EMC WHITE PAPER

INSTALLING, CONFIGURING AND

TROUBLESHOOTING LOCKBOX FOR EMC® DOCUMENTUM® D2

ABSTRACT

This white paper contains information about installing, configuring and troubleshooting steps for lockbox setup in Documentum D2 application.

April, 2015

2

To learn more about how EMC products, services, and solutions can help solve your business and IT challenges, contact your local

representative or authorized reseller, visit www.emc.com, or explore and compare products in the EMC Store

Copyright © 2014 EMC Corporation. All Rights Reserved.

EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without

notice.

The information in this publication is provided “as is.” EMC Corporation makes no representations or warranties of any kind with

respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a

particular purpose.

Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.

For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com.

Part Number H14166

3

TABLE OF CONTENTS

EXECUTIVE SUMMARY .............................................................................. 4

AUDIENCE ......................................................................................................... 4

INTRODUCTION ........................................................................................ 5

MANUAL CONFIGURATION OF D2 LOCKBOX ............................................. 5

Lockbox configuration in Documentum Content Server ........................................... 5

Lockbox configuration in Web Application Server .................................................. 10

USING THE NEW D2 CONFIGURATION UTILITY ...................................... 14

SILENT INSTALLATION OF LOCKBOX ...................................................... 26

D2CONFIGIMPORT USING COMMAND LINE ............................................ 27

TROUBLESHOOTING D2 LOCKBOX .......................................................... 28

CONCLUSION .......................................................................................... 31

REFERENCES ........................................................................................... 31

4

EXECUTIVE SUMMARY This whitepaper explains information on configuring Lockbox for Documentum D2 application.

As part of the effort to improve and enhance the performance and capabilities of its product line, EMC, from time to time releases

revisions of its hardware and software. Therefore, some functions described in this guide may not be supported by all revisions of the

hardware or software currently in use. For the most up-to-date information on product features, refer to your product Release Notes

document.

If a product does not function properly or does not function as described in this document, please contact your EMC representative.

All information included in this document is provided "as-is" and does not guarantee EMC's support or approval. Please consult the

official product documentation or the Product Support team regarding any questions of supportability.

Note:

We vouch that the content in this document is accurate at the time of publication. However, as information is added, new versions of

this document may be released to EMC online support website. Kindly check the website to ensure that you are using the latest

version of this document.

AUDIENCE This white paper is intended for Documentum administrators, technical support engineers, developers and QA engineers who deploy

Documentum D2 application.

The readers are expected to have expertise in deployment of Documentum products.

5

INTRODUCTION Lockbox is a component of the RSA Common Security Toolkit (CST) which securely stores passwords for Documentum D2 in an

encrypted file. The stored passwords are put as <key, value> pairs. Lockbox uses keys to store and retrieve the passwords.

Documentum D2 uses Lockbox that were earlier present as clear text in the various properties files, such as D2FS.properties, d2fs-

trust.properties, D2-JMS.properties, and D2-Config.properties.

Note:

The RSA CST is an internal security technology designed to provide a common set of security-related services available for

integration into all EMC products.

The Lockbox configuration for D2 can be done in either of the following ways:

Using the new D2 Configurator Utility

Manual configuration of D2 Lockbox

MANUAL CONFIGURATION OF D2 LOCKBOX In manual configuration, the lockbox should be configured in both content server and web application server as mentioned in the

following sections.

LOCKBOX CONFIGURATION IN DOCUMENTUM CONTENT SERVER Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that

the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points:

1. Identify the architecture of lockbox installation

The architecture of lockbox file must match with the Java Virtual Machine architecture in the installing environment. The JVM

architecture can be found out by executing the java –version command in the console.

Figure 1 Example of 64bit server JVM

6

Figure 2 Example of 32bit server JVM

The lockbox architecture files can be found in platform specific folder installed by D2 installer. For instance, <lockbox install

path>/win_vc80_x64 folder extracted by the D2 installer contains files specific to 64-bit architecture under windows platform. Each

folder consists of README.txt file which lists the compatibility with the supported operating systems.

In the above example, the README.txt under win_vc80_x64 folder lists compatibility with following Windows operating systems:

o Microsoft Windows Server 2003 x86_64 (64-bit)

o Microsoft Windows Server 2008 x86_64 (64-bit)

o Microsoft Windows Server 2012 x86_64 (64-bit)

2. Install/Copy libraries

Once the architecture of lockbox is identified –

If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1

Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform

folder> mentioned above.

o Note: For Documentum Content Server 7.0 or earlier versions, copy LB.jar and LBJNI.jar that are extracted from

the D2 installer into <Documentum install path>\<Jboss version>\server\DctmServer_MethodServer\lib folder.

3. Set environment variables for lockbox libraries

The lockbox library references must be set in the environment variable according to the platform architecture.

For Microsoft Windows, set the PATH environment variable:

set PATH=<lockbox install path>\<platform folder>;%PATH%

Example:

set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH%

7

For Linux environment, set LD_LIBRARY_PATH and PATH variables:

export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH

export PATH=<lockbox install path>/<platform folder>:$PATH

For IBM AIX, set LIBPATH and PATH variables:

export LIBPATH=<lockbox install path>:$LIBPATH

export PATH=<lockbox install path>/<platform folder>:$PATH

4. Set environment variables to look up lockbox jars

The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files:

o LB.jar

o LBJNI.jar

Also, the installer will extract C6-Common-<version>.jar into <D2 install path> folder. Add these jar locations into the PATH

variable.

For Microsoft Windows operating system:

set CLASSPATH=<D2 install path>\C6-Common-<version>.jar;<lockbox install path>\LB.jar;<lockbox

install path>\LBJNI.jar;%CLASSPATH%

Example:

set CLASSPATH=C:\Program Files\EMC\D2\C6-Common-

4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH%

For Linux operating system:

export CLASSPATH=<D2 install path>/C6-Common-<version>.jar:<lockbox install path>/LB.jar:<lockbox install

path>/LBJNI.jar:$CLASSPATH

5. Generate lockbox file and set D2.passphrase using command line

C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below

command to set the passphrase-

java com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file>

D2Method.passphrase <plain text password> [optional lockbox passphrase]

Example in Microsoft Windows environment:

java.exe –cp “C:\Program Files\EMC\D2\C6-Common-

4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar”

com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password

Important Note:

a. D2Method.passphrase must be identical across all physical systems.

8

b. If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the

lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one

physical system to another physical system must be avoided.

c. To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the

specified lockbox location, the command does not change or update the passphrase.

d. About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at

least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if

the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase,

D2 generates a random passphrase when creating D2.lockbox file.

You can create a passphrase using java PassphraseGenerator command in the following way:

java com.emc.common.java.crypto.PassphraseGenerator <length>

6. Configuring lockbox on Content Server 7.1

You may skip to next step if you are using Documentum Content Server 7.0 or earlier versions. If you are running Documentum

Content Server 7.1 version, the following changes need to be done.

JAVA METHOD SERVER

1. The java method server location for Documentum Content Server 7.1 version is located at:

<Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/

Copy the D2.lockbox file generated in the above step into “classes” folder.

2. Create emc/d2/lockbox/main folder under <Documentum install path>/<JBoss version>/modules/

Example: C:/Documentum/JBoss7.1/modules/emc/d2/lockbox/main

3. Copy LB.jar and LBJNI.jar files that are extracted by the D2 installer to the main/ folder.

4. Create module.xml under main/ folder and copy the below xml content.

<module xmlns="urn:jboss:module:1.1" name="emc.d2.lockbox">

<resources>

<resource-root path="LB.jar"/>

<resource-root path="LBJNI.jar"/>

</resources>

</module>

5. Open <install path of Documentum>/<JBoss

version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/META-INF/jboss-deployment-structure.xml in a

text editor. Add the following lines under the <deployment> section:

<dependencies>

<module name="emc.d2.lockbox"/>

</dependencies>

9

DOCUMENTUM PROCESS ENGINE

1. If Documentum Process Engine is installed for Documentum Content Server 7.1 version, the classes folder location is as under:

<Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/APP-INF/classes/

Copy the D2.lockbox file generated in the above step into classes folder.

2. Open <Documentum-root>/<JBoss-version>/server/DctmServer_MethodServer/deployments/bpm.ear/META-INF/jboss-

deployment-structure.xml in a text editor. Add the following lines under the <deployment> section:

<dependencies>

<module name="emc.d2.lockbox"/>

</dependencies>

7. Configuring lockbox for Content Server 7.0 or earlier versions

Copy the D2.lockbox file generated in the above step into classes folder of –

a. Java Method Server located at -

<install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deploy/ServerApps.ear/APP-INF/classes/

b. Documentum Process Engine at -

<install-path-of-Documentum>/<JBoss-version>/server/DctmServer_MethodServer/deployments/ServerApps.ear/APP-INF/classes/

8. Restart Content Server

Restart of Documentum Content Server is needed for the environment changes to take effect.

10

LOCKBOX CONFIGURATION IN WEB APPLICATION SERVER Once the D2 installer installs the necessary files in Documentum Content Server, you need to set the environment variables so that

the Lockbox is able to locate required libraries during execution. In this regard, you need to consider the following points:

1. Identifying the architecture of lockbox installation

Same as seen in content server section. Click here to move to the section.

2. Install/Copy libraries

Once the architecture of lockbox is identified –

If content server runs on a windows operating system, then you must install Microsoft Visual C++ 2005 Service Pack 1

Redistributable Package MFC Security Update. The corresponding installer file can be found in the <lockbox install path>\<platform

folder> mentioned above.

3. Set environment variables for lockbox libraries

Set environment variables specific to the platform architecture -

For Microsoft Windows, set the PATH environment variable:

set PATH=<lockbox install path>\<platform folder>;%PATH%

Example:

set PATH=C:\Documentum\D2\Lockbox\win_vc80_x64;%PATH%

For Linux environment, set LD_LIBRARY_PATH and PATH variables:

export LD_LIBRARY_PATH=<lockbox install path>:$LD_LIBRARY_PATH

export PATH=<lockbox install path>/<platform folder>:$PATH

For IBM AIX, set LIBPATH and PATH variables:

export LIBPATH=<lockbox install path>:$LIBPATH

export PATH=<lockbox install path>/<platform folder>:$PATH

4. Set environment variables to look up lockbox jars

The D2 installer will extract the lockbox related jar files into <lockbox install path> folder. This folder contains the following files:

o LB.jar

o LBJNI.jar

Also, D2 installer extracts C6-Common-<version>.jar into <D2 install path>\webapps\D2-Config\WEB-INF\lib folder.

Add these jar locations into the PATH variable.

For Microsoft Windows operating system:

set CLASSPATH=<webapp root>\webapps\D2-Config\WEB-INF\lib\C6-Common-<version>.jar;<lockbox

install path>\LB.jar;<lockbox install path>\LBJNI.jar;%CLASSPATH%

Example:

set CLASSPATH=C:\apache-tomcat\webapps\D2-Config\WEB-INF\lib\C6-Common-

4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar;%CLASSPATH%

For Linux operating system:

export CLASSPATH=<webapp root>/webapps/D2-Config/WEB-INF/lib/C6-Common<version>.jar:<lockbox

install path>/LB.jar:<lockbox install path>/LBJNI.jar:$CLASSPATH

11

5. Generating lockbox file and set D2.passphrase using command line

C6-Common-<version>.jar file has a utility method that generates D2.lockbox file and sets the D2.passphrase. Execute below

command to set the passphrase-

java com.emc.common.java.crypto.SetLockboxProperty <path to create D2.lockbox file> D2Method.passphrase <plain

text password> [optional lockbox passphrase]

Example in Microsoft Windows environment:

java.exe –cp “C:\Program Files\EMC\D2\C6-Common-

4.5.0.jar;C:\Documentum\D2\Lockbox\LB.jar;C:\Documentum\D2\Lockbox\LBJNI.jar”

com.emc.common.java.crypto.SetLockboxProperty C:\Lockbox D2Method.passphrase #1Password

Important Note:

a. D2Method.passphrase must be identical across all physical systems.

b. If D2.lockbox file is not present, the command will create the file in the specified location. You must generate the

lockbox file across all of the physical systems in your environment. Copying the generated D2.lockbox file from one

physical system to another physical system must be avoided.

c. To change the lockbox passphrase, you must delete the existing D2.lockbox file. If the file already exists in the

specified lockbox location, the command does not change or update the passphrase.

d. About optional lockbox passphrase: You can optionally set a lockbox passphrase consisting of 8 to 16 characters (at

least 1 special character, 1 number, and 1 uppercase letter) for the lockbox file. You will use this lockbox passphrase if

the system fails and the lockbox needs to be recovered from a different server. If you do not set a lockbox passphrase,

D2 generates a random passphrase when creating D2.lockbox file.

You can create a passphrase using java PassphraseGenerator command in the following way:

java com.emc.common.java.crypto.PassphraseGenerator <length>

6. Updating lockboxPath properties entry

The lockboxPath properties value specifies fully qualified path name of folder in which D2.lockbox resides. You need to configure the

lockboxPath entry both in D2-Config and D2 client applications in the following way:

D2 Config

In D2-Config application, D2-Config.properties file contains lockboxPath properties entry. The file path of this properties file is

located at :

<webapp root>\webapps\D2-Config\WEB-INF\classes\D2-Config.properties

Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment

and specify the fully qualified folder path of D2.lockbox file. For example -

lockboxPath=C:/Documentum/D2/Lockbox

D2 Client

In D2 application, D2FS.properties file contains lockboxPath properties entry. The file path of this properties file is as under:

<webapp root>\webapps\D2\WEB-INF\classes\D2FS.properties

Open the above file in a text editor and search for the string “lockboxPath”. By default, this entry would be commented. Uncomment

and specify the fully qualified folder path of D2.lockbox file. For example,

lockboxPath=C:/Documentum/D2/Lockbox

12

7. Copying lockbox libraries into web app

Copy LB.jar and LBJNI.jar into the locations per specific application server as detailed below -

Apache tomcat

Copy to <Tomcat root>/lib/ folder.

IBM WebSphere

Copy to <Websphere root>/AppServer/lib/ folder.

Oracle WebLogic

Copy LB.jar and LBJNI.jar to the <Weblogic root>/Oracle/Middlware/user_projects/domains/base_domain/lib/ folder.

Redhat JBOSS EAP 6.2

1. Create the folder strucuture, if does not exist –

<webapp root>/modules/system/layers/base/emc/d2/lockbox/main

2. Copy the LB.jar and LBJNI.jar files extracted by the installer to the main/ folder.

3. Create module.xml as listed below and save it in the main/ folder:

<module xmlns=”urn:jboss:module:1.1” name = ”emc.d2.lockbox”>

<resources>

<resource-root path=”LB.jar” />

<resource-root path=”LBJNI.jar”/>

</resources>

</module>

4. Open <webapp root>/standalone/deployments/D2.war/WEB-INF/jboss-deployment-structure.xml in a text editor and

add the following lines to the <deployment> section:

<dependencies>

<module name="emc.d2.lockbox"/>

</dependencies>

5. Open <webapp root>/standalone/deployments/D2-Config.war/WEB-INF/jboss-deployment-structure.xml in a text

editor and add the following lines to the <deployment> section:

<dependencies>

<module name=”emc.d2.lockbox"/>

</dependencies>

VMware vFabric tcServer for Microsoft Windows

1. Copy LB.jar and LBJNI.jar to the /vfabric-tc-server-standard-<version>/vfabric-tc-server-standard-

<version>.RELEASE/ folder.

2. Open wrapper.conf in a text editor and add the lockbox CST path to java.library.path:

3. wrapper.java.library.path.<count>=<lockbox install path>/<platform folder>

4. Open catalina.properties in a text editor and append the lockbox CST path to common.loader.

5. common.loader=<existing entries>,<lockbox install path>/<platform folder>

13

8. Restart web application server

A restart of web application server is needed for the environment changes to take effect.

14

USING THE NEW D2 CONFIGURATION UTILITY

Navigate to the D2-Configurator jar location and execute the following command:

java –jar D2-Configurator_<version>.jar

15

The following wizard opens up. Click Next.

16

Select Lockbox for – Other application Server. Click Next.

17

Select a folder where the native library files and D2.lockbox files will reside. Click Next.

If the D2.lockbox file already exists in the provided folder, you will be prompted to update this file.

Verify the D2.lockbox file location and click Next.

18

19

Provide D2Method password. Confirm the password. Click Next.

Important Note - The D2Method password must conform to the lockbox password rules and must be identical across all Content

Servers, web application servers, and ACS/BOCS servers.

20

Select an option to specify the lockbox passphrase. This passphrase can be used to recover a lockbox from another server.

o Select Input custom lockbox passphase to use your own passphrase. Type the passphrase. Confirm the passphrase.

o Select Length for a random generated lockbox passphrase to use a random passphrase of the set length. Enter a

number between 8 to 16.

o Select Use D2 generated random lockbox passphrase to use a random passphrase generated by D2.

Click Next.

21

The installation progress is shown with the progress bar.

22

When the installation progress is finished, click Next.

23

If you would like to generate a silent installation file for future use, click on Generate an automatic installation script button.

24

Provide the location where you want to save the silent installation xml file and click on Save.

Click on Done to exit the installer.

25

26

SILENT INSTALLATION OF LOCKBOX For further installation the silent installer script saved in the previous section can be used. This enables you to quickly configure the

lockbox in other similar environments.

Figure 3 Invoking silent installer

The silent installer information will be displayed in the console shown similar to below screenshot:

Figure 4 Silent installer

27

D2CONFIGIMPORT USING COMMAND LINE

When Lockbox is configured, importing D2Config using command line needs extra caution. In absence of configured classpath

reference to lockbox jars and specific platform folder reference of lockbox, the import operation would result in exception.

The below steps can be followed to successfully run the D2ConfigImport operation in command line.

1. Make sure that classpath contains the lockbox jars. You can use –cp option while running the java command to specify the

jars in the classpath. The classpath should also contain the <lockbox installation path> where in D2.lockbox file is located.

2. Add dfc.jar and dfc.properties to classpath. This is required to connect to the repository to perform the import operation.

3. Add D2-API-<version>.jar to the classpath variable. This jar contains D2ConfigImport class. You may include all the jars

from D2-Config\WEB-INF\lib\ folder in the classpath so that all the referenced jars are available while executing the

program. Refer below for an illustration.

4. Add <lockbox installation path>/<platform folder> to path environment variable. When accessing the lockbox file, the

lockbox jar looks for the platform specific libraries and if not found throws

5. “Could not initialize the class com.emc.clb.clbBridge.clbBridgeJNI” exception thrown during program execution

Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make

the lockbox library reference available while executing the program.

An example to run the D2ConfigImport using command line will be similar to given below command -

java -cp

‘E:\Documentum\D2\Lockbox;E:\Documentum\config;E:\Documentum\D2\Lockbox\lib\LB.jar;E:\Documentum\

D2\Lockbox\lib\LBJNI.jar;C:\Tomcat\webapps\D2-Config\WEB-INF\lib\*;E:\Documentum\Shared\dfc.jar’

-Djava.library.path=E:\Documentum\D2\Lockbox\lib\native\win_vc80_x64

com.emc.d2.api.config.batch.D2ConfigImport -login Administrator -password password -docbase

test_repo -config_file E:\Test\D2TestConfig.zip -full_import true -reset false

28

TROUBLESHOOTING D2 LOCKBOX

The below section provides some troubleshooting steps to identify issues in configuring and running Documentum D2 with Lockbox

configuration.

Scenario 1: You see a java.lang.ClassNotFoundException

The following exception is thrown “Could not initialize the class

com.emc.clb.clbBridge.clbBridgeJNI”

Exception in thread "main" java.lang.NoClassDefFoundError:

Could not initialize class com.emc.clb.clbBridge.clbBridgeJNI

at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source)

at com.emc.clb.LockBox.<init>(Unknown Source)

at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source)

Cause

The Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package MFC Security Update is not installed or not having the same

64/32bit environment as the CST native libraries.

Resolution

For Linux environment, ensure that the PATH and LD_LIBRARY_PATH contains the CST libraries for your platform.

For Microsoft Windows, ensure that the MSVC redistributable has been installed, and has the same bit-ness as the CST native

libraries (32-bit or 64-bit).

Also ensure that PATH contains the <lockbox installation path>\<platform folder> reference. You may optionally set the

java.library.path to <lockbox installation path>\<platform folder> instead of setting it in PATH variable.

Scenario 2: java.lang.NoClassDefFoundError when Creating the Lockbox

The following exception is thrown “Could not find the main class com.emc.common.java.crypto.SetLockboxProperty”

Exception in thread “main” java.lang.NoClassDefFoundError:

com/emc/common/java/crypto/SetLockboxProperty

Caused by: java.lang.ClassNotFoundException:

com.emc.common.java.crypto.SetLockboxProperty

at java.net.URLClassLoader$1.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at java.net.URLClassLoader.findClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)

at java.lang.ClassLoader.loadClass(Unknown Source)

Could not find the main class: com.emc.common.java.crypto.SetLockboxProperty

Cause

C6-Common.jar is missing from the ClassPath.

Resolution

Ensure that C6-Common.jar is available in the ClassPath.

29

Scenario 3: You see an exception thrown - “java.lang.NoClassDefFoundError: com/emc/clb/LockBox“

java.lang.NoClassDefFoundError: com/emc/clb/LockBox

at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147)

at com.emc.common.java.crypto.D2LockboxProperties.<init>(D2LockboxProperties.java:61)

at com.emc.common.java.crypto.D2LockboxProperties.getInstance(D2LockboxProperties.java:158)

at com.emc.d2.api.methods.D2Method.start(D2Method.java:412)

at com.emc.d2.api.methods.D2Method.start(D2Method.java:239)

at com.emc.d2.api.methods.D2Method.start(D2Method.java:219)

at com.emc.d2.api.D2Session.getAdminTicket(D2Session.java:544)

at com.emc.d2.api.D2Session.getAdminSession(D2Session.java:581)

at com.emc.d2.api.config.dictionary.D2Dictionary.dropView(D2Dictionary.java:630)

Cause

LB.jar and LBJNI.jar are not available in the recommended directory of the Application server.

Resolution

Ensure that LB.jar and LBJNI.jar are correctly installed in the recommended directory of your respective server, depending on the

configuration that should either be the WEB-INF/lib directory of the Web Application, or the common lib directory of the Application

server. (See the section – Copying lockbox libraries into web app)

Scenario 5: Unable to locate the Lockbox or Cryptography Library

The Lockbox or cryptography library could not be found. The following error message is shown:

Exception in thread "main" java.lang.Exception: Error: -58

LockBox::initLockbox : The Lockbox or cryptography library could not be found.

at com.emc.clb.clbBridge.clbBridgeJNI.new_LockBox__SWIG_0(Native Method)

at com.emc.clb.clbBridge.LockBox.<init>(Unknown Source)

at com.emc.clb.LockBox.<init>(Unknown Source)

at com.emc.common.java.crypto.SetLockboxProperty.main(Unknown Source)

Cause

Incorrect reference to the platform version of the CST libraries in the Path.

Resolution

Ensure that you have the correct platform version of the CST libraries referenced in the Path.

Note: You can also specify -Djava.library.path=<lockbox installation path>/<platform folder> in the command line. This will make

the lockbox library reference available while executing the program.

30

Scenario 6: DFC_CORE_CRYPTO_ERROR seen in logs

-naming : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0}

-scope : [DFC_CORE_CRYPTO_ERROR] A cryptography error has occurred, please consult the documentation. {0}

Cause

Lockbox is not installed in all the applicable servers.

Resolution

Ensure that lockbox has same D2Method.passphrase value across all servers. You may also see this error when one server is using

the lockbox and another is not, or when an update is not complete, and one of the servers is running pre-lockbox D2 libraries.

Scenario 7: Unable to Load AMD 64-bit .dll on a IA 32-bit Platform

The following message is shown:

No D2.lockbox found, error : C:\Documentum\config\win_vc80_x64\LBJNIWrappers.dll: Can’t load AMD

64-bit .dll on a IA 32-bit platform {} java.lang.NoClassDefFoundError: Could not initialize class

com.emc.clb.clbBridge.clbBridgeJNI

at java.lang.ClassLoader$NativeLibrary.load(Native Method)

at java.lang.ClassLoader.loadLibrary1(ClassLoader.java:1939)

at java.lang.ClassLoader.loadLibrary0(ClassLoader.java:1864)

at java.lang.ClassLoader.loadLibrary(ClassLoader.java:1854)

at java.lang.Runtime.loadLibrary0(Runtime.java:845)

at java.lang.System.loadLibrary(System.java:1084)

at com.emc.clb.clbBridge.clbBridgeJNI.<clinit>(clbBridgeJNI.java:28)

at com.emc.clb.clbBridge.LockBox.<init>(LockBox.java:35)

at com.emc.clb.LockBox.<init>(LockBox.java:305)

at com.emc.common.java.crypto.D2LockboxProperties.getLockBox(D2LockboxProperties.java:147)

Cause

JVM version mismatch.

Resolution

Per the README, Windows 2008 R2 needs the win_vc80_ia32 CST kit. Since the kit has to match the JVM version you needed to

create the lockbox using a 32-bit JVM. Add C:\Program Files (x86)\Java\jdk1.7.0_07\bin to the ClassPath to force the use of 32-bit

java and then the SetLockboxProperty command is succeeded.

31

CONCLUSION This white paper explains about installation and configuration of lockbox environment for Documentum D2 product. This also helps in

troubleshooting common issues faced during installation and configuration of the lockbox environment for Documentum D2 product.

REFERENCES EMC Documentum D2 Installation Guide.

EMC Documentum D2 Administration Guide.