Dell PowerVault TL4000 Dell PowerVault ML6000 Encryption Key Manager User's - Page 72
Debugging Communication Problems Between the CLI Client and the EKM Server
View all Dell PowerVault TL4000 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 72 highlights
at com.ibm.keymanager.EKMServer.(EKMServer.java:753) at com.ibm.keymanager.EKMServer.a(EKMServer.java:716) at com.ibm.keymanager.EKMServer.main(EKMServer.java:129) Debugging Communication Problems Between the CLI Client and the EKM Server Communication between the EKM CLI client and the EKM Server is done over the ports specified in the TransportListener.ssl.port property in both the server and client configuration properties files and is protected by SSL. The following is a list of possible reasons why the client may not connect to the EKM Server. It includes steps showing how to determine the problem and correct it. v The EKM Server is not running, therefore the client has nothing to communicate with. 1. Issue netstat -an from a command window and confirm that the ports specified by the TransportListener.ssl.port and TransportListener.tcp.port properties in the EKM Server properties file are displayed. If the ports are not displayed, then the server is not running v The TransportListener.ssl.host property in the EKM CLI client properties file does not point to the correct host where the EKM Server is running. 1. The value of the TransportListener.ssl.host property in the EKM CLI client properties file defaults to localhost. Modify the value of this property to point to the correct host. v The EKM Server and the EKM CLI client are not talking on the same port. 1. Check the TransportListener.ssl.port properties in both the EKM Server and the EKM CLI client properties files to confirm they are set to the same value. v The EKM Server and the EKM CLI client cannot find a common certificate to use to secure communications. 1. Ensure the keystores specified in the TransportListener.ssl.keystore and TransportListener.ssl.truststore CLI client properties contain the same certificates as the Admin.ssl.keystore and Admin.ssl.truststore keystores in the server properties. 2. Ensure the TransportListener.ssl.keystore.password in the client properties has the correct password. 3. Ensure none of the certificates in these keystores have expired. JSSE will not use expired certificates to secure communications. v The EKM CLI client properties file is read-only. 1. Check the attributes or the permissions on the file to ensure the user running the EKM CLI client has permission to access and modify the file. v The EKM Server properties file has Server.authMechanism = LocalOS but the required file from the EKMServicesAndSamples package has not been installed or was installed in the wrong location. 1. See the readme included with the EKMServiceAndSamples package for more information about authentication. Debugging Key Manager Server Problems Most problems concerning the key manager involve configuration or starting the key manager server. Refer to Appendix B, Default Configuration File, for information on specifying the debug property. 6-2 Dell Encryption Key Mgr User's Guide