Troubleshooting an MFT agent or logger configuration that is not secure

If a Managed File Transfer process detects at startup that a configuration file contains sensitive information, is a keystore or truststore file, and has system-wide read, write, or delete permissions, the process does not start. If the condition is detected at run time, Managed File Transfer generates a warning message and ignores the contents of the configuration file. This affects the protocol bridge and Connect:Direct® bridge capabilities, because they reload a configuration if it changes while the agent is running.

About this task

To determine the cause of the problem, complete the following checks:

Procedure

  1. From the error message generated, identify the configuration file that has been reported as not secure.
  2. Ensure that the file access permissions match the requirements needed.

    For more information, see MFT permissions to access sensitive configuration information.

  3. Restart the agent or logger. For the protocol bridge or Connect:Direct credentials files, wait for the next reload.

Example

In this example error message, a database logger fails to start: 

BFGDB0066E: The logger encountered a problem accessing its credentials file and will stop.
Reported error: BFGNV0145E: The 'Everyone' group has access to the file 'C:\mqmftcredentials.xml'.

In this example error message, a protocol bridge agent fails to start: 

BFGIO0383E: The security permissions defined for credentials file 'C:\ProtocolBridgeCredentials.xml' do not meet the 
minimum requirements for a file of this type.
Reported problem: BFGNV0145E: The 'Everyone' group has access to the file C:\ProtocolBridgeCredentials.xml'.