NextGen Knowledge Center

LDAP Connection Error: "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException"

The LDAP connection error "com.mirth.connect.plugins.ldap.shared.Cryptor$<Encryption or Decryption>FailedException" can occur if the encryption key changed, if there are mismatched Java versions, or if Java Cryptography Extension (JCE) is not installed on your workstation.

This Lightweight Directory Access Protocol (LDAP) connection error message ends with either EncryptionFailedException or DecryptionFailedException. This error can result from any of the following conditions:

  • The Mirth® Connect by NextGen Healthcare encryption key changed or the encryption settings defined in /conf/mirth.properties have changed.

    The password for the admin user DN is stored by Mirth® Connect and is encrypted for security. Mirth® Connect uses an internal encryption key to encrypt the password. This internal encryption key is located in the file pointed to by the "keystore.path" setting in the mirth.properties file (the default location is /appdata/keystore.jks). If this file is changed or replaced or if the encryption settings in /conf/mirth.properties have changed, Mirth® Connect is no longer be able to decrypt the Admin password, resulting in this error.

    One reason the encryption key can change is if the Mirth® Connect server configuration is restored from a backup of a different Mirth® Connect server. In this case, the password was encrypted by using the other Mirth® Connect server encryption key and the current server is unable to decrypt it.

    To fix this problem, log on as the recovery user, re-enter the Admin password, and then select Test Connection again. These actions re-encrypt the password by using the current encryption key and verify that the credentials are correct.

  • The Mirth® Connect server is running a different version of Java than your local workstation. For example, the server is running Java 1.7.0 while the local workstation is running Java 1.8.0. To verify the version of Java on your local workstation, select About Mirth Connect in the left-side menu in the Mirth® Connect Administrator.
    Java Version on About Mirth Connect window

    To verify the version of Java running on the Mirth® Connect server, check the server log shown on the Mirth® Connect Administrator Dashboard.

    Java version entry "Running Java HotSpot(TM) 64-Bit Server VM 1.8.0_60" in server log

  • The Java Cryptography Extension (JCE) is not installed on the local workstation running the Mirth® Connect Administrator application. JCE is not included by default in Java due to export restrictions in some countries. If your country permits the use of JCE, download it here: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html.

    Unzip the JCE policy zip file and copy local_policy.jar and US_export_policy.jar into %JAVA_HOME%\jre\lib\security on your local workstation. These files already exist and must be overwritten with the JCE unlimited strength versions.