KB Article #181631
CFT MA process fails to start
Problem
With SecureRelay configured and enabled in CFT, it fails to start. Depending on the version and platform, it may fail silently, or it may show exceptions in the CFT log such as "keystore password was incorrect."
Resolution
If the MA certificate was replaced, then the file pointed to by the UCONF secure_relay.ma.cert_password_fname parameter (typically it's called XsrPwd.dat) needs to be deleted or renamed before CFT is started.
The reason for this is that this file is generated by encrypting the certificate password with the certificate, so if the certificate is replaced, the contents of this file will be invalid, and MA will therefore be unable to read in the password from it.