Installing, Configuring and Troubleshooting Lockbox for EMC

Transcription

Installing, Configuring and Troubleshooting Lockbox for EMC
INSTALLING, CONFIGURING AND
TROUBLESHOOTING LOCKBOX FOR
EMC® DOCUMENTUM® D2
ABSTRACT
This white paper contains information about installing, configuring and troubleshooting
steps for lockbox setup in Documentum D2 application.
April, 2015
EMC WHITE PAPER
To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local
representative or authorized reseller, visit www.emc.com, or explore and compare products in the EMC Store
Copyright © 2014 EMC Corporation. All Rights Reserved.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without
notice.
The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with
respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a
particular purpose.
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.
Part Number H14166
2
TABLE OF CONTENTS
EXECUTIVE SUMMARY .............................................................................. 4
AUDIENCE ......................................................................................................... 4
INTRODUCTION ........................................................................................ 5
MANUAL CONFIGURATION OF D2 LOCKBOX ............................................. 5
Lockbox configuration in Documentum Content Server ........................................... 5
Lockbox configuration in Web Application Server .................................................. 10
USING THE NEW D2 CONFIGURATION UTILITY ...................................... 14
SILENT INSTALLATION OF LOCKBOX ...................................................... 26
D2CONFIGIMPORT USING COMMAND LINE ............................................ 27
TROUBLESHOOTING D2 LOCKBOX .......................................................... 28
CONCLUSION .......................................................................................... 31
REFERENCES ........................................................................................... 31
3
EXECUTIVE SUMMARY
This whitepaper explains information on configuring Lockbox for Documentum D2 application.
As part of the effort to improve and enhance the performance and capabilities of its product line, EMC, from time to time releases
revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all revisions of the
hardware or software currently in use. For the most up-to-date information on product features, refer to your product Release Notes
document.
If a product does not function properly or does not function as described in this document, please contact your EMC representative.
All information included in this document is provided "as-is" and does not guarantee EMC's support or approval. Please consult the
official product documentation or the Product Support team regarding any questions of supportability.
Note:
We vouch that the content in this document is accurate at the time of publication. However, as information is added, new versions of
this document may be released to EMC online support website. Kindly check the website to ensure that you are using the latest
version of this document.
AUDIENCE
This white paper is intended for Documentum administrators, technical support engineers, developers and QA engineers who deploy
Documentum D2 application.
The readers are expected to have expertise in deployment of Documentum products.
4
INTRODUCTION
Lockbox is a component of the RSA Common Security Toolkit (CST) which securely stores passwords for Documentum D2 in an
encrypted file. The stored passwords are put as <key, value> pairs. Lockbox uses keys to store and retrieve the passwords.
Documentum D2 uses Lockbox that were earlier present as clear text in the various properties files, such as D2FS.properties, d2fstrust.properties, D2-JMS.properties, and D2-Config.properties.
Note:
The RSA CST is an internal security technology designed to provide a common set of security-related services available for
integration into all EMC products.
The Lockbox configuration for D2 can be done in either of the following ways:

Using the new D2 Configurator Utility

Manual configuration of D2 Lockbox
MANUAL CONFIGURATION OF D2 LOCKBOX
In manual configuration, the lockbox should be configured in both content server and web application server as mentioned in the
following sections.
LOCKBOX CONFIGURATION IN DOCUMENTUM CONTENT SERVER
Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that
the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points:
1. Identify the architecture of lockbox installation
The architecture of lockbox file must match with the Java Virtual Machine architecture in the installing environment. The JVM
architecture can be found out by executing the java –version command in the console.
Figure 1 Example of 64bit server JVM
5
Figure 2 Example of 32bit server JVM
The lockbox architecture files can be found in platform specific folder installed by D2 installer. For instance, <lockbox install
path>/win_vc80_x64 folder extracted by the D2 installer contains files specific to 64-bit architecture under windows platform. Each
folder consists of README.txt file which lists the compatibility with the supported operating systems.
In the above example, the README.txt under win_vc80_x64 folder lists compatibility with following Windows operating systems:
o
Microsoft Windows Server 2003 x86_64 (64-bit)
o
Microsoft Windows Server 2008 x86_64 (64-bit)
o
Microsoft Windows Server 2012 x86_64 (64-bit)
2. Install/Copy libraries
Once the architecture of lockbox is identified –
If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform
folder> mentioned above.
o
Note: For Documentum Content Server 7.0 or earlier versions, copy LB.jar and LBJNI.jar that are extracted from
the D2 installer into <Documentum install path>\<Jboss version>\server\DctmServer_MethodServer\lib folder.
3. Set environment variables for lockbox libraries
The lockbox library references must be set in the environment variable according to the platform architecture.

For Microsoft Windows, set the PATH environment variable:
set PATH=<lockbox install path>\<platform folder>;%PATH%
Example:
set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH%
6

For Linux environment, set LD_LIBRARY_PATH and PATH variables:
export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH
export PATH=<lockbox install path>/<platform folder>:$PATH

For IBM AIX, set LIBPATH and PATH variables:
export LIBPATH=<lockbox install path>:$LIBPATH
export PATH=<lockbox install path>/<platform folder>:$PATH
4. Set environment variables to look up lockbox jars
The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files:
o
LB.jar
o
LBJNI.jar
Also, the installer will extract C6-Common-<version>.jar into <D2 install path> folder. Add these jar locations into the PATH
variable.

For Microsoft Windows operating system:
set CLASSPATH=<D2 install path>\C6-Common-<version>.jar;<lockbox install path>\LB.jar;<lockbox
install path>\LBJNI.jar;%CLASSPATH%
Example:
set CLASSPATH=C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH%

For Linux operating system:
export CLASSPATH=<D2 install path>/C6-Common-<version>.jar:<lockbox install path>/LB.jar:<lockbox install
path>/LBJNI.jar:$CLASSPATH
5. Generate lockbox file and set D2.passphrase using command line
C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below
command to set the passphrasejava com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file>
D2Method.passphrase <plain text password> [optional lockbox passphrase]

Example in Microsoft Windows environment:
java.exe –cp “C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar”
com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password
Important Note:
a.
D2Method.passphrase must be identical across all physical systems.
7
b.
If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the
lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one
physical system to another physical system must be avoided.
c.
To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the
specified lockbox location, the command does not change or update the passphrase.
d.
About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at
least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if
the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase,
D2 generates a random passphrase when creating D2.lockbox file.
You can create a passphrase using java PassphraseGenerator command in the following way:
java com.emc.common.java.crypto.PassphraseGenerator <length>
6. Configuring lockbox on Content Server 7.1
You may skip to next step if you are using Documentum Content Server 7.0 or earlier versions. If you are running Documentum
Content Server 7.1 version, the following changes need to be done.
JAVA METHOD SERVER
1.
The java method server location for Documentum Content Server 7.1 version is located at:
<Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/
Copy the D2.lockbox file generated in the above step into “classes” folder.
2.
Create emc/d2/lockbox/main folder under <Documentum install path>/<JBoss version>/modules/
Example: C:/Documentum/JBoss7.1/modules/emc/d2/lockbox/main
3.
Copy LB.jar and LBJNI.jar files that are extracted by the D2 installer to the main/ folder.
4.
Create module.xml under main/ folder and copy the below xml content.
<module xmlns="urn:jboss:module:1.1" name="emc.d2.lockbox">
<resources>
<resource-root path="LB.jar"/>
<resource-root path="LBJNI.jar"/>
</resources>
</module>
5.
Open <install path of Documentum>/<JBoss
version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/META-INF/jboss-deployment-structure.xml in a
text editor. Add the following lines under the <deployment> section:
<dependencies>
<module name="emc.d2.lockbox"/>
</dependencies>
8
DOCUMENTUM PROCESS ENGINE
1. If Documentum Process Engine is installed for Documentum Content Server 7.1 version, the classes folder location is as under:
<Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/APP-INF/classes/
Copy the D2.lockbox file generated in the above step into classes folder.
2. Open <Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/META-INF/jbossdeployment-structure.xml in a text editor. Add the following lines under the <deployment> section:
<dependencies>
<module name="emc.d2.lockbox"/>
</dependencies>
7. Configuring lockbox for Content Server 7.0 or earlier versions
Copy the D2.lockbox file generated in the above step into classes folder of –
a.
Java Method Server located at
-
<install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deploy/ServerApps.ear/APP-INF/classes/
b.
Documentum Process Engine at -
<install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/
8. Restart Content Server
Restart of Documentum Content Server is needed for the environment changes to take effect.
9
LOCKBOX CONFIGURATION IN WEB APPLICATION SERVER
Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that
the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points:
1. Identifying the architecture of lockbox installation
Same as seen in content server section. Click here to move to the section.
2. Install/Copy libraries
Once the architecture of lockbox is identified –
If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1
Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform
folder> mentioned above.
3. Set environment variables for lockbox libraries
Set environment variables specific to the platform architecture 
For Microsoft Windows, set the PATH environment variable:
set PATH=<lockbox install path>\<platform folder>;%PATH%
Example:
set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH%

For Linux environment, set LD_LIBRARY_PATH and PATH variables:
export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH
export PATH=<lockbox install path>/<platform folder>:$PATH

For IBM AIX, set LIBPATH and PATH variables:
export LIBPATH=<lockbox install path>:$LIBPATH
export PATH=<lockbox install path>/<platform folder>:$PATH
4. Set environment variables to look up lockbox jars
The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files:
o
LB.jar
o
LBJNI.jar
Also, D2 installer extracts C6-Common-<version>.jar into <D2 install path>\webapps\D2-Config\WEB-INF\lib folder.
Add these jar locations into the PATH variable.

For Microsoft Windows operating system:
set CLASSPATH=<webapp root>\webapps\D2-Config\WEB-INF\lib\C6-Common-<version>.jar;<lockbox
install path>\LB.jar;<lockbox install path>\LBJNI.jar;%CLASSPATH%
Example:
set CLASSPATH=C:\apache-tomcat\webapps\D2-Config\WEB-INF\lib\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH%

For Linux operating system:
export CLASSPATH=<webapp root>/webapps/D2-Config/WEB-INF/lib/C6-Common<version>.jar:<lockbox
install path>/LB.jar:<lockbox install path>/LBJNI.jar:$CLASSPATH
10
5. Generating lockbox file and set D2.passphrase using command line
C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below
command to set the passphrasejava com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file> D2Method.passphrase <plain
text password> [optional lockbox passphrase]
Example in Microsoft Windows environment:
java.exe –cp “C:\Program Files\EMC\D2\C6-Common4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar”
com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password
Important Note:
a.
D2Method.passphrase must be identical across all physical systems.
b.
If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the
lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one
physical system to another physical system must be avoided.
c.
To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the
specified lockbox location, the command does not change or update the passphrase.
d.
About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at
least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if
the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase,
D2 generates a random passphrase when creating D2.lockbox file.
You can create a passphrase using java PassphraseGenerator command in the following way:
java com.emc.common.java.crypto.PassphraseGenerator <length>
6. Updating lockboxPath properties entry
The lockboxPath properties value specifies fully qualified path name of folder in which D2.lockbox resides. You need to configure the
lockboxPath entry both in D2-Config and D2 client applications in the following way:
D2 Config
In D2-Config application, D2-Config.properties file contains lockboxPath properties entry. The file path of this properties file is
located at :
<webapp root>\webapps\D2-Config\WEB-INF\classes\D2-Config.properties
Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment
and specify the fully qualified folder path of D2.lockbox file. For example lockboxPath=C:/Documentum/D2/Lockbox
D2 Client
In D2 application, D2FS.properties file contains lockboxPath properties entry. The file path of this properties file is as under:
<webapp root>\webapps\D2\WEB-INF\classes\D2FS.properties
Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment
and specify the fully qualified folder path of D2.lockbox file. For example,
lockboxPath=C:/Documentum/D2/Lockbox
11
7. Copying lockbox libraries into web app
Copy LB.jar and LBJNI.jar into the locations per specific application server as detailed below 
Apache tomcat
Copy to <Tomcat root>/lib/ folder.

IBM WebSphere
Copy to <Websphere root>/AppServer/lib/ folder.

Oracle WebLogic
Copy LB.jar and LBJNI.jar to the <Weblogic root>/Oracle/Middlware/user_projects/domains/base_domain/lib/ folder.

Redhat JBOSS EAP 6.2
1.
Create the folder strucuture, if does not exist –
<webapp root>/modules/system/layers/base/emc/d2/lockbox/main
2.
Copy the LB.jar and LBJNI.jar files extracted by the installer to the main/ folder.
3.
Create module.xml as listed below and save it in the main/ folder:
<module xmlns=”urn:jboss:module:1.1” name = ”emc.d2.lockbox”>
<resources>
<resource-root path=”LB.jar” />
<resource-root path=”LBJNI.jar”/>
</resources>
</module>
4.
Open <webapp root>/standalone/deployments/D2.war/WEB-INF/jboss-deployment-structure.xml in a text editor and
add the following lines to the <deployment> section:
<dependencies>
<module name="emc.d2.lockbox"/>
</dependencies>
5.
Open <webapp root>/standalone/deployments/D2-Config.war/WEB-INF/jboss-deployment-structure.xml in a text
editor and add the following lines to the <deployment> section:
<dependencies>
<module name=”emc.d2.lockbox"/>
</dependencies>

VMware vFabric tcServer for Microsoft Windows
1.
Copy LB.jar and LBJNI.jar to the /vfabric-tc-server-standard-<version>/vfabric-tc-server-standard<version>.RELEASE/ folder.
2.
Open wrapper.conf in a text editor and add the lockbox CST path to java.library.path:
3.
wrapper.java.library.path.<count>=<lockbox install path>/<platform folder>
4.
Open catalina.properties in a text editor and append the lockbox CST path to common.loader.
5.
common.loader=<existing entries>,<lockbox install path>/<platform folder>
12
8. Restart web application server
A restart of web application server is needed for the environment changes to take effect.
13
USING THE NEW D2 CONFIGURATION UTILITY
Navigate to the D2-Configurator jar location and execute the following command:
java –jar D2-Configurator_<version>.jar
14
The following wizard opens up. Click Next.
15
Select Lockbox for – Other application Server. Click Next.
16
Select a folder where the native library files and D2.lockbox files will reside. Click Next.
If the D2.lockbox file already exists in the provided folder, you will be prompted to update this file.
Verify the D2.lockbox file location and click Next.
17
18
Provide D2Method password. Confirm the password. Click Next.
Important Note - The D2Method password must conform to the lockbox password rules and must be identical across all Content
Servers, web application servers, and ACS/BOCS servers.
19
Select an option to specify the lockbox passphrase. This passphrase can be used to recover a lockbox from another server.
o
Select Input custom lockbox passphase to use your own passphrase. Type the passphrase. Confirm the passphrase.
o
Select Length for a random generated lockbox passphrase to use a random passphrase of the set length. Enter a
number between 8 to 16.
o
Select Use D2 generated random lockbox passphrase to use a random passphrase generated by D2.
Click Next.
20
The installation progress is shown with the progress bar.
21
When the installation progress is finished, click Next.
22
If you would like to generate a silent installation file for future use, click on Generate an automatic installation script button.
23
Provide the location where you want to save the silent installation xml file and click on Save.
Click on Done to exit the installer.
24
25
SILENT INSTALLATION OF LOCKBOX
For further installation the silent installer script saved in the previous section can be used. This enables you to quickly configure the
lockbox in other similar environments.
Figure 3 Invoking silent installer
The silent installer information will be displayed in the console shown similar to below screenshot:
Figure 4 Silent installer
26
D2CONFIGIMPORT USING COMMAND LINE
When Lockbox is configured, importing D2Config using command line needs extra caution. In absence of configured classpath
reference to lockbox jars and specific platform folder reference of lockbox, the import operation would result in exception.
The below steps can be followed to successfully run the D2ConfigImport operation in command line.
1.
Make sure that classpath contains the lockbox jars. You can use –cp option while running the java command to specify the
jars in the classpath. The classpath should also contain the <lockbox installation path> where in D2.lockbox file is located.
2.
Add dfc.jar and dfc.properties to classpath. This is required to connect to the repository to perform the import operation.
3.
Add D2-API-<version>.jar to the classpath variable. This jar contains D2ConfigImport class. You may include all the jars
from D2-Config\WEB-INF\lib\ folder in the classpath so that all the referenced jars are available while executing the
program. Refer below for an illustration.
4.
Add <lockbox installation path>/<platform folder> to path environment variable. When accessing the lockbox file, the
lockbox jar looks for the platform specific libraries and if not found throws
5.
“Could not initialize the class com.emc.clb.clbBridge.clbBridgeJNI” exception thrown during program execution
Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make
the lockbox library reference available while executing the program.
An example to run the D2ConfigImport using command line will be similar to given below command java
-cp
‘E:\Documentum\D2\Lockbox;E:\Documentum\config;E:\Documentum\D2\Lockbox\lib\LB.jar;E:\Documentum\
D2\Lockbox\lib\LBJNI.jar;C:\Tomcat\webapps\D2-Config\WEB-INF\lib\*;E:\Documentum\Shared\dfc.jar’
-Djava.library.path=E:\Documentum\D2\Lockbox\lib\native\win_vc80_x64
com.emc.d2.api.config.batch.D2ConfigImport -login Administrator -password password -docbase
test_repo -config_file E:\Test\D2TestConfig.zip -full_import true -reset false
27
TROUBLESHOOTING D2 LOCKBOX
The below section provides some troubleshooting steps to identify issues in configuring and running Documentum D2 with Lockbox
configuration.
Scenario 1: You see a java.lang.ClassNotFoundException
The following exception is thrown “Could not initialize the class
com.emc.clb.clbBridge.clbBridgeJNI”
Exception in thread "main" java.lang.NoClassDefFoundError:
Could not initialize class com.emc.clb.clbBridge.clbBridgeJNI
at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source)
at com.emc.clb.LockBox.<init>(Unknown Source)
at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source)
Cause
The Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update is not installed or not having the same
64/32bit environment as the CST native libraries.
Resolution

For Linux environment, ensure that the PATH and LD_LIBRARY_PATH contains the CST libraries for your platform.

For Microsoft Windows, ensure that the MSVC redistributable has been installed, and has the same bit-ness as the CST native
libraries (32-bit or 64-bit).
Also ensure that PATH contains the <lockbox installation path>\<platform folder> reference. You may optionally set the
java.library.path to <lockbox installation path>\<platform folder> instead of setting it in PATH variable.
Scenario 2: java.lang.NoClassDefFoundError when Creating the Lockbox
The following exception is thrown “Could not find the main class com.emc.common.java.crypto.SetLockboxProperty”
Exception in thread “main” java.lang.NoClassDefFoundError:
com/emc/common/java/crypto/SetLockboxProperty
Caused by: java.lang.ClassNotFoundException:
com.emc.common.java.crypto.SetLockboxProperty
at java.net.URLClassLoader$1.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
Could not find the main class: com.emc.common.java.crypto.SetLockboxProperty
Cause
C6-Common.jar is missing from the ClassPath.
Resolution
Ensure that C6-Common.jar is available in the ClassPath.
28
Scenario 3: You see an exception thrown - “java.lang.NoClassDefFoundError: com/emc/clb/LockBox“
java.lang.NoClassDefFoundError: com/emc/clb/LockBox
at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147)
at com.emc.common.java.crypto.D2LockboxProperties.<init>(D2LockboxProperties.java:61)
at com.emc.common.java.crypto.D2LockboxProperties.getInstance(D2LockboxProperties.java:158)
at com.emc.d2.api.methods.D2Method.start(D2Method.java:412)
at com.emc.d2.api.methods.D2Method.start(D2Method.java:239)
at com.emc.d2.api.methods.D2Method.start(D2Method.java:219)
at com.emc.d2.api.D2Session.getAdminTicket(D2Session.java:544)
at com.emc.d2.api.D2Session.getAdminSession(D2Session.java:581)
at com.emc.d2.api.config.dictionary.D2Dictionary.dropView(D2Dictionary.java:630)
Cause
LB.jar and LBJNI.jar are not available in the recommended directory of the Application server.
Resolution
Ensure that LB.jar and LBJNI.jar are correctly installed in the recommended directory of your respective server, depending on the
configuration that should either be the WEB-INF/lib directory of the Web Application, or the common lib directory of the Application
server. (See the section – Copying lockbox libraries into web app)
Scenario 5: Unable to locate the Lockbox or Cryptography Library
The Lockbox or cryptography library could not be found. The following error message is shown:
Exception in thread "main" java.lang.Exception: Error: -58
LockBox::initLockbox : The Lockbox or cryptography library could not be found.
at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox__SWIG_0(Native Method)
at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source)
at com.emc.clb.LockBox.<init>(Unknown Source)
at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source)
Cause
Incorrect reference to the platform version of the CST libraries in the Path.
Resolution
Ensure that you have the correct platform version of the CST libraries referenced in the Path.
Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make
the lockbox library reference available while executing the program.
29
Scenario 6: DFC_CORE_CRYPTO_ERROR seen in logs
-naming : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0}
-scope : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0}
Cause
Lockbox is not installed in all the applicable servers.
Resolution
Ensure that lockbox has same D2Method.passphrase value across all servers. You may also see this error when one server is using
the lockbox and another is not, or when an update is not complete, and one of the servers is running pre-lockbox D2 libraries.
Scenario 7: Unable to Load AMD 64-bit .dll on a IA 32-bit Platform
The following message is shown:
No D2.lockbox found, error : C:\Documentum\config\win_vc80_x64\LBJNIWrappers.dll: Can’t load AMD
64-bit .dll on a IA 32-bit platform {} java.lang.NoClassDefFoundError: Could not initialize class
com.emc.clb.clbBridge.clbBridgeJNI
at java.lang.ClassLoader$NativeLibrary.load(Native Method)
at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1939)
at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1864)
at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1854)
at java.lang.Runtime.loadLibrary0(Runtime.java:845)
at java.lang.System.loadLibrary(System.java:1084)
at com.emc.clb.clbBridge.clbBridgeJNI.<clinit>(clbBridgeJNI.java:28)
at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:35)
at com.emc.clb.LockBox.<init>(LockBox.java:305)
at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147)
Cause
JVM version mismatch.
Resolution
Per the README, Windows 2008 R2 needs the win_vc80_ia32 CST kit. Since the kit has to match the JVM version you needed to
create the lockbox using a 32-bit JVM. Add C:\Program Files (x86)\Java\jdk1.7.0_07\bin to the ClassPath to force the use of 32-bit
java and then the SetLockboxProperty command is succeeded.
30
CONCLUSION
This white paper explains about installation and configuration of lockbox environment for Documentum D2 product. This also helps in
troubleshooting common issues faced during installation and configuration of the lockbox environment for Documentum D2 product.
REFERENCES

EMC Documentum D2 Installation Guide.

EMC Documentum D2 Administration Guide.
31