After performing a migration and starting the application server, the following entries are written to the server logs:
15:21:33,709 INFO [stdout] (ServerService Thread Pool -- 75) 2015-06-10 15:21:33,709 [ServerService Thread Pool -- 75] FATAL com.appiancorp.common.crypto.KeyStoreConfig - The internal encryption module is in an inconsistent state. The keystore password is not present in the primary data source. If migrating or restoring from backup, ensure that the primary data source contains all of the tables and data. (APNX-1-4210-004)
15:21:33,720 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/suite]] (ServerService Thread Pool -- 75) JBWEB000287: Exception sending context initialized event to listener instance of class com.appiancorp.common.config.ConfigurationLoader: com.appiancorp.common.config.FatalConfigurationException: com.appiancorp.suiteapi.common.exceptions.AppianException: The internal encryption module is in an inconsistent state. The keystore password is not present in the primary data source. If migrating or restoring from backup, ensure that the primary data source contains all of the tables and data. (APNX-1-4210-004)
The appian.keystore is a secured placeholder for keys and is encrypted during its creation (first application server startup that successfully connected to the primary database). The encrypted password used to secure the appian.keystore is stored in the primary database in the cfg table along with the character set and the initialization vector for the random part of the encryption phase. When the application server starts, the appian.keystore is opened and validated. For this step to be successful, the password in the cfg table must be the one originally used to encrypt the appian.keystore.
The error is caused by one of the following:
This error is common when users backload data from environment A to environment B and forget to copy the <APPIAN_HOME>/_admin/shared directory or to copy the primary database. Any of these omissions can lead to the inability to start the application server.
Note: The appian.keystore file cannot be shared between environments.
Copy the <APPIAN_HOME>/_admin/shared directory containing the original appian.keystore from the previous installation to the upgraded installation and make sure the primary database corresponds to the environment.
This article applies to all versions of Appian.
Last Reviewed: February 2017
© 2020 Appian. All rights reserved.