Sun StorageTek Crypto Key Management System
 

PLA-Support>Sun Systems>TAPE>Backup Software-Filesystems>SN-TP: Encryption
 

Customer says his KMA shows an error under HSM status in his OKM gui.

1. Determine which KMA in the cluster has the status.

2. Verify the KMA has an installed SCA6000 card. (Look at the system dump for the sca6000info.txt file)

    It should show you something like this...
    Getting SCA device version information, command line is: /usr/sbin/scadiag -v mca0 Device mca0 version      numbers: Hardware : 1.6.6 Bootrom : 1.0.10 Firmware : 1.1.8
    .....
    Trying to log into the SCA key slot...
    PKCS11 Error: [00000005] (General error)
    PKCS11 Error: [00000190] (Cryptoki is not initialized)
    PKCS11 Error: [00000190] (Cryptoki is not initialized)
    PKCS11 Error: [00000190] (Cryptoki is not initialized)
    **means the card is not working correctly**

3. A reboot from the ELOM/ILOM redirection console is usually a good first step.
    Log onto the KMA as security officer and select the reboot option from the menu.

4. After the reboot, log into the KMA in question and look at the KMA list, what
is the status now?
     a. Inactive - look to see if the KMA is locked, if it is, unlock the KMA and refresh
         the KMA list. Should now see "Hardware" in the HSM status. (now this is fixed)
     b. Error - means the SCA6000 card has probably failed. Get another system dump and
         verify by looking at the sca6000info.txt file.

6. If the card has failed to initialize, then open a field service task and have the card replaced.

This solution has no attachment