When you enable ForcedEncryption in the database, you need to modify the server.xml to allow ssl connection. Below are the listed steps that will be required in DCS Management server for SSL encrypted communication
1. Stop the management server service. It should be listed as Symantec Data Center Managememnt Service in services.
2. Navigate to the install directory which is normally located in "C:\Program Files (x86)\Symantec\Data Center Security Server\Server\tomcat\conf"
a. Create a backup copy of the server.xml in the above directory
3. Open the original server.xml with notepad to edit the following strings.
7. For 6.5.x and 6.6.x DCS Management servers, registry keys need to be updated additionally
a. For 6.5.x servers, open registry editor and go to below registry key: 1. Edit "JVM Option Count" registry value and set it to 1 higher than what it is currently set to (default installation its set to 8, so set it to 9)
2. Add a new Registry String Value "JVM Option Number N" where N is equal to 1 less than the "JVM Option Count" that was updated in step 2 (default installation requires: "JVM Option Number 8")
3. Set the value to: -Djsse.enableCBCProtection=false
b. For 6.6.x server, open registry editor and go to below registry key