The Enterprise Vault Indexing service fails to start with error: Failed to add the private key password to the Elasticsearch keystore

book

Article ID: 100074161

calendar_today

Updated On:

Description

Error Message

Event ID: 41293
An unexpected error has occurred.
Error Summary: Indexing Service start up error
Error Details: Failed to add the private key password to the Elasticsearch keystore
Reference: ServiceBaseEx::Run
Stack Trace:
    at Veritas.EnterpriseVault.Indexing.ElasticsearchClient.EVElasticsearchClient.ESCertificate.AddPasswordToKeystore(SecureString certificatePassword)
    at Symantec.EnterpriseVault.Indexing.Admin.ESCertificateManagement.InitCertificates()
    at Symantec.EnterpriseVault.Indexing.Admin.IndexAdminService.OnPerformStartup(Boolean HotRestart)
    at KVS.EnterpriseVault.Common.ServiceBaseEx.Run

Step 1: Verify the Keystore Files

  1. Navigate to the following directories within the Enterprise Vault installation path:

    • \Enterprise Vault\Services\Elasticsearch\config

    • \Enterprise Vault\Services\Elasticsearch\config\evserver_alias_name

  2. Check the modified timestamps of the elasticsearch.keystore files in both locations. If the timestamps differ, the files are out of sync.

Step 2: Rename the Keystore Files

  1. Rename the elasticsearch.keystore file in both directories to elasticsearch.keystore.old. This ensures that the existing files are not overwritten and can be restored if needed.

Step 3: Restart the Indexing Service

  1. Start the Enterprise Vault Indexing Service:

    • Open the Services console (services.msc).

    • Locate the Enterprise Vault Indexing Service.
    • Right-click and select Start.

  2. Monitor the service startup process to ensure that no errors are logged.

Step 4: Validate Resolution

  1. Check the EV Event Viewer logs to confirm that Event ID 41293 is no longer being generated.
  2. Perform a test search in Enterprise Vault to verify that the Indexing Service is functioning correctly.

Cause

This issue occurs when the elasticsearch.keystore files are out of sync between two specific locations within the Enterprise Vault installation directory. The keystore files are essential for securely storing private key passwords used by Elasticsearch, and any inconsistency between these files can prevent the Indexing Service from starting.

Resolution

To resolve the issue, follow these steps to synchronize the elasticsearch.keystore files:

Issue/Introduction

When attempting to start the Enterprise Vault Indexing Service, the following error is logged in the EV Event Viewer or captured in a Dtrace of the EVIndexAdminService process:
Powered by Wolken Software