>/LBJNI.jar:$CLASSPATH 10 5. Generating lockbox file and set D2.passphrase using command line C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below command to set the passphrasejava com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file> D2Method.passphrase <plain text password> [optional lockbox passphrase] Example in Microsoft Windows environment: java.exe –cp “C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar” com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password Important Note: a. D2Method.passphrase must be identical across all physical systems. b. If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one physical system to another physical system must be avoided. c. To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the specified lockbox location, the command does not change or update the passphrase. d. About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase, D2 generates a random passphrase when creating D2.lockbox file. You can create a passphrase using java PassphraseGenerator command in the following way: java com.emc.common.java.crypto.PassphraseGenerator <length> 6. Updating lockboxPath properties entry The lockboxPath properties value specifies fully qualified path name of folder in which D2.lockbox resides. You need to configure the lockboxPath entry both in D2-Config and D2 client applications in the following way: D2 Config In D2-Config application, D2-Config.properties file contains lockboxPath properties entry. The file path of this properties file is located at : <webapp root>\webapps\D2-Config\WEB-INF\classes\D2-Config.properties Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment and specify the fully qualified folder path of D2.lockbox file. For example lockboxPath=C:/Documentum/D2/Lockbox D2 Client In D2 application, D2FS.properties file contains lockboxPath properties entry. The file path of this properties file is as under: <webapp root>\webapps\D2\WEB-INF\classes\D2FS.properties Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment and specify the fully qualified folder path of D2.lockbox file. For example, lockboxPath=C:/Documentum/D2/Lockbox 11 7. Copying lockbox libraries into web app Copy LB.jar and LBJNI.jar into the locations per specific application server as detailed below Apache tomcat Copy to <Tomcat root>/lib/ folder. IBM WebSphere Copy to <Websphere root>/AppServer/lib/ folder. Oracle WebLogic Copy LB.jar and LBJNI.jar to the <Weblogic root>/Oracle/Middlware/user_projects/domains/base_domain/lib/ folder. Redhat JBOSS EAP 6.2 1. Create the folder strucuture, if does not exist – <webapp root>/modules/system/layers/base/emc/d2/lockbox/main 2. Copy the LB.jar and LBJNI.jar files extracted by the installer to the main/ folder. 3. Create module.xml as listed below and save it in the main/ folder: <module xmlns=”urn:jboss:module:1.1” name = ”emc.d2.lockbox”> <resources> <resource-root path=”LB.jar” /> <resource-root path=”LBJNI.jar”/> </resources> </module> 4. Open <webapp root>/standalone/deployments/D2.war/WEB-INF/jboss-deployment-structure.xml in a text editor and add the following lines to the <deployment> section: <dependencies> <module name="emc.d2.lockbox"/> </dependencies> 5. Open <webapp root>/standalone/deployments/D2-Config.war/WEB-INF/jboss-deployment-structure.xml in a text editor and add the following lines to the <deployment> section: <dependencies> <module name=”emc.d2.lockbox"/> </dependencies> VMware vFabric tcServer for Microsoft Windows 1. Copy LB.jar and LBJNI.jar to the /vfabric-tc-server-standard-<version>/vfabric-tc-server-standard<version>.RELEASE/ folder. 2. Open wrapper.conf in a text editor and add the lockbox CST path to java.library.path: 3. wrapper.java.library.path.<count>=<lockbox install path>/<platform folder> 4. Open catalina.properties in a text editor and append the lockbox CST path to common.loader. 5. common.loader=<existing entries>,<lockbox install path>/<platform folder> 12 8. Restart web application server A restart of web application server is needed for the environment changes to take effect. 13 USING THE NEW D2 CONFIGURATION UTILITY Navigate to the D2-Configurator jar location and execute the following command: java –jar D2-Configurator_<version>.jar 14 The following wizard opens up. Click Next. 15 Select Lockbox for – Other application Server. Click Next. 16 Select a folder where the native library files and D2.lockbox files will reside. Click Next. If the D2.lockbox file already exists in the provided folder, you will be prompted to update this file. Verify the D2.lockbox file location and click Next. 17 18 Provide D2Method password. Confirm the password. Click Next. Important Note - The D2Method password must conform to the lockbox password rules and must be identical across all Content Servers, web application servers, and ACS/BOCS servers. 19 Select an option to specify the lockbox passphrase. This passphrase can be used to recover a lockbox from another server. o Select Input custom lockbox passphase to use your own passphrase. Type the passphrase. Confirm the passphrase. o Select Length for a random generated lockbox passphrase to use a random passphrase of the set length. Enter a number between 8 to 16. o Select Use D2 generated random lockbox passphrase to use a random passphrase generated by D2. Click Next. 20 The installation progress is shown with the progress bar. 21 When the installation progress is finished, click Next. 22 If you would like to generate a silent installation file for future use, click on Generate an automatic installation script button. 23 Provide the location where you want to save the silent installation xml file and click on Save. Click on Done to exit the installer. 24 25 SILENT INSTALLATION OF LOCKBOX For further installation the silent installer script saved in the previous section can be used. This enables you to quickly configure the lockbox in other similar environments. Figure 3 Invoking silent installer The silent installer information will be displayed in the console shown similar to below screenshot: Figure 4 Silent installer 26 D2CONFIGIMPORT USING COMMAND LINE When Lockbox is configured, importing D2Config using command line needs extra caution. In absence of configured classpath reference to lockbox jars and specific platform folder reference of lockbox, the import operation would result in exception. The below steps can be followed to successfully run the D2ConfigImport operation in command line. 1. Make sure that classpath contains the lockbox jars. You can use –cp option while running the java command to specify the jars in the classpath. The classpath should also contain the <lockbox installation path> where in D2.lockbox file is located. 2. Add dfc.jar and dfc.properties to classpath. This is required to connect to the repository to perform the import operation. 3. Add D2-API-<version>.jar to the classpath variable. This jar contains D2ConfigImport class. You may include all the jars from D2-Config\WEB-INF\lib\ folder in the classpath so that all the referenced jars are available while executing the program. Refer below for an illustration. 4. Add <lockbox installation path>/<platform folder> to path environment variable. When accessing the lockbox file, the lockbox jar looks for the platform specific libraries and if not found throws 5. “Could not initialize the class com.emc.clb.clbBridge.clbBridgeJNI” exception thrown during program execution Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make the lockbox library reference available while executing the program. An example to run the D2ConfigImport using command line will be similar to given below command java -cp ‘E:\Documentum\D2\Lockbox;E:\Documentum\config;E:\Documentum\D2\Lockbox\lib\LB.jar;E:\Documentum\ D2\Lockbox\lib\LBJNI.jar;C:\Tomcat\webapps\D2-Config\WEB-INF\lib\*;E:\Documentum\Shared\dfc.jar’ -Djava.library.path=E:\Documentum\D2\Lockbox\lib\native\win_vc80_x64 com.emc.d2.api.config.batch.D2ConfigImport -login Administrator -password password -docbase test_repo -config_file E:\Test\D2TestConfig.zip -full_import true -reset false 27 TROUBLESHOOTING D2 LOCKBOX The below section provides some troubleshooting steps to identify issues in configuring and running Documentum D2 with Lockbox configuration. Scenario 1: You see a java.lang.ClassNotFoundException The following exception is thrown “Could not initialize the class com.emc.clb.clbBridge.clbBridgeJNI” Exception in thread "main" java.lang.NoClassDefFoundError: Could not initialize class com.emc.clb.clbBridge.clbBridgeJNI at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source) at com.emc.clb.LockBox.<init>(Unknown Source) at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source) Cause The Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update is not installed or not having the same 64/32bit environment as the CST native libraries. Resolution For Linux environment, ensure that the PATH and LD_LIBRARY_PATH contains the CST libraries for your platform. For Microsoft Windows, ensure that the MSVC redistributable has been installed, and has the same bit-ness as the CST native libraries (32-bit or 64-bit). Also ensure that PATH contains the <lockbox installation path>\<platform folder> reference. You may optionally set the java.library.path to <lockbox installation path>\<platform folder> instead of setting it in PATH variable. Scenario 2: java.lang.NoClassDefFoundError when Creating the Lockbox The following exception is thrown “Could not find the main class com.emc.common.java.crypto.SetLockboxProperty” Exception in thread “main” java.lang.NoClassDefFoundError: com/emc/common/java/crypto/SetLockboxProperty Caused by: java.lang.ClassNotFoundException: com.emc.common.java.crypto.SetLockboxProperty at java.net.URLClassLoader$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClass(Unknown Source) Could not find the main class: com.emc.common.java.crypto.SetLockboxProperty Cause C6-Common.jar is missing from the ClassPath. Resolution Ensure that C6-Common.jar is available in the ClassPath. 28 Scenario 3: You see an exception thrown - “java.lang.NoClassDefFoundError: com/emc/clb/LockBox“ java.lang.NoClassDefFoundError: com/emc/clb/LockBox at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147) at com.emc.common.java.crypto.D2LockboxProperties.<init>(D2LockboxProperties.java:61) at com.emc.common.java.crypto.D2LockboxProperties.getInstance(D2LockboxProperties.java:158) at com.emc.d2.api.methods.D2Method.start(D2Method.java:412) at com.emc.d2.api.methods.D2Method.start(D2Method.java:239) at com.emc.d2.api.methods.D2Method.start(D2Method.java:219) at com.emc.d2.api.D2Session.getAdminTicket(D2Session.java:544) at com.emc.d2.api.D2Session.getAdminSession(D2Session.java:581) at com.emc.d2.api.config.dictionary.D2Dictionary.dropView(D2Dictionary.java:630) Cause LB.jar and LBJNI.jar are not available in the recommended directory of the Application server. Resolution Ensure that LB.jar and LBJNI.jar are correctly installed in the recommended directory of your respective server, depending on the configuration that should either be the WEB-INF/lib directory of the Web Application, or the common lib directory of the Application server. (See the section – Copying lockbox libraries into web app) Scenario 5: Unable to locate the Lockbox or Cryptography Library The Lockbox or cryptography library could not be found. The following error message is shown: Exception in thread "main" java.lang.Exception: Error: -58 LockBox::initLockbox : The Lockbox or cryptography library could not be found. at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox__SWIG_0(Native Method) at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source) at com.emc.clb.LockBox.<init>(Unknown Source) at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source) Cause Incorrect reference to the platform version of the CST libraries in the Path. Resolution Ensure that you have the correct platform version of the CST libraries referenced in the Path. Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make the lockbox library reference available while executing the program. 29 Scenario 6: DFC_CORE_CRYPTO_ERROR seen in logs -naming : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0} -scope : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0} Cause Lockbox is not installed in all the applicable servers. Resolution Ensure that lockbox has same D2Method.passphrase value across all servers. You may also see this error when one server is using the lockbox and another is not, or when an update is not complete, and one of the servers is running pre-lockbox D2 libraries. Scenario 7: Unable to Load AMD 64-bit .dll on a IA 32-bit Platform The following message is shown: No D2.lockbox found, error : C:\Documentum\config\win_vc80_x64\LBJNIWrappers.dll: Can’t load AMD 64-bit .dll on a IA 32-bit platform {} java.lang.NoClassDefFoundError: Could not initialize class com.emc.clb.clbBridge.clbBridgeJNI at java.lang.ClassLoader$NativeLibrary.load(Native Method) at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1939) at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1864) at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1854) at java.lang.Runtime.loadLibrary0(Runtime.java:845) at java.lang.System.loadLibrary(System.java:1084) at com.emc.clb.clbBridge.clbBridgeJNI.<clinit>(clbBridgeJNI.java:28) at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:35) at com.emc.clb.LockBox.<init>(LockBox.java:305) at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147) Cause JVM version mismatch. Resolution Per the README, Windows 2008 R2 needs the win_vc80_ia32 CST kit. Since the kit has to match the JVM version you needed to create the lockbox using a 32-bit JVM. Add C:\Program Files (x86)\Java\jdk1.7.0_07\bin to the ClassPath to force the use of 32-bit java and then the SetLockboxProperty command is succeeded. 30 CONCLUSION This white paper explains about installation and configuration of lockbox environment for Documentum D2 product. This also helps in troubleshooting common issues faced during installation and configuration of the lockbox environment for Documentum D2 product. REFERENCES EMC Documentum D2 Installation Guide. EMC Documentum D2 Administration Guide. 31