Sun Microsystems, Inc.  Oracle System Handbook - ISO 7.0 May 2018 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-72-1940597.1
Update Date:2014-11-04
Keywords:
Solution Type  Problem Resolution Sure

Solution  1940597.1 :   OKM - Cannot Write to Scratch Tapes at Disaster Recovery Site Receiving "No Ready Keys" Error  

Related Items 
    

  • Oracle Key Manager
    •  
Related Categories 
    

  • PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
    •  






In this Document


Symptoms


Changes


Cause


Solution



Created from <SR 3-9798113731>


Applies to:  

Oracle Key Manager - Version 2.0.0 to 3.0 [Release 2.0 to 3.0]
Information in this document applies to any platform.



Symptoms


At the disaster recovery site, all scratch mvc cartridges are getting SLS6625E errors on all of the 4 T10000 encrypted drives. The drives are enrolled in the KMA and can read data from encrypted cartridges but are not able to write to new cartridges.

There are "No Ready Keys" errors in the Audit event log when writing to new tapes. 
On the OKM GUI KMA List display, "Key Pool Ready" is at 0%. ( There is only on KMA at the Disaster Recovery site. )

Here is an example of the full message associated with the "No Ready Keys" error:
--------------
4DBF1F745B3846690000000000000FFC 4DBF1F745B384669 KMA1 Data Unit Agent Operations Medium Term Retention Create Key v2 No Ready Keys Error 000289000200 2014-10-28 12:40:47.53315+00 IBM_29 172.23.137.129 Data Unit ID = 4DBF1F745B384669E924F8279850A7EC, External Unique ID = (null), External Tag = 030278, Key Group ID = (null), Agent KWK ID = EA96989F94D811A9 Ensure that all KMAs in this Cluster are communicating. Restore communication to functioning but incommunicating KMAs. Delete any failed KMAs that cannot be brought back into communication, but only as a last resort. Deleted KMAs cannot join this Cluster again, and their deletion will split them into another Cluster. If there is only one enrolled KMA in this Cluster or if Ready Keys are not backed up, then perform a Backup.



Changes


Disaster Recovery testing.  Keys were restored from backup. 


Cause


After the keys were restored to this KMA, generated keys will only become ready keys after the keys are replicated to another KMA or backed up onto the KMA. 
Since there is only one KMA at this disaster recovery site, no replication will happen. A backup should be taken.
 
Newly generated keys cannot be given out to drives until they have been replicated or backed up.
 


Solution


From the OKM GUI Backup List window, create a backup.
Wait for the backup process to complete and then verify that the Key Pool Ready is at 100% before retrying the failed write operation on scratch cartridges.
 



Attachments

This solution has no attachment


















       

Copyright © 2018 Oracle, Inc.  All rights reserved.

 Feedback