Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1677133.1
Update Date:2017-08-16
Keywords:
Solution Type  Problem Resolution Sure

Solution  1677133.1 :   Oracle Key Manager - Hardware Security Module (HSM) Status Shows "HW error"  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Symptoms


Changes


Cause


Solution


References

Created from <SR 3-8944131821>


Applies to:  

Oracle Key Manager - Version 2.0.0 to 3.0 [Release 2.0 to 3.0]
Information in this document applies to any platform.



Symptoms


"HW error" showing in the HSM status of the KMA List


There are no related error messages in the KMA Audit log.  


The system messages file show warnings and  errors related to the crypto card:
 ---
Apr 18 19:15:33 kmaserver mca: [ID 925280 kern.warning] WARNING: STALL: count [12100] / limit [12100]
Apr 18 19:15:34 kmaserver genunix: [ID 356749 kern.warning] WARNING: mca0: unable to drain device
Apr 18 19:15:34 kmaserver mca: [ID 154702 kern.warning] WARNING: stale job(s) found in ring ffffffff8b3b4908
..
Apr 18 19:15:34 kmaserver genunix: [ID 246487 kern.warning] WARNING: mca0: crypto job timeout
Apr 18 19:15:35 kmaserver genunix: [ID 272041 kern.notice] NOTICE: mca0: Resetting board...
Apr 18 19:15:40 kmaserver OKM: [ID 718763 local7.error] Core Security Operation Cryptographic Service Provider Error   Function Name = Decrypt:C_Decrypt(2), Error Code = 48, Reason = Device error First reboot the KMA.  If the problem persists, then power cycle the KMA.
Apr 18 19:15:40 kmaserver OKM: [ID 912309 local7.error] Set User Passphrase Internal Core Security error super 111.61.222.99 User ID = user1, Quorum Key Split User Name = user2, Quorum Key Split User Name = user3 Check other recent audit events for more information.
Apr 18 19:15:59 kmaserver genunix: [ID 579641 kern.notice] NOTICE: mca0: Device standing by.


sca6000info log show the mca0 online and initialized but busy: 
---
 /usr/sbin/scadiag -l mca0
Device mca0
 State : Online
 Status: Initialized (FIPS)
 
/usr/sbin/scadiag -s mca0
Device mca0 busy. 


Changes


No known change


Cause


The sca6000 card did not complete the initialization cycle due to a device error
 



Solution


1.  First reboot the KMA.
        Refer to <Document: 1019656.1> KMS - How to Correctly Shutdown and Reboot a KMA

2.  If reboot does not resolve the problem, then power cycle the KMA. 

3.  If the KMA power cycle fails to correct the problem with the HSM Status still showing "HW error", 
        the sca6000 card may have to be replaced. 


If necessary, open a service request and attach the OKM system dump to the SR ticket for additional diagnosis. 
 


References
<NOTE:1019656.1> - OKM - How to Correctly Shutdown and Reboot a KMA



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback