Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 71

Problem Determination - service default password

Get Dell PowerVault TL4000 PDF manuals and user guides View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 71 highlights

Chapter 6. Problem Determination You can enable debugging for an individual component, multiple components, or all components of the Encryption Key Manager. Check These Important Files for Encryption Key Manager Server Problems When the Encryption Key Manager fails to start there are three files to check to determine the cause of the problem. v native_stdout.log and native_stderr.log - Since the Encryption Key Manager Server runs in a background process, it has no console to display its normal informational and error messages. Those messages are logged to these two files. - If the Encryption Key Manager Server properties file contains the property debug.output.file, then these two files are created in the same directory as the debug log. - If the Encryption Key Manager Server properties file does not contain the property debug.output.file, then these two files are created in the working directory. - These two files are deleted and recreated on every start of the Encryption Key Manager Server. v Audit log - Audit log contains records that were logged as the Encryption Key Manager is processing. - The location of this file is specified by two properties in KeyManagerConfig.properties, the Encryption Key Manager Server configuration properties file: - Audit.handler.file.directory - specifies which directory the audit log should be located - Audit.handler.file.name - specifies the filename of the audit log. - For more information on Audit, see Chapter 7, "Audit Records," on page 7-1. Log Entries for Keystore Passwords Greater than 127 Characters When the Encryption Key Manager is installed as a Windows Service and the keystore passwords in the KeyManagerConfig.properties file are 128 characters in length or greater, the Encryption Key Manager will fail to start because it has no way to prompt for a password of acceptable length. The native Encryption Key Manager logs will contain entries similar to the following: native_stdout.log Server initialized Default keystore failed to load native_stderr.log at com.ibm.keymanager.KeyManagerException: Default keystore failed to load at com.ibm.keymanager.keygroups.KeyGroupManager.loadDefaultKeyStore(KeyGroupManager.java:145) at com.ibm.keymanager.keygroups.KeyGroupManager.init(KeyGroupManager.java:605) at com.ibm.keymanager.EKMServer.c(EKMServer.java:243) 6-1

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
Chapter 6. Problem Determination
You can enable debugging for an individual component, multiple components, or
all components of the Encryption Key Manager.
Check These Important Files for Encryption Key Manager Server
Problems
When the Encryption Key Manager fails to start there are three files to check to
determine the cause of the problem.
v
native_stdout.log
and
native_stderr.log
Since the Encryption Key Manager Server runs in a background process, it
has no console to display its normal informational and error messages. Those
messages are logged to these two files.
If the Encryption Key Manager Server properties file contains the property
debug.output.file
, then these two files are created in the same directory as
the debug log.
If the Encryption Key Manager Server properties file does not contain the
property
debug.output.file
, then these two files are created in the working
directory.
These two files are deleted and recreated on every start of the Encryption Key
Manager Server.
v
Audit log
Audit log contains records that were logged as the Encryption Key Manager
is processing.
The location of this file is specified by two properties in
KeyManagerConfig.properties
, the Encryption Key Manager Server
configuration properties file:
-
Audit.handler.file.directory – specifies which directory the audit log should
be located
-
Audit.handler.file.name – specifies the filename of the audit log.
For more information on Audit, see Chapter 7, “Audit Records,” on page 7-1.
Log Entries for Keystore Passwords Greater than 127 Characters
When the Encryption Key Manager is installed as a Windows Service and the
keystore passwords in the KeyManagerConfig.properties file are 128 characters in
length or greater, the Encryption Key Manager will fail to start because it has no
way to prompt for a password of acceptable length. The native Encryption Key
Manager logs will contain entries similar to the following:
native_stdout.log
Server initialized
Default keystore failed to load
native_stderr.log
at com.ibm.keymanager.KeyManagerException: Default keystore failed to load
at com.ibm.keymanager.keygroups.KeyGroupManager.loadDefaultKeyStore(KeyGroupManager.java:145)
at com.ibm.keymanager.keygroups.KeyGroupManager.init(KeyGroupManager.java:605)
at com.ibm.keymanager.EKMServer.c(EKMServer.java:243)
6-1