Black Box EncrypTight, ET0010A, ET0100A, ET1000A Status Errors, Renew Key Errors

ETPM and ETKMS Troubleshooting

240 EncrypTight User Guide

Status Errors

Renew Key Errors

Symptom Explanation and possible solutions

ETEMS cannot verify that the

software version installed on the

ETKMS matches the version

selected in the Appliance Manager.

In the Appliance Manager in ETEMS, when you refresh status

for a ETKMS, the ETKMS does not return information

regarding the version of the ETKMS software that is running

on the ETKMS.

remotely, and type the following command:

rpm -qi etkms

Cannot refresh the status of a new

ETKMS in ETEMS.

Deploy policies from ETPM, and then refresh the status of the

ETKMS.

ETPM reports that the policy

deployment was successful, but all

of the PEPs are marked with the

indicator and did not get the policy.

Make sure that you entered the correct name for the ETKMS

in the ETEMS Appliance Manager. This error is recorded in

the application log and in the kdist.log file on the ETKMS. A

mismatch between the name displayed in the Appliance

Manager and the actual name of the ETKMS can cause

communication failures between the ETKMS and the PEPs.

After adding a PEP in the Appliance

Manager and pushing the

configuration to the PEP, the status

shown in the PEP tab in ETPM is

not correct and indicates a .

After adding a new PEP in the Appliance Manager and viewing

the incorrect PEP status in ETPM, switch to the Appliance

Manager and then switch back to ETPM. The status indicator

for the new PEP should be correct.

The Renew Keys operation does not

indicate success or failure for

backup ETKMSs.

Click Refresh Status in ETPM and verify that the backup

ETKMS is providing coverage and reporting status.

If you add a PEP to an existing

policy and do not immediately

redeploy the policy, but later refresh

the status or renew keys, the policy

will be marked with the red

exclamation mark .

The indicator is typically used to indicate communication

errors. In this case the policy does not yet exist on the PEP

and cannot be rekeyed or refreshed.

Symptom Explanation and possible solutions

The PEP CLI is unavailable during a

deployment or rekey.

Large policy deployments or rekeys can prevent access to the

command line interface (CLI) of a PEP while the PEP is

processing the current operation. Automatic network

management system polling during this period can result in an

incorrect report that the PEP is out of service. Wait a few

minutes for the current operation to complete, and then retry.

A Renew Keys operation fails for a

specific ETKMS and ETPM displays

the following message:

Renew keys operation status

The Renew keys operation failed for

the following ETKMSs <list of

ETKMS IP addresses that failed>

This message appears when the ETKMSs listed in the error

message could not be reached during a Renew Keys

operation. The Renew keys operation was successful for all

other ETKMSs.

To ensure that all PEPs received policies and keys, check the

status indicator in the Policy View of the ETPM for all PEPs. If

the status shows a indicator, the PEPs received the

appropriate keys; otherwise, the PEPs may not have received

one or more keys and immediate action is required to prevent

network interruption.