KB-1048 "The internal encryption module is in an inconsistent state" error returned during application server startup

Symptoms

After performing a migration and starting the application server, the following entries are written to the server logs:

15:21:33,709 INFO [stdout] (ServerService Thread Pool -- 75) 2015-06-10 15:21:33,709 [ServerService Thread Pool -- 75] FATAL com.appiancorp.common.crypto.KeyStoreConfig - The internal encryption module is in an inconsistent state. The keystore password is not present in the primary data source. If migrating or restoring from backup, ensure that the primary data source contains all of the tables and data. (APNX-1-4210-004)
15:21:33,720 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/suite]] (ServerService Thread Pool -- 75) JBWEB000287: Exception sending context initialized event to listener instance of class com.appiancorp.common.config.ConfigurationLoader: com.appiancorp.common.config.FatalConfigurationException: com.appiancorp.suiteapi.common.exceptions.AppianException: The internal encryption module is in an inconsistent state. The keystore password is not present in the primary data source. If migrating or restoring from backup, ensure that the primary data source contains all of the tables and data. (APNX-1-4210-004)

Cause

The appian.keystore is a secured placeholder for keys and is encrypted during its creation (first application server startup that successfully connected to the primary database). The encrypted password used to secure the appian.keystore is stored in the primary database in the cfg table along with the character set and the initialization vector for the random part of the encryption phase. When the application server starts, the appian.keystore is opened and validated. For this step to be successful, the password in the cfg table must be the one originally used to encrypt the appian.keystore.

The error is caused by one of the following:

  • The appian.keystore file is missing from <APPIAN_HOME>/_admin/shared.
  • The appian.keystore file cannot be opened/decrypted using the password from the cfg table.

This error is common when users backload data from environment A to environment B and forget to copy the <APPIAN_HOME>/_admin/shared directory or to copy the primary database. Any of these omissions can lead to the inability to start the application server.

Note: The appian.keystore file cannot be shared between environments. 

Action

Copy the <APPIAN_HOME>/_admin/shared directory containing the original appian.keystore from the previous installation to the upgraded installation and make sure the primary database corresponds to the environment.

Affected Versions

This article applies to all versions of Appian.

Last Reviewed: February 2017

Related
Recommended