IG 4.3 Unexpected exception resolving reference java.lang.IllegalStateException: Unable to decrypt data because no keys have been supplied.

IG 4.3 is not running after done single node installation for testing.

OS: windows 2022

The Catalina log has shown that the following:

INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] Server version name: Apache Tomcat/9.0.69
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] Server built: Nov 9 2022 18:43:47 UTC
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] Server version number: 9.0.69.0
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] OS Name: Windows Server 2022
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] OS Version: 10.0
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] Architecture: amd64
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] Java Home: C:\netiq\idm\apps\jre
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] JVM Version: 11.0.25+9-LTS
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] JVM Vendor: Azul Systems, Inc.
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] CATALINA_BASE: C:\netiq\idm\apps\tomcat
[INFO] 2024-11-20 20:42:49.847 [org.apache.catalina.startup.VersionLoggerListener] CATALINA_HOME: C:\netiq\idm\apps\tomcat
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: --add-opens=java.base/java.lang=ALL-UNNAMED
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: --add-opens=java.base/java.io=ALL-UNNAMED
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: --add-opens=java.base/java.util=ALL-UNNAMED
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: --add-opens=java.base/java.util.concurrent=ALL-UNNAMED
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: --add-opens=java.rmi/sun.rmi.transport=ALL-UNNAMED
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djava.util.logging.config.file=C:\netiq\idm\apps\tomcat\conf\logging.properties
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Xms1024m
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Xmx1024m
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djdk.tls.ephemeralDHKeySize=2048
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djava.protocol.handler.pkgs=org.apache.catalina.webresources
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.microfocus.ism.master-keystore=C:\netiq\idm\apps\tomcat\conf\encrypt-keys.pkcs12
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.microfocus.ism.master-storetype=pkcs12
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.microfocus.ism.password-supplier=com.netiq.ism.obfuscate.supplier.ObscuredFileSupplier
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.microfocus.ism.master-pass-file=C:\netiq\idm\apps\tomcat\conf\ism-sensitive.properties
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dnetiqtomcatcustomsrvidentify=netiqtomcatcustomsrvidentify
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.ism.config=C:\netiq\idm\apps\tomcat\conf\ism-configuration.properties
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dinternal.osp.framework.ext-context-file=C:\netiq\idm\apps\osp\lib\osp-conf-edir.jar
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.idm.osp.logging.level=WARN
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.idm.osp.client.host=ig43
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.idm.osp.audit.enabled=false
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.idm.osp.logging.file.dir=C:\netiq\idm\apps\tomcat\logs
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djava.awt.headless=true
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.ism.config.is.jndi.env=true
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dnovell.logging.config.dir=C:\netiq\idm\apps\tomcat\conf
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcom.netiq.logging.internalLoggingType=JDK
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dinternal.atlaslite.jcce.xml.w3c.XMLUtil.suppressSecurityWarning=true
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dignore.endorsed.dirs=
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcatalina.base=C:\netiq\idm\apps\tomcat
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Dcatalina.home=C:\netiq\idm\apps\tomcat
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.startup.VersionLoggerListener] Command line argument: -Djava.io.tmpdir=C:\netiq\idm\apps\tomcat\temp
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.core.AprLifecycleListener] Loaded Apache Tomcat Native library [1.3.1] using APR version [1.7.4].
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.core.AprLifecycleListener] APR capabilities: IPv6 [true], sendfile [true], accept filters [false], random [true], UDS [true].
[INFO] 2024-11-20 20:42:49.879 [org.apache.catalina.core.AprLifecycleListener] APR/OpenSSL configuration: useAprConnector [false], useOpenSSL [true]
[INFO] 2024-11-20 20:42:49.894 [org.apache.catalina.core.AprLifecycleListener] OpenSSL successfully initialized [OpenSSL 3.0.14 4 Jun 2024]
[INFO] 2024-11-20 20:42:50.191 [org.apache.coyote.http11.Http11NioProtocol] Initializing ProtocolHandler ["http-nio-8080"]
[INFO] 2024-11-20 20:42:50.223 [org.apache.coyote.http11.Http11NioProtocol] Initializing ProtocolHandler ["https-openssl-nio-8543"]
[INFO] 2024-11-20 20:42:50.488 [org.apache.catalina.startup.Catalina] Server initialization in [889] milliseconds
[WARNING] 2024-11-20 20:42:50.535 [org.apache.naming.NamingContext] Unexpected exception resolving reference
java.lang.IllegalStateException: Unable to decrypt data because no keys have been supplied.
at com.netiq.ism.obfuscate.CryptoUtils.decrypt(CryptoUtils.java:437)
at com.netiq.ism.obfuscate.CryptoUtils.decipher(CryptoUtils.java:403)
at com.netiq.tomcat.jdbc.pool.CustomBasicDataSourceFactory.getObjectInstance(CustomBasicDataSourceFactory.java:69)
at org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:96)
at java.naming/javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:341)
at org.apache.naming.NamingContext.lookup(NamingContext.java:864)
at org.apache.naming.NamingContext.lookup(NamingContext.java:158)
at org.apache.naming.NamingContext.lookup(NamingContext.java:850)
at org.apache.naming.NamingContext.lookup(NamingContext.java:158)
at org.apache.naming.NamingContext.lookup(NamingContext.java:850)
at org.apache.naming.NamingContext.lookup(NamingContext.java:172)
at org.apache.catalina.core.NamingContextListener.addResource(NamingContextListener.java:1013)
at org.apache.catalina.core.NamingContextListener.createNamingContext(NamingContextListener.java:552)
at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingContextListener.java:245)
at org.apache.catalina.util.LifecycleBase.fireLifecycleEvent(LifecycleBase.java:123)
at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:922)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
at org.apache.catalina.startup.Catalina.start(Catalina.java:772)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:345)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:473)

  • Verified Answer

    +1

    Hi

    When you installed IDGov did you specify a new secrets file. You should use the one created by OSP installation.

  • 0   in reply to 

    Agreed - that line [WARNING] 2024-11-20 20:42:50.535 [org.apache.naming.NamingContext] Unexpected exception resolving reference
    java.lang.IllegalStateException: Unable to decrypt data because no keys have been supplied.   
    That is a real good indicator that the secret keys file has been borked during install.    

    It's tricky because the OSP installer and the IG installer both prompt you on what to do with it, and the right answer as gogga mentions is to create it the first time with OSP (THEN BACK IT UP) then use existing with subsequent installs.    It would be nice if the install window made this a little more clear, however it is lined out in the docs.

    --Jim

  • 0   in reply to 

    Thank you for sharing the information. I was able to resolve the issue by utilizing the same encryption keystore from OSP and ensuring the use of the correct Fully Qualified Domain Name (FQDN).