OKM 2.3.1 : KMA stopped giving out keys, tapes marked "bad" tape drives "down"

Asset ID:	1-72-1593696.1
Update Date:	2017-01-18
Keywords:

Solution Type Problem Resolution Sure

Solution 1593696.1 : OKM 2.3.1 : KMA stopped giving out keys, tapes marked "bad" tape drives "down"

Applies to:

Oracle Key Manager - Version 2.3 to 2.4.1 [Release 2.0]
Information in this document applies to any platform.
KMA system dumps are available. KMA's are reachable but are not giving out keys.

Symptoms

8 drives on library A are showing "Sun Encryption Status Enrolled Initializing."

KMA is not giving out keys to tape volume when mounted. The 8 drives can

be enrolled but that is not helping the situation as no keys are being handed

out by the KMA cluster.

Changes

No changes

Cause

Review of the kma dump on KMA02 showed 125
open ports and this was causing the KMA not to give
out keys and was causing some issues with his partner.

System dump of KMA01 shows no problems.

Known issue with OKM 2.3.1 and sometimes with 2.4.

Solution

Review the system dump, look at the netstat.txt file and look for several

"ESTABLISHED" lines in that file. If there are no keys being given out, this

is the culprit. All those are open ports that have stopped the KMA from

responding to requests for keys.

Reboot the system using the console option number 8 Reboot KMA. If not

able to open the console to the KMA, use the ELOM or ILOM and perform

a graceful shutdown then a power on. This process will take about 15 minutes

total. Once the KMA is back up and on line, mount a tape using the backup

application and now the tape drive should get a key from the KMA.

NOTE: This is a reference to BugID 15721530 which has been resolved in OKM 2.5.2

References

<NOTE:1447111.2> - Information Center: Oracle Key Manager (KMS/OKM) Overview Advisor

Attachments

This solution has no attachment