mac check in GCM failed Errors

Ullfig, Roberto Alfredo rullfig at
Mon Mar 12 08:48:39 EDT 2018

We run in an active/standby mode where we have two servers identically configured except for IP address/mac address/hostname and a CNAME pointing to one of them. We did a CNAME switch on Friday and started getting these errors:

2018-03-12 00:00:31,541 - ERROR [] - [9DD6049BF306DE2D9C1DA41E4700327D] - [] - Exception unwrapping data
org.bouncycastle.crypto.InvalidCipherTextException: mac check in GCM failed

It appears related to the two sealer files in credentials and I believe I should have just copied these two files over to the standby server before doing the CNAME switch. I expected the errors to go away over the weekend but I still see them. Are the IDP sessions supposed to last that long? Copying over the files would probably make the matter worse now. Any ideas on how to proceed? Thanks!

Roberto Ullfig - rullfig at
IT Technical Associate
Enterprise Architecture and Development | ACCC
University of Illinois - Chicago

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list