Oracle Key Manager (OKM) - KMA is Locked And Will Not Issue Encryption Keys

Asset ID:	1-71-2199884.1
Update Date:	2018-04-09
Keywords:

Solution Type Technical Instruction Sure

Solution 2199884.1 : Oracle Key Manager (OKM) - KMA is Locked And Will Not Issue Encryption Keys

Applies to:

Oracle Key Manager - Version 2.0.0 and later
Information in this document applies to any platform.

Goal

If one or more of the KMA's in the cluster have been found to be in a "locked" state. A KMA in a "locked" state can not issue encryption keys to Agents.

It can be determined if a KMA is in the "Locked" state by reviewing the "KMA List" in the OKM GUI:

KMAID Name Description SiteID NetworkAddress1 NetworkAddress2 NetworkAddress1IPv6 NetworkAddress2IPv6 FailedLoginAttempts KMAVersion Responding RespondingService ResponseTimeInMilliseconds ReplicationLagSize KeysReadyCount KeysReadyInBackupCount KeysGeneratedCount Locked Enrolled HSMStatus

C133AA75FAE1B20E cgydc01kma01 Calgarykma01 cgydc xx.xx.xxx.xx xx.xx.xxx.xx 0 build2051 true Responding 0 0 15000 0 0 true true Inactive
4E7504FC8284DC12 cgydc01kma02 cgydc xx.xx.xxx.xx xx.xx.xxx.xx 0 build2051 true Responding 296 1 4200 0 0 true true Not Present
EAC6D1088FFF5E0F trdc01kma01 trdc01kma01 trdc xx.xx.xxx.xx xx.xx.xxx.xx 0 build2027 true Responding 294 1 15001 14981 0 false true Hardware
817D757946B10877 trdc01kma02 trdc xx.xx.xxx.xx xx.xx.xxx.xx 0 build2045 true Not Responding 267 0 15007 14997 0 false true Hardware

In the above example, the cgydc01kma01 and cgydc01kma02 KMA's have "true" set for the "Locked" field, which confirms they are in the "Locked" state.

Solution

If the customer site did not intend to "lock" the KMA, then have them "unlock" the KMA through the OKM Manager GUI, by going to "Local Configuration-->"Lock/Unlock KMA" option.

Attachments

This solution has no attachment