Error and warning messages
These are the IBM Security Guardium Key Lifecycle Manager error and
warning messages.
File Deleted Antigen
for Exchange removed getadmingroupname.vbs since it was found to match
the FILE FILTER= unnamed: *.vbs file filter.
Explanation
The problem is typically caused on Windows systems by antivirus installation software.
System action
Installation
fails.
Administrator response
Take
these steps:
- Obtain and reinstall the
getadmingroupname.vbs
file.
- Change the antivirus file filter to avoid removing this file.
- Install IBM Security Guardium Key Lifecycle Manager again.
CTGKM0519E Operation fails because the key
alias VALUE_0 already exists. Specify valid alias, and retry the operation.
Explanation
Operation fails
because the specified key alias already exists.
System action
The certificate
operation fails.
Administrator response
Specify valid alias, and retry the operation.
CTGKM2101E Location specified in replication.BackupDestDir is not a valid directory.
Explanation
replication.BackupDestDir must specify a valid directory.
System action
The operation fails.
Administrator response
Correct setting of replication.BackupDestDir to a valid directory.
CTGKM2102E No valid replication config file exists. It will be created.
Explanation
No valid replication config file exists. It will be created.
System action
The operation fails.
Administrator response
No action required.
CTGKM1015E Key server is down.
Explanation
The key server is an internal component that the Guardium Key Lifecycle Manager server contains.
There might be a protocol or a certificate error or the database might
not be started when the Guardium Key Lifecycle Manager server comes
up.
System action
Keys are not served.
Administrator response
You might need to correct a protocol or
certificate specification or start the database. Examine the audit
log for error messages. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM® Support.
CTGKM1016E TCP
port not available.
Explanation
The TCP port did not initialize. Guardium Key Lifecycle Manager is not ready to accept key requests on the TCP
port. It might be that another process has the port or that the socket timed out.
System action
The
TCP port fails to initialize and TCP communication fails.
Administrator response
Ensure that no other program is using the TCP port. If the other process
must have the port, specify a new TCP port number. Then restart the Guardium Key Lifecycle Manager server. If the
problem continues, examine the audit log. After making corrections,
restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.
CTGKM1017E TLS failed to
initialize.
Explanation
The TLS port did not initialize. Guardium Key Lifecycle Manager is not ready to accept key requests from a client
on the TLS port. It might be that another process has the port or that the socket timed out.
System action
The TLS port fails
to initialize and TLS communication fails.
Administrator response
Ensure that no other program is using the TLS port. If the other process must have the port, specify
a new TLS port number. Then restart the Guardium Key Lifecycle Manager server. If the problem continues, examine the audit log. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.
CTGKM1018E KMIP failed to initialize.
Explanation
An internal error occurred. IBM Security Guardium Key Lifecycle Manager could not
complete initialization for KMIP. It might
be that another process has the port or that the socket timed out.
System action
The KMIP TLS port fails to initialize and IBM Security Guardium Key Lifecycle Manager cannot accept KMIP requests from a client.
Administrator response
Ensure that no other program is using the KMIP TLS port. If the other process must have the
port, specify a new KMIP TLS port number.
Then restart the Guardium Key Lifecycle Manager server. If the problem
continues, examine the audit log. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.
CTGKM1020E Each port value must be unique. Two or more of the port
values configured have the same value.
Explanation
TCP, TLS, and KMIP
TLS cannot use the same port.
System action
The TCP, TLS, or
KMIP TLS port values will not be saved until the values are updated to be unique
values.
Administrator response
Set the TCP, TLS, and KMIP TLS ports to unique values.
CTGKM1050E An entry in a required field is missing, or an entry is not
valid. The field is highlighted below.
Explanation
You attempted to change to another page or to submit
changes when either a required field is not complete or you entered
a value that is not valid.
System action
Additional page help appears by the field that has
the error.
Administrator response
Correct the entry. Then submit the change
again.
CTGKM1051E Because this certificate is currently the ${0} certificate
and is in use, it cannot be deleted. If you still wish to delete this
certificate, you must change the ${0} certificate.
Explanation
You cannot delete a
certificate that is currently specified as the default or the system partner certificate, or a
certificate that is currently assigned as the in-use TLS/KMIP server certificate.
System action
The operation fails.
Administrator response
Specify another certificate as the current default or system partner certificate, or the in-use
TLS/KMIP server certificate. Then try to
delete this certificate again.
CTGKM1052W Certificate will be deleted only if it is not currently used
by any device. Any ${0} written previously using this certificate
will be non-readable if the certificate is deleted. Are you sure you
would like to try to delete ${1}?
Explanation
You cannot delete a certificate that is currently
used by a device. Delete certificates only when the data protected
by those certificates is no longer needed.
System action
If you proceed, the certificate is deleted. Deleting
a certificate marks the certificate as destroyed in the database and
deletes the material from the keystore.
Administrator response
Continue to delete the certificate, assuming
it is not in use by a device.
CTGKM1053W Are you sure you would like to delete the device with device
serial number ${0}?
Explanation
This message confirms that you want to delete the
selected device.
System action
Confirming the message deletes the device.
Administrator response
Ensure that the serial number correctly
identifies the device that you intend to delete. Then click OK to delete the device.
CTGKM1054E Because this key group is currently the ${0} key group and
is in use, it cannot be deleted. If you still wish to delete this
key group, you must change the ${0} key group.
Explanation
IBM Security Guardium Key Lifecycle Manager could not
delete a key group that is a default.
System action
The key group is retained in the IBM Security Guardium Key Lifecycle Manager database.
Administrator response
Ensure that the key group is not the default
or reassign another key group to be the system default.
Then try the operation again.
CTGKM1055W Deleting a key group deletes all the keys within a key group.
Any data protected by these keys will be non-readable if the keys
are deleted. Are you sure you would like to delete ${0}?
Explanation
Deleting a key group marks the key group and all
keys in the group as destroyed in the database and deletes the material
from the keystore.
System action
If you proceed, the key group and all keys in the
key group are deleted.
Administrator response
Ensure that data protected by the keys
in the key group is no longer needed. Then continue the delete operation.
CTGKM1056W Directory ${0} does not exist. Do you want to create it?
Explanation
The selected directory path that is specified
to store the keystore does not currently exist.
System action
If you continue, the directory is created.
Administrator response
Confirm that you want to create the directory
to store the keystore.
CTGKM1057W Deleting a key will render any data protected by the
key non-readable. Are you sure you would like to delete the following
key: ${0}?
Explanation
Deleting a key marks the key as destroyed in the
database and deletes the material from the keystore. Data protected
by the key is no longer readable.
System action
If you proceed, the key is deleted.
Administrator response
Ensure that data protected by the key
is no longer needed. Then continue the delete operation.
CTGKM1058W Delete ${0}. Warning: Critical data will be deleted. Do you
want to continue?
Explanation
You are about to delete a backup file. This message
asks you to confirm the deletion.
System action
If you continue, the backup file is deleted.
Administrator response
Ensure that the data protected by this
backup level is no longer needed, or is replicated in another level.
Then continue the delete operation.
CTGKM1059E Path entered is not valid.
Explanation
The path that you entered is not a valid path.
System action
The path does not exist.
Administrator response
Specify a correct, existing path. Then try
again.
CTGKM1060W Warning: If you delete ${0}, the level of this backup cannot
be restored. Do you want to continue?
Explanation
Deleting a backup file means you cannot restore the
level again.
System action
If you proceed, the backup file is deleted.
Administrator response
Ensure that data protected by this backup
level is no longer needed, or is replicated in another level. Then
continue the delete operation.
CTGKM1061W Creating backup to ${0}. Do you want to continue?
Explanation
This operation writes a backup file to the specified
location.
System action
The operation writes a backup file to the location
in this message.
Administrator response
Confirm that you want the backup file written
to the specified location. Then continue.
CTGKM1062W The system will be restored from
${0}. The key and configuration data will be restored to the level of the backup that you select.
Any changes made after the selected backup will be lost, including the metadata. After restoring
from this backup, the server will be restarted automatically. The server will not be available
during the restart process. After the server is restarted, you must restart the browser session (Log
in again to use the product user interface). Do you want to continue?
Explanation
The key and
configuration data are restored to the level of the backup that you select. Any changes made after
the selected backup are lost, including the metadata.
System action
The key and
configuration data are restored to the level of the backup you select. Later changes are
lost.
Administrator response
Confirm that you want to restore from this
backup level. When the operation completes, manually restart the Guardium Key Lifecycle Manager server.
CTGKM1063E A default key group needs to include at least one key.
Explanation
There are no keys in the default key group. Values
in fields on this page might specify no keys, fail to add needed keys,
or delete existing keys to zero.
System action
The operation fails.
Administrator response
Ensure that the key group has at least
one valid key. Then try again to specify the key group as the default.
CTGKM1064E You cannot delete this certificate, which is currently used
by ${0} tape drives as either a system default, or as a partner certificate.
First, use the appropriate ${0} management panel to specify a different
certificate as the system default or partner certificate. Then, delete
the certificate.
Explanation
You cannot delete a certificate that is in use as
the system default or partner certificate.
System action
The operation fails.
Administrator response
First, use the appropriate ${0} management
panel to specify a different certificate as the system default or
partner certificate. Then, delete the certificate.
CTGKM1065W The number of keys returned exceeds the limit of ${0} records,
which are displayed. You might need to specify a different filter
for your search. Then try again.
Explanation
The search returned more keys than the limit allows.
System action
The search fails.
Administrator response
You might need to specify a different
filter for your search. Then try again.
CTGKM1066W Critical data is added. Create a
backup to ensure that you can restore this data later.
Explanation
Critical data is added such as certificates or keys.
System action
Data is added.
Administrator response
To ensure that you can restore critical
data in case of loss, create a backup file.
CTGKM1067W Are you sure you would like to delete ${0}? ${0} will no longer become a default in the future.
Explanation
This
operation deletes assignment of the certificate or key group as a
future default rollover.
System action
The system deletes the assignment as a rollover for
the certificate or key group. The action does not delete the certificate
or key group.
Administrator response
Determine that there is no requirement
to use the certificate or key group as a future default. Then continue.
CTGKM1068E You need to select at least one type of default.
Explanation
You attempted to specify a certificate for future
use as a rollover without also specifying that the certificate will
be the default or partner certificate, or both, on an effective date.
System action
The operation pauses until you specify that the
selected certificate is a default or partner certificate, or both,
on the effective date.
Administrator response
Specify use as either the default or partner
certificate, or both, for the certificate. Then continue.
CTGKM1069E Select a certificate from the list.
Explanation
To continue, the operation requires that you select
a certificate.
System action
The operation pauses until you specify a certificate.
Administrator response
Select a valid certificate. Then continue.
CTGKM1070E There is no certificate defined. Close this
panel and add a certificate.
Explanation
A required certificate is not in place.
System action
The operation fails.
Administrator response
Add the necessary certificate. Then try
again.
CTGKM1071E IBM Security Guardium Key Lifecycle Manager application does not appear to be in a running state.
The Guardium Key Lifecycle Manager server may be down at the moment or is still starting. Make sure that the Guardium Key Lifecycle Manager server is up
and try your request again.
Explanation
The Guardium Key Lifecycle Manager server might be down at the moment or is still starting.
System action
The operation fails.
Administrator response
Ensure that the Guardium Key Lifecycle Manager server is running.
Then try your request again.
CTGKM1075E Insufficient permission to see the information provided on
this page.
Explanation
Your role does not have the necessary permission to
view the data.
System action
The page does not display the information.
Administrator response
Obtain a user ID with the required permission.
Then try again.
CTGKM1076W The current TLS/KMIP server certificate has been updated. Restart
the server to put this change into effect. Then create a backup to ensure that you can restore this
data.
Explanation
An update occurred to
the current TLS/KMIP server
certificate.
System action
The certificate update completes.
Administrator response
Restart the server to put this change into
effect. Then create a backup to ensure that you can restore this data.
CTGKM1077W The current TLS server
certificate has been updated. In order for this change to go into effect you must restart the
server.
Explanation
An update occurred to
the current TLS server certificate.
System action
The certificate update completes.
Administrator response
Restart the server to put this change into
effect. Then create a backup to ensure that you can restore this data.
CTGKM1078W Are you sure you would like to delete certificate ${0}?
Explanation
Deleting a certificate marks the certificate as destroyed
in the database and deletes the material from the keystore. Delete
certificates only when the data protected by those certificates is
no longer needed. Deleting certificates is similar to erasing the
data. After certificates are deleted, data protected by those certificates
is not retrievable.
System action
If you continue, the certificate is deleted.
Administrator response
Ensure that the certificate and the data
that it protects are not needed. Then continue.
CTGKM1080E Insufficient permission to perform this action.
Explanation
Your role lacks one or more permissions required to
take the action.
System action
The action fails.
Administrator response
Obtain a user ID with the required permissions.
Then try again.
CTGKM1081W Are you sure that you want to delete device group ${0}?
Explanation
You might delete an empty device group such as myLTO. You cannot
delete a device group if any devices, keys or certificates are in
that group. You also cannot delete a device family that IBM Security Guardium Key Lifecycle Manager provides.
System action
If you continue, the device group is deleted.
Administrator response
Determine whether the empty device group
is a valid candidate to delete. Then continue.
CTGKM1082E Select a certificate from the list.
Explanation
The operation requires that you specify a certificate.
System action
The operation waits for your selection.
Administrator response
Select a certificate. Then continue.
CTGKM1087W Are you sure you would like to reject device ${0}?
Explanation
The device is in a pending device list. You must accept
or reject the device request to be served keys. You can only reject
devices for device groups that you have permissions to create. By
repeating a request, the device might appear again in the pending
list.
System action
Rejection removes the device from the pending list.
Administrator response
Ensure that you do not want keys served
to the device. Then reject the request.
CTGKM1088W Creating more than 1000 keys may take a few minutes. Do
you want to continue?
Explanation
Creating a large number of keys requires a significant
time interval.
System action
If you continue, IBM Security Guardium Key Lifecycle Manager creates
the keys.
Administrator response
Ensure that you have time for this operation
to complete. Then continue.
CTGKM1089E Insufficient permission to accept this device.
Explanation
You can only accept devices for device groups that
you have permissions to create.
System action
The operation fails. Acceptance enables serving
keys to the device and removes the device from the pending list.
Administrator response
Obtain a user ID that enables you to accept
devices from the pending list. Then try again.
CTGKM1091E Unknown device family id: ${0}
Explanation
The device family for the operation is unknown.
System action
The operation fails.
Administrator response
Collect any information that might be in
the audit log. You might need to contact IBM Software Support.
CTGKM1092W Keystore file ${0} already exists. Would you like to use
this existing keystore?
Explanation
The keystore name that you specified matches the name
of an existing keystore.
System action
If you continue, the operation uses the existing
keystore.
Administrator response
Determine whether the existing keystore
is appropriate to use. Then continue.
CTGKM1093W No machines were found for the ${0} device family.
Explanation
Adding machines requires that you first specify whether
device requests are automatically approved or held pending your approval.
System action
The operation cannot be done at this time.
Administrator response
To add machines, use the ${0} management
panel to specify one of these choices:
- Automatically accept all new device requests for communication.
- Hold new device requests pending approval.
CTGKM1094W Do not use the setting of Automatically accept for the ${0}
device family. This setting allows generation and serving of keys
to ${0} storage servers before you can perform a backup.
Explanation
This setting is not appropriate for devices in this
device family.
System action
The operation fails.
Administrator response
Select to manually add devices for communication,
or to hold new device requests pending your approval. Then continue.
CTGKM1095W Changing the device group of a certificate from an ${0} causes
the certificate to be unavailable to devices in other device groups
that previously referenced the certificate. Are you sure you want
to continue?
Explanation
This message occurs if you attempt to change (or update)
an UNKNOWN certificate.
System action
If you continue, the assignment for this certificate
is changed. This certificate will only be able to be used by devices
in the selected device group or later modified to a different device
group within the same device family.
Administrator response
If you are sure the certificate belongs
to this device family, select OK to continue with the device
group assignment.
CTGKN1003E File name entered for the certificate to be imported is not
valid. Double-click on the ${0} column of the selected certificate
entry to enter a valid path and file name.
Explanation
The file name that you entered is not a valid file
name.
System action
The file name does not exist in the specified path.
Administrator response
Specify a correct, existing
path and file name. Then try again.
CTGKN1005W This panel cannot be accessed before a master keystore has
been created. Click on the master keystore link to create it now.
Explanation
First, you must create a master keystore.
System action
The content of the page is not displayed
until a keystore is created.
Administrator response
Create the master keystore. Then try again.
CTGKN1006I Key name specified is not a known key.
Explanation
The key that you specified is unknown.
System action
The operation fails.
Administrator response
Obtain a valid key name. Then try again.
CTGKN1007E Insufficient permission to import the certificate.
Explanation
Your role must have the permissions to the create
action and to the appropriate device group. Or, your role must have the permission to the configure
action to import a TLS or KMIP,
certificate.
System action
The import operation fails.
Administrator response
Obtain a user ID with the required permissions.
Then try again.
CTGKN1008E Insufficient permission to add additional keys to the key
group.
Explanation
Your role must have permissions to the modify action and to
the appropriate device group.
System action
The operation fails.
Administrator response
Obtain a user ID with the permissions required
to add keys to a key group. Then try again.
CTGKN1011W You cannot go to the Key and Device Management panel because
the certificate belongs to an ${0} device group.
Explanation
Because the certificate belongs to an UNKNOWN or CONFLICTED
device group, the system cannot display a specific key and device
management panel for a device group.
System action
The system issues this warning.
Administrator response
Click on the Key and Device Management
navigation link and select the panel for the device group that you
want to use this certificate.
CTGKN1012W Are you sure you would like to reject the certificate with
a subject distinguished name of ${0} and issuer distinguished name
of ${1}?
Explanation
The message confirms that you want to reject the selected
client device communication certificate that was pushed to the Guardium Key Lifecycle Manager server from a
device.
System action
Confirming the message will remove the certificate
from IBM Security Guardium Key Lifecycle Manager. The certificate will not be able to be used for secure communications
between the device and the server. The certificate will not be added
to the keystore.
Administrator response
Ensure that the subject distinguished name
and issuer distinguished name correctly identify the client device
communication certificate that you intend to reject. Then click OK to remove the certificate. For more information to identify the certificate before rejection, click Cancel and then select View for the certificate.
CTGKN1014E The selected certificate has expired and therefore cannot
be accepted. Select Reject to remove it from the table.
Explanation
A client device communication certificate that was
pushed to the Guardium Key Lifecycle Manager server from a device has expired before being accepted. Expired
certificates cannot be accepted.
System action
The certificate is not added to the IBM Security Guardium Key Lifecycle Manager keystore.
Administrator response
Select Reject to remove the certificate
from the list of pending client device communication certificates.
CTGKM0002E Operation fails because
VALUE_0 is an invalid parameter. Specify a valid parameter, and retry the
operation.
Explanation
The parameters
specified with the operation are incorrect.
System action
The operation
fails.
Administrator response
Examine the error message to identify the specification or parameter that caused the error, and
retry the operation.
CTGKM0003E Operation failed because of an
internal error. Refer to the logs for more information. Correct the problem and restart the server.
Explanation
Unhandled exception.
System action
The operation
fails.
Administrator response
Examine the exception message and debug logs. Then, retry the operation.
CTGKM0082E
TLS connection cannot be established because the server certificate with alias
VALUE_0
has expired or is invalid. Configure a server certificate and retry the operation.
Explanation
The server
certificate that is specified in the SKLMConfig.properties file has expired.
System action
TLS handshake fails and TLS connection cannot be established.
Administrator response
Configure a valid TLS server certificate in the database. Restart the server. Check logs for more
information.
CTGKM0082E
TLS connection cannot be established because the server certificate with alias
VALUE_0
has expired or is invalid. Configure a server certificate and retry the operation.
Explanation
The server
certificate that is specified in the SKLMConfig.properties file has expired.
System action
TLS handshake fails and TLS connection cannot be established.
Administrator response
Configure a valid TLS server certificate in the database. Restart the server. Check logs for more
information.
CTGKM0100E
Cannot obtain audit and key serving parameters information.
Explanation
An internal
component of the IBM Security Guardium Key Lifecycle Manager server is not
running, such as the key server.
System action
The internal component fails to obtain audit and debug
information.
Administrator response
Contact IBM Support.
CTGKM0101E Cannot update audit information.
Explanation
A change was not written to the SKLMConfig.properties
file.
System action
A property value is not updated.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled. Then, try the operation again. If the problem persists, contact IBM Support.
CTGKM0102E Cannot update key serving parameter or port information.
Explanation
A change was not written to the SKLMConfig.properties
file.
System action
A property value is not updated.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled. Then, try the operation again. If the problem persists, contact IBM Support.
CTGKM0103E
Cannot retrieve keystore information.
Explanation
The keystore
information was not available from the database.
System action
The database is not available.
Administrator response
Ensure that the database is available. Correct any database server runtime errors that you identify.
Then, try the operation again.
CTGKM0104E
Cannot add keystore.
Explanation
The keystore
information might not be available from the database. Alternatively, the directory for the keystore
file cannot be found. You might not have access to the directory. There might be more information in
the message that describes the problem.
System action
The keystore is not added.
Administrator response
Ensure that the database is available. Additionally, determine that the directory exists for the
keystore file. Additional information in the message might guide your response. Make appropriate
changes. Then, try the operation again.
CTGKM0110E
Retrieval of TLS/KMIP certificates failed:
Explanation
The attempt to
obtain a list of TLS/KMIP certificates was not successful. The database might not be available, or a
connection to the IBM Security Guardium Key Lifecycle Manager server might not be
available.
System action
A list of certificates is not retrieved.
Administrator response
Ensure that connections to the database and IBM Security Guardium Key Lifecycle Manager server are available. If a connection problem
exists, make the appropriate corrections. Then, try the operation again.
CTGKM0111E Retrieval of IKEv2-SCSI
certificates failed:
Explanation
The attempt to obtain
a list of IKEv2-SCSI certificates was not successful. IBM Security Guardium Key Lifecycle Manager
database might not be available, or a connection to the IBM Security Guardium Key Lifecycle Manager
server might not be available.
System action
A list of
certificates is not retrieved.
Administrator response
Ensure that connections to IBM Security Guardium Key Lifecycle Manager database and IBM Security
Guardium Key Lifecycle Manager server are available. If a connection problem exists, make the
appropriate corrections. Then, try the operation again.
CTGKM0112E TLS/KMIP certificate submit
failed:
Explanation
You might not have permission to write to the
certificate request file. Alternatively, there might not
be sufficient free disk space, or the database might not
be available.
System action
The certificate request is not created.
Administrator response
Ensure that your permissions are correct, that there is
sufficient free disk space, and that the database
connection is available. If not, make the appropriate
corrections. Then, try the operation again.
CTGKM0113E
IKEv2-SCSI certificate submit failed:
Explanation
You might not have permission to write to the
certificate request file. Alternatively, there might not
be sufficient free disk space, or the database might not
be available.
System action
The certificate request is not created.
Administrator response
Ensure that your permissions are correct, that there is
sufficient free disk space, and that the database
connection is available. If not, make the appropriate
corrections. Then, try the operation again.
CTGKM0114E Certificate label and description (common name) are required fields.
Explanation
An empty or null value was found for a certificate
name, or the description (common name) for the certificate
might be missing in the certificate request.
System action
The operation fails.
Administrator response
Specify a unique value for the certificate name and specify
a common name for the certificate. Then, try the
operation again.
CTGKM0115E Certificate was not selected.
Explanation
A certificate was not selected from the list of valid, active
certificates for communication with the server.
System action
The operation fails.
Administrator response
Select a valid certificate, Then, try the operation
again.
CTGKM0116E
Selected certificate does not match any active certificates
in the keystore.
Explanation
An exception occurred in internal processes.
System action
The selected
certificate does not match any of the list of certificates in the keystore. The certificate might
have been manually deleted from the keystore, but not from metadata in the database.
Administrator response
Select a different certificate. Then, try the operation
again. You might need to ensure that your database
metadata is a match to the contents of the keystore.
CTGKM0117E Cannot create directory
DIRECTORY_NAME
.
Explanation
You might not have the correct access to create the
directory, or the specified path might have an error.
The directory might already exist. There might be
additional information.
System action
The create directory operation fails.
Administrator response
Ensure that your access allows you to create a directory
and that the specified path is valid. Additional
information might also guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0118E Directory with the name you specified already exists.
Explanation
The specified directory name already exists in the file system.
System action
The create directory operation fails.
Administrator response
Ensure that the specified directory does not already exist in the file system.
CTGKM0119E Cryptographic object not found:
VALUE_0
Explanation
The cryptographic object for given unique identifier or name does not found.
System action
The PUSH operation fails.
Administrator response
Ensure that you have provided correct unique identifier or name for the cryptographic object to be pushed to client.
CTGKM0120E Either cryptographic object's unique identifier(uuid) or name is required. Please provide one.
Explanation
Either cryptographic object's unique identifier(uuid) or name is required. Please provide one.
System action
The PUSH operation fails.
Administrator response
Ensure that either cryptographic object's unique identifier(uuid) or name is provided for PUSH operation.
CTGKM0200E
Cannot add device.
Explanation
The device might
already exist, or the database might not be available. There might be additional information.
System action
The device add operation fails.
Administrator response
Determine whether you correctly specified the device.
Alternatively, you might need to confirm that the
database is available. Additional information in this
message might also guide your response. Make
corrections. Then, try the operation again.
CTGKM0201E
Cannot modify device.
Explanation
The device might
already exist, or the database might not be available. There might be additional information.
System action
The device modify operation fails.
Administrator response
Determine whether you correctly specified the device.
Alternatively, you might need to confirm that the
database is available. Additional information in this
message might also guide your response. Make
corrections. Then, try the operation again.
CTGKM0202E
Cannot delete device.
Explanation
The device might
not exist, or the database might not be available. There might be additional information.
System action
The device delete operation fails.
Administrator response
Determine whether you correctly specified the device.
Alternatively, you might need to confirm that the
database is available. Additional information in this
message might also guide your response. Make
corrections. Then, try the operation again.
CTGKM0205E
Cannot retrieve template
defaults.
Explanation
Internally-processed template default information was not available from the database.
System action
The operation fails.
Administrator response
Determine whether the database is available. Correct any database server runtime errors that you
identify. Then, try the operation again. You might need to contact IBM Support.
CTGKM0206E
Cannot retrieve certificates.
Explanation
A list of certificates was not available. The IBM Security Guardium Key
Lifecycle Manager database might not be available. There
might be additional information.
System action
Certificate retrieval fails.
Administrator response
Confirm that the database is available. You might need to restart the IBM Security Guardium Key Lifecycle Manager server. Additional information in this message
might also guide your response. Make corrections. Then, try the operation again.
CTGKM0207E
Certificate creation fails due
to incorrect certificate information or a problem with the keystore. Refer to the logs for more
information. Correct the errors and retry the operation.
Explanation
The certificate is
not created in the keystore because of incorrect certificate information or a problem with the
keystore. The error message might include additional information to help you identify the problem.
System action
The certificate create operation fails.
Administrator response
Ensure that the required certificate information is correct. Additional information in the error
message might also guide your response. Correct the errors and retry the operation.
CTGKM0208E
Cannot modify certificate.
Explanation
IBM Security Guardium Key Lifecycle Manager could not modify information for the specified
certificate. If you specify that the certificate is a system default or partner certificate, the
properties file might not be available. If you modify the Trust setting for a certificate, refer to
additional information in this message.
System action
The certificate modify operation fails.
Administrator response
Ensure that the properties file is available, and that
you have write access. Additional information in this
message might guide your response. Correct errors. Then,
try the operation again.
CTGKM0209E
Cannot delete certificate.
Explanation
IBM Security Guardium Key Lifecycle Manager could not delete a certificate that is a system
default or partner, or associated with a device. This message might have additional information.
System action
The certificate delete operation fails.
Administrator response
Ensure that the certificate is not a system default or
partner certificate, and that the certificate has no
associated devices. Additional information in this
message might also guide your response. Then, try the
operation again. If the delete operation is successful,
ensure that you back up the keystore again to retain its
current state.
CTGKM0210E
Cannot update setting to accept requests from all drives.
Explanation
An attempt was made to change the
drive.acceptUnknownDrives property in the
SKLMConfig.properties file. The file might be write
protected. Alternatively, an internal component such as
the key server component returned an error or was not
available. This message might provide additional
information.
System action
The operation fails.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you
might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the
operation again. Additional information in this message might guide your response.
CTGKM0211E
Cannot retrieve IBM Security Guardium Key Lifecycle Manager status.
Explanation
An internal component such as the key server component
returned an error or was not available. The
SKLMConfig.properties file might be write protected.
This message might provide additional information.
System action
Server status retrieval fails.
Administrator response
Ensure that the SKLMConfig.properties file is write
enabled. You might restart the IBM Security Guardium Key Lifecycle
Manager server. Then, try the operation again.
Additional information in this message might guide your
response.
CTGKM0214E
Cannot retrieve key groups.
Explanation
IBM Security Guardium Key Lifecycle Manager database might not be available. Alternatively, an
internal component such as the key server component returned an error or was not available. This
message might provide additional information.
System action
The operation fails.
Administrator response
Confirm that the database is available. You might need to restart the IBM Security Guardium Key Lifecycle Manager server. Additional information in this message might
also guide your response. Make corrections. Then, try the operation again.
CTGKM0215E
Cannot create key group.
Explanation
You might have specified a value that is not valid for a
key group. Alternatively, IBM Security Guardium Key Lifecycle
Manager database might not be available or an internal
component such as the key server component returned an
error or was not available.
System action
The operation fails.
Administrator response
Ensure that your values for a key group are valid. Ensure that the database is available. If an
internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.
CTGKM0216E Cannot modify this key group.
Explanation
An attempt failed to modify this key group.
There might be more information in the message that
describes the problem.
System action
The modification requested for this key group does not occur.
No keys are added to or deleted from the key group.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0217E
Cannot delete key group that is a system default, or that is associated with a device or pending device.
Explanation
IBM Security Guardium Key Lifecycle Manager could not delete a key group that is a system
default, or that is associated with a device. There might be additional information in this message.
System action
The key group is retained in the IBM Security Guardium Key Lifecycle
Manager database.
Administrator response
Ensure that the key group is not the system default, and
that the key group also has no associated devices.
Additional information in this message might also guide
your response. Then, try the operation again.
CTGKM0218E Cannot create the following keys in this key group.
Explanation
An attempt failed to create keys for this key group.
There might be more information in the message that
describes the problem.
System action
The keys are not created, or are not added as members of
the key group.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0219E Because this certificate is currently expired and the
validate certificates check is enabled, cannot make this
certificate the System Default or System Partner.
Explanation
The certificate has expired and is no longer available
for use.
System action
The operation fails.
Administrator response
Select another certificate. This certificate has
expired.
CTGKM0220E Cannot retrieve available keys.
Explanation
An attempt failed to retrieve all available symmetric
keys. There might be more information in the message
that describes the problem.
System action
The keys are not found.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0221E Cannot retrieve keys from key group.
Explanation
An attempt failed to retrieve keys from a key group.
There might be more information in the message that
describes the problem.
System action
The keys are not found.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0222E Device serial number is not valid
VALUE_0
, must be 12 characters for 3592 and DS8000 device families or 1-48 characters long for DS5000 device family, contain valid characters, and cannot have leading or trailing whitespace.
Explanation
The device serial number for a device be exactly 12 characters for 3592 and DS8000 device families or 1-48 characters for DS5000 family
and follow a specific format.
System action
The operation fails.
Administrator response
Ensure that your specification is 12 valid characters in
length and contains alphanumeric, period, dash, semicolon,
and underscore characters, or a space that is not in the
first or last position. Additional information in this
message might also guide your response. Correct the problem
and try the operation again.
CTGKM0223E
Device already exists with device serial number
VALUE_0
, Device group
VALUE_1
VALUE_2
, World Wide Name
Explanation
You specified
values for a device that already exists in the database.
System action
The device create operation fails.
Administrator response
Specify values for a device that does not currently exist in the database. Then, try the operation
again.
CTGKM0224E
World wide name is not valid
VALUE_0
Explanation
IBM Security Guardium Key Lifecycle Manager requires that a worldwide name be 8 characters or
less in length.
System action
The operation fails.
Administrator response
Specify a worldwide name that meets the length
requirement of 8 characters or less. Then, try the
operation again.
CTGKM0225E
Cannot add device with device
serial number VALUE_0
VALUE_1
VALUE_2 because the specified key VALUE_1 does not exist in
keystore VALUE_2.
Explanation
You attempted to
create a device and associate it with a key that was not found in the IBM Security Guardium Key Lifecycle Manager keystore.
System action
The device add operation fails.
Administrator response
Specify an alternate key. Then, try the operation again.
CTGKM0226E The certificate is not active and cannot be the
System Default or System partner certificate.
Explanation
The validate certificates check is enabled. The process
determined that this certificate is not active and cannot be
the System Default or System Partner.
System action
The operation fails.
Administrator response
Select a certificate that is in active state and try
the operation again.
CTGKM0227E
Cannot retrieve available key groups.
Explanation
The key groups
information was not available from the database.
System action
The key groups are not retrieved.
Administrator response
Ensure that the database is available. Then, try the operation again.
CTGKM0228E Cannot retrieve key information.
Explanation
An attempt failed to retrieve key information. There
might be more information in the message that describes
the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0229E Cannot retrieve keys.
Explanation
An error occurred while retrieving a list of keys. There
might be more information in the message that describes
the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0230E Cannot create keys.
Explanation
An attempt to create a key or keys did not complete.
There might be more information in the message that
describes the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0231E Cannot modify key membership.
Explanation
An attempt to modify key membership did not complete.
There might be more information in the message that
describes the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0232E Cannot delete key.
Explanation
The key that you intend to delete, might not be found,
or there might be a database error. There might be more
information in the message that describes the problem.
System action
The key is not deleted.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0233E Cannot list backup files.
Explanation
Cannot retrieve the data for the backup files.
System action
The list backup files operation fails.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0234E Cannot locate default backup directory.
Explanation
Cannot read the property value for the backup
directory.
System action
Failed to read backup directory.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0235E Cannot obtain the progress of the running process.
Explanation
Cannot obtain the progress of the running backup or
restore process.
System action
Failed to get the progress of the running process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0236E Cannot obtain the progress state of the running process.
Explanation
Cannot obtain the progress state of the running backup
or restore process.
System action
Failed to get the progress state of the running process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0237E Cannot obtain the process result of the completed process.
Explanation
Cannot obtain the process result of the completed backup
or restore process.
System action
Failed to get the process result of the completed
process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0238E Cannot create backup.
Explanation
Cannot initiate the backup process.
System action
Failed to initiate the backup process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0239E Cannot restore from backup.
Explanation
Cannot initiate the restore from backup process.
System action
Failed to initiate the restore from backup process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0240E Cannot delete backup.
Explanation
Cannot delete the backup process.
System action
Failed to delete the backup process.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0242E
Failed to create backup to
backup_file
.
Explanation
Cannot back up the
IBM Security Guardium Key Lifecycle Manager system.
System action
Backup operation
failed to back up the IBM Security Guardium Key Lifecycle Manager system.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM0244E
Failed to restore from
backup_file
.
Explanation
Cannot restore the
IBM Security Guardium Key Lifecycle Manager system.
System action
Restore operation
failed to restore the IBM Security Guardium Key Lifecycle Manager system.
Administrator response
Check the log entries to find out the reason for the
failure. Make appropriate changes. Then, try the
operation again.
CTGKM2912W Import failed due to conflict arose because of <Variable_IDs/Aliases>.
Explanation
For a successful import, follow the resolution process.
CTGKM0245E
The key name specified is not known.
Explanation
You might have incorrectly specified the key name value.
Alternatively, IBM Security Guardium Key Lifecycle
Manager database might not be available or an internal
component such as the key server component returned an
error or was not available.
System action
The operation fails.
Administrator response
Ensure that your value for a key name is valid and is in the keystore. Ensure that the database is
available. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.
CTGKM0246E Cannot identify the next key to be used from this key group.
Explanation
An attempt failed to determine the next key to be used from this
key group.
There might be more information in the message that
describes the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then try the operation again.
CTGKM0247E Cannot retrieve future write defaults.
Explanation
An error occurred while retrieving a list of future write defaults.
There might be more information in the message that describes
the problem.
System action
The operation fails.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0248E
Cannot retrieve current system default.
Explanation
An internal component such as the key server component
returned an error or was not available. The
SKLMConfig.properties file might be write protected.
This message might provide additional information.
System action
System default retrieval fails.
Administrator response
Ensure that the SKLMConfig.properties file is write
enabled. You might restart the IBM Security Guardium Key Lifecycle
Manager server. Then, try the operation again.
Additional information in this message might guide your
response.
CTGKM0249E
Cannot add future write default.
Explanation
You might have specified a value that is not valid for a
future write default. Alternatively, IBM Security Guardium Key Lifecycle
Manager database might not be available or an internal
component such as the key server component returned an
error or was not available.
System action
The operation fails.
Administrator response
Ensure that your values for a future write default are valid. Ensure that the database is available.
If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.
CTGKM0250E
Cannot delete future write default.
Explanation
IBM Security Guardium Key Lifecycle Manager could not delete a future write default. There might
be additional information in this message.
System action
The future write
default is retained in the IBM Security Guardium Key Lifecycle Manager database.
Administrator response
Additional information in this message might guide
your response. Make appropriate changes. Then, try
the operation again.
CTGKM0251E Future write default's effective date cannot be later than the certificate expiration date.
Explanation
If the certificate expires before the future write default's effective date,
then this future write default will not be effective.
System action
Adjust the future write default's effective date.
Administrator response
Extend the certificate expiration date if necessary.
CTGKM0252E Algorithm type for
backup_file
application is not valid.
Explanation
This is not a valid algorithm type for the intended application. For IKEV2SERVER and
IKVE2CLIENT, the only algorithm type supported is ECDSA. Cannot import this key or
certificate for this application.
System action
Import operation fails.
Administrator response
Generate an ECDSA type of certificate or key for IKVE2SERVER or IKEV2CLIENT and then try
the import operation.
CTGKM0253E Device serial number for LTO base device
VALUE_0
must be either 10, 12 or 24 characters long, contain valid characters, and cannot have leading or trailing whitespace.
Explanation
The device serial number for a device must be either 10, 12 or 24 characters
in length and contain only allowed characters.
System action
The operation fails.
Administrator response
Ensure that the device serial number you enter is 10, 12 or 24 valid characters in
length and contains alphanumeric, period, dash, semicolon,
and underscore characters, or a space that is not in the
first or last position. Additional information in this
message might also guide your response. Correct the problem
and try the operation again.
CTGKM0255E Cannot delete key. Key is the last active member of a device.
Explanation
The current active member key of a device or group cannot be deleted.
System action
The key is not deleted.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM0256E Incorrect key size VALUE_0.
Explanation
This is not a valid key size type for the intended application. For IKEV2SERVER and
IKVE2CLIENT, the only key size supported is 521 bits. Cannot import this key or
certificate for this application.
System action
Import operation fails.
Administrator response
Generate correct size of ECDSA type of certificate or key for IKVE2SERVER or IKEV2CLIENT
and then try the import operation.
CTGKM0257E
Unable to accept the Pending Client Device Communication Certificate.
Explanation
The certificate name might already exist, the certificate material
might already exist under a different name, or the IBM Security Guardium Key
Lifecycle Manager database might not be available. There
might be additional information.
System action
Accept operation fails.
Administrator response
Determine if you specified a unique certificate name.
Alternatively, you might need to confirm that the
database is available. Additional information in this
message might also guide your response. Make
corrections. Then, try the operation again.
CTGKM0258E
Unable to reject the Pending Client Device Communication Certificate.
Explanation
The certificate might not exist, or the IBM Security Guardium Key Lifecycle
Manager database might not be available. There might be
additional information.
System action
Reject operation fails.
Administrator response
Refresh the page to determine if the certificate still
exists in the pending list.
Alternatively, you might need to confirm that the
database is available. Additional information in this
message might also guide your response. Make
corrections. Then, try the operation again.
CTGKM0259E
Unable to gather additional information on the selected Pending Client Device Communication Certificate.
Explanation
The certificate
information was not available from the database.
System action
View operation fails.
Administrator response
Ensure that the IBM Security Guardium Key Lifecycle Manager database is available.
Correct any database server runtime errors that you identify. Then, try the operation again.
CTGKM0260E
Keystore internal error occurred.
Explanation
An internal error occurred while creating or loading the keystore.
System action
Keystore operation fails.
Administrator response
Verify that IBM Security Guardium Key Lifecycle Manager is initialized correctly.
CTGKM0261E Alias {0} already exists.
System action
Keystore operation fails.
Administrator response
Specify a different alias.
CTGKM0262E The certificate expiration period cannot be later than VALUE_0 years. This value can be changed by use of the configuration parameter called maximum.keycert.expiration.period.in.years.
Explanation
The certificate expiration period cannot be later than the configured years. This value can be changed by use of the configuration parameter called maximum.keycert.expiration.period.in.years.
System action
Adjust the maximum.keycert.expiration.period.in.years if necessary.
Administrator response
Adjust the maximum.keycert.expiration.period.in.years if necessary.
CTGKM0263E
You have successfully restored your system from
backup_file
You will be required to manually restart the server as automatic restart failed.
Please refer to the Backup and restore section of IBM Security Guardium Key Lifecycle Manager documentation,
on how to start and stop the server on distributed systems.
Explanation
Backup was successfully restored but restart failed.
CTGKM0400E You must specify a value for:
VALUE_0
Explanation
You attempted to update a key value, but you specified
a null parameter.
System action
The key is not updated.
Administrator response
Enter a valid parameter value and try the update
operation again.
CTGKM0401E The alias name prefix (3 characters) is not alphabetic:
VALUE_0
Explanation
An alias prefix for a key must be three characters in
length, and the characters must be alphabetic, which are
the characters A-Z case insensitive.
System action
The key or keys are not created.
Administrator response
Specify a three character value for the key alias using the
alphabetic characters A-Z, which are case insensitive.
CTGKM0402E The alias range (
VALUE_0
,
VALUE_1
) is not valid.
Explanation
The first hexadecimal number in an alias range must
smaller than the last hexadecimal number that you
specify.
System action
The keys are not created in the specified range.
Administrator response
Ensure that the values that you specified for the alias
range are valid hexadecimal numbers, and that the
initial number is less than the final number in the
range. For example, specify a range such as xyz01-fff.
Then, try the operation again.
CTGKM0403E The alias does not contain all alphabetic characters:
VALUE_0
Explanation
The alias value must contain only alphabetic characters.
System action
The key or keys are not created.
Administrator response
Ensure that the value that you specified for the key
alias contains only alphabetic characters. Then, try the
operation again.
CTGKM0404E
The alias range length is too large.
Explanation
The alias range that you specified exceeds a IBM Security Guardium Key
Lifecycle Manager limit.
System action
The key or keys are not created.
Administrator response
Specify a smaller alias range. Then, try the operation
again.
CTGKM0405E The alias range end value must be greater than or equal to
the alias range start value.
Explanation
The last hexadecimal number in an alias range must
greater than or equal to the first hexadecimal number
that you specify.
System action
The keys are not created in the specified range.
Administrator response
Ensure that the values that you specified for the alias
range are valid hexadecimal numbers, and that the final
number is greater than or equal to the initial number in
the range. For example, specify a range such as
xyz01-fff. Then, try the operation again.
CTGKM0406E
The alias range is too large.
Explanation
The alias range that you specified exceeds a IBM Security Guardium Key
Lifecycle Manager limit.
System action
The keys are not created in the specified range.
Administrator response
Specify a smaller alias range. Then, try the operation
again.
CTGKM0407E The alias range string contains a non-hexadecimal value.
Explanation
The numbers that specify an alias range must be
hexadecimal numbers.
System action
The keys are not created in the specified range.
Administrator response
Specify an alias range using only hexadecimal values.
Then, try the operation again.
CTGKM0408E Cannot locate certificate chain with alias
VALUE_0
Explanation
The alias that you specified for a certificate does not
contain a certificate chain.
System action
The operation fails.
Administrator response
Ensure that the alias that you specified contains a
certificate chain. Then, try the operation again.
CTGKM0409E
Check the file name. Cannot export the key to
VALUE_0
.
Explanation
There is a write
error to the file on which an export operation was attempted. There is possibly an error in the
relative or full path, or the name of the file that IBM Security Guardium Key Lifecycle Manager creates to store private keys.
System action
The key is not exported.
Administrator response
Ensure that you correctly specified the relative or full path, and the name of the file to store the
exported keys. If you do not specify a path name, the value of the
SKLM_HOME directory is used. Then, try the operation again.
CTGKM0410E
Error occurred while exporting the key to output stream.
Explanation
The certificate
export operation did not write to the file on which an export operation was attempted. There is
possibly an error in the relative or full path, or the name of the file that IBM Security Guardium Key Lifecycle Manager creates to store the certificate.
System action
The certificate is not exported.
Administrator response
Ensure that the path and file name are correct. Then,
try the operation again.
CTGKM0411E Operation fails because
VALUE_0 is not a secret key entry in the keystore. Specify a valid secret key,
and retry the operation.
Explanation
The specified secret
key is not in the keystore.
System action
A secret key
operation fails, such as exporting a secret key.
Administrator response
Specify a valid secret key and retry the operation. Use the List Key REST Service to view the keys
contained in the keystore.
CTGKM0412E Operation fails because
VALUE_0 is not a private key entry in the keystore. Specify a valid private key,
and retry the operation.
Explanation
The specified private
key is not in the keystore.
System action
A private key
operation fails, such as exporting a private key to a PKCS12.
Administrator response
Specify a valid private key and retry the operation. Use the List Key REST Service to view the
private keys stored in the keystore.
CTGKM0413E
Unsupported private key algorithm:
VALUE_0
Explanation
This is not one of
the key algorithms that IBM Security Guardium Key Lifecycle Manager supports.
System action
The key operation fails. For example, you might be
trying to import a private key that does not match a
supported RSA or DSA algorithm.
Administrator response
Use a different key that complies with an asymmetric key algorithm that IBM Security Guardium Key Lifecycle Manager supports.
CTGKM0414E File size is zero.
Explanation
The specified key file is empty, from which you are
attempting to import a key. There is no data in the
file.
System action
The operation fails.
Administrator response
Ensure that the key file is correctly populated, and
that you have a valid key file from a trusted source.
Then, try the operation again.
CTGKM0415E Cannot find the file
VALUE_0
Explanation
The key file was not found during a key import
operation.
System action
The key import operation fails.
Administrator response
Ensure that you specified the correct path and filename.
Then, try the operation again.
CTGKM0416E Cannot find the
VALUE_0
in the specified group.
Explanation
The group member that you specified is not in the target
group.
System action
The operation fails.
Administrator response
Ensure that your specifications of both the group member
and the group are correct. You might first need to add
the member to the group. Then, try the operation again.
CTGKM0417E
Cannot delete a key from a device group.
Explanation
The database stores
group entries for keys in a key group type of group.
System action
The group entry delete operation fails.
Administrator response
Change your specification of the group type to a value
of key group. Then, try the operation again.
CTGKM0419E
Entry
VALUE_0
does not belong to any group.
Explanation
The database stores
entries in a group with a type of key group. The entry that you are attempting to delete was not
found in any type of group.
System action
The operation fails.
Administrator response
Ensure that your specification of the entry uuid and the
group name are correct. Then, try the operation again.
CTGKM0420E
Key group is empty.
Explanation
There are no keys in the group. This is an internal
message that the key server might issue to a log.
System action
The key operation fails.
Administrator response
You might need to add keys to the key group. The change is effective immediately. However, you might
need to restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the
operation again.
CTGKM0421E Error occurred while encrypting the key.
Explanation
Encryption failed during a secret key export operation
to a file. There might be a problem with the encryption
provider.
System action
The export operation fails.
Administrator response
Collect any information that might be in the audit log.
You might need to contact IBM Support.
CTGKM0422E Error occurred while encoding data in PKCS12 format.
Explanation
An exception occurred in internal processes.
System action
The private key and certificate are not encoded.
Administrator response
Collect any information that might be in the audit log
and contact IBM Support.
CTGKM0423E Error occurred while verifying the key and certificate.
Explanation
An exception occurred in internal processes.
System action
The certificate request that you submitted to a CA and
the certificate that returned, do not match. This might
be an internal processing error.
Administrator response
Collect any information that might be in the audit log
and contact IBM Support.
CTGKM0424E Error occurred while decrypting the secret key.
Explanation
An exception occurred in internal processes.
System action
The secret key was not decrypted. This might be an
internal processing error.
Administrator response
Collect any information that might be in the audit log
and contact IBM Support.
CTGKM0425E The alias prefix does not have 3 characters.
Explanation
An alias prefix for a key must be 3 characters in
length, and the characters must be alphabetic.
System action
The key or keys are not created.
Administrator response
Ensure that the value that you specified for the key
alias contains 3 alphabetic characters. Then, try the
operation again.
CTGKM0426E Cannot delete the certificate as it is associated with a
private key entry.
Explanation
You used the tklmCertDelete command to delete a
certificate that has a private key associated with the
certificate.
System action
The certificate was not deleted.
Administrator response
Use the tklmKeyDelete command to delete the key. The
alias for the certificate and the key are the same, and
are stored internally as a single entry.
CTGKM0427E Group name is longer than 64 characters:
VALUE_0
Explanation
The limit for a group name is 64 characters.
System action
The operation fails.
Administrator response
Specify a shorter group name that meets the character
limit. Then, try the operation again.
CTGKM0428E Default key group cannot be deleted.
Explanation
One or more devices use this key group as the default
from which to obtain keys.
System action
The key group delete operation fails.
Administrator response
Ensure that no device uses this key group as the default
from which to obtain keys. You might select another key
group as the default. Then, try the operation again.
CTGKM0429E Alias range does not start with 3-letter prefix.
Explanation
The alias range prefix must be 3 characters in length.
System action
The operation fails.
Administrator response
Specify a prefix that contains 3 characters for the
alias range. Then, try the operation again.
CTGKM0430E Alias range does not have a hexdecimal range separated by
dash.
Explanation
A dash is the required separator between hexadecimal
numbers in an alias range.
System action
The range of keys is not created.
Administrator response
Specify the alias range using a dash as the separator.
Then, try the operation again.
CTGKM0431E Starting with version 2, this message is deprecated. aliasOne attribute must be specified for DS8000® device.
Explanation
Starting with version 2, this message is deprecated. aliasOne is the required attribute for DS8000 device.
System action
The device is not created.
Administrator response
Specify the aliasOne attribute.
Then, try the operation again.
CTGKM0432E Rollover task for type VALUE_0
is already scheduled on effective date: VALUE_1
Explanation
Effective date is unique for each rollover type
System action
The rollover is not created.
Administrator response
Specify different rollover date and type.
Then, try the operation again.
CTGKM0433E Operation fails because the
country code: VALUE_0 is invalid. Specify a valid two-letters country code, and
retry the operation.
Explanation
The specified country
code is invalid as it does not have two letters.
System action
The certificate or
certificate request operation fails.
Administrator response
Specify a valid country code and retry the operation.
CTGKM0434E Cannot delete the key because it is the default symmetric key: VALUE_0
Explanation
The specified key is a default symmetric key.
System action
The delete operation failed.
Administrator response
Specify a different key and try the delete operation again.
CTGKM0435E All keys in the key group are used. There is no key available to use.
Explanation
All keys in the key group are used. There is no key available to use.
System action
The operation to get the next key failed
Administrator response
Add a new key to the key group and try to get a key again.
CTGKM0436E The key group cannot be deleted, but the key group members are deleted successfully.
Explanation
The key group is not deleted.
System action
The key group delete operation failed.
Administrator response
Examine the logs for information about the error. Make necessary corrections. Then, try the operation again. If the problem still exists, you might need to contact IBM Support.
CTGKM0437E The key group cannot be deleted, but some members may have been deleted.
Explanation
The key group is not deleted.
System action
The key group delete operation failed.
Administrator response
Examine the logs for information about the error. Make necessary corrections. Then, try the operation again. If the problem still exists, you might need to contact IBM Support.
CTGKM0438E The last key in the default key group cannot be deleted.
Explanation
The key is not deleted.
System action
The key delete operation fails.
Administrator response
The default key group needs to include at least one key.
CTGKM0439E Cannot delete the last key in the key group that is associated with a device.
Explanation
The key is not deleted.
System action
The key delete operation fails.
Administrator response
The key group associated with a device needs to include at least one key.
CTGKM0440E Cannot delete the last key in the key group VALUE_0 that is associated with a scheduled rollover.
Explanation
The key is not deleted.
System action
The key delete operation fails.
Administrator response
The key group associated with a rollover need to have at least one key.
CTGKM0441E Key Export only supports
IBMJCEPlus and IBMJCEPlusFIPS providers.
CTGKM0500E
A keystore already exists in
IBM Security Guardium Key Lifecycle Manager.
Explanation
Only one IBM Security Guardium Key Lifecycle Manager keystore can exist.
System action
The keystore add operation fails.
Administrator response
Use the existing IBM Security Guardium Key Lifecycle Manager keystore. You cannot add
an additional keystore. If you must use a new keystore, you must first remove the existing keystore
and add a new one. In a running production environment, do not modify the keystore name. If you must
modify the keystore name prior to production, ensure that you have a complete, current backup of
your IBM Security Guardium Key Lifecycle Manager configuration.
CTGKM0501E
No password.
Explanation
You must specify a
password for a IBM Security Guardium Key Lifecycle Manager keystore. The password must
at least 6 characters in length.
System action
The keystore operation fails.
Administrator response
Specify a password for the IBM Security Guardium Key Lifecycle Manager keystore. For
example, type a value such as my6pwd.
CTGKM0502E
Keystore name must be specified.
Explanation
You must specify a
name for a IBM Security Guardium Key Lifecycle Manager keystore. IBM Security Guardium Key Lifecycle Manager uses this name in the database as a descriptive
alias to identify the keystore.
System action
The keystore operation fails.
Administrator response
Specify a name as a descriptive alias for the IBM Security Guardium Key Lifecycle Manager keystore. For example, type mySKLMKeystore.
CTGKM0503E
Duplicate keystore name.
Explanation
A duplicate name
exists in the database for the value that you specified as a descriptive alias for an IBM Security Guardium Key Lifecycle Manager keystore.
System action
The keystore operation fails.
Administrator response
Type a unique value for the name of the IBM Security Guardium Key Lifecycle Manager
keystore. For example, type mySKLMKeystore.
CTGKM0504E Error occurred while creating the keystore:
Explanation
You might not have correctly specified the values needed
to add a file-based keystore.
System action
The keystore operation fails.
Administrator response
Ensure that you specified a unique value for the descriptive alias, the path and file name of the keystore, or the keystore type. For a RACF® keystore, you might have to specify the user ID or password differently. After modifying your entries, try the operation again.
CTGKM0505E Error occurred while loading the keystore:
Explanation
This error occurs when you attempt to read data from an
existing keystore.
System action
The keystore operation fails.
Administrator response
The data in the keystore might be corrupt, or the path
specification or password value might be incorrect. If
the keystore is corrupt, use a backup copy. Otherwise,
respecify the path or password values, and try the
operation again.
CTGKM0506E Internal database operation error.
Explanation
An unexpected database error occurred.
System action
The database operation did not complete as expected.
Administrator response
Collect any information that might be in the audit log and contact IBM Support.
CTGKM0507E Validation error on input:
Explanation
The value that you provided did not match an expected
value.
System action
The value was not written or retained.
Administrator response
Ensure that the value you provided is valid. Then, try
the operation again.
CTGKM0508E Failed to execute the command:
Explanation
There is an error in the values provided for the
tklmKeyStoreList command.
System action
The command operation fails.
Administrator response
Ensure that the command syntax and values are correct.
Then, try the command again.
CTGKM0509E Password cannot be shorter than 6 characters.
Explanation
The password strength rule requires a length of six or
more characters.
System action
The keystore operation fails.
Administrator response
Specify a password that is at least six characters in
length, and then try the operation again.
CTGKM0510E
Keystore file path name is not specified.
Explanation
You must specify a complete path to the keystore file.
System action
The keystore operation fails.
Administrator response
Specify a complete path to the keystore file, either as an absolute or relative path. Then, try the
operation again. As a relative path, for example, you might specify a file name in an existing
directory. IBM Security Guardium Key Lifecycle Manager appends the value of
SKLM_HOME as the relative path.
CTGKM0512E
Keystore type is not valid
KEYSTORE_TYPE
Explanation
You must specify a
keystore type that IBM Security Guardium Key Lifecycle Manager supports.
System action
The keystore operation fails.
Administrator response
Specify a supported keystore type. Then, try the
operation again.
CTGKM0513E
Cannot find MBean:
Explanation
This error might occur if you install IBM Security Guardium Key
Lifecycle Manager and then move or delete some of its
files.
System action
Internal descriptive files are not found.
Administrator response
Do not move or delete files from their installed
locations without explicit, authorized instructions. You
might need to contact IBM Support.
CTGKM0514E Target application usage must be specified.
Explanation
Usage specifies how
the certificate is used with a target application, either for secure communication using a TLS
server protocol, or for communication with a device.
System action
The certificate operation fails.
Administrator response
Specify a valid value for the certificate usage. Then,
try the operation again.
CTGKM0515E Certificate name must be specified.
Explanation
The name uniquely identifies the certificate within the
keystore.
System action
The certificate operation fails.
Administrator response
Specify the name for the certificate. Then, try the
operation again.
CTGKM0516E Common name must be specified.
Explanation
The common name (cn) is part of the unique
identification for the certificate. For example, the
value of cn is used in the subject name for a
certificate, which can identify whether a certificate
that is being imported matches an original certificate
request.
System action
The operation fails.
Administrator response
Specify the common name for the certificate. Then, try
the operation again.
CTGKM0517E Cannot form a valid X.500 name.
Explanation
One or more of the values for the subject fields is not
valid to generate a valid X.500 directory name, which
must be unique to identify a self-signed certificate as
an entry for a global directory service.
System action
The X.500 name is not created.
Administrator response
Ensure that you provided correct values for the subject
fields that comprise an X.500 name, such that a
certificate can be unambiguously identified. For
example, ensure that the value for the cn field is
unique, and that values are also complete in other
fields.
CTGKM0518E Keystore does not exist.
Explanation
A keystore must exist to contain the certificate. You
might have entered an incorrect keystore name, or used a
command that requires a value for the keystore, before
creating the keystore.
System action
The certificate operation fails.
Administrator response
Specify a valid, existing keystore. You might need to
create a keystore using either the tklmKeystoreAdd
command, or the graphical user interface. Then, try the
operation again.
CTGKM0520E Not the supported usage:
VALUE_0
Explanation
You specified an
unsupported value for the target usage. The target application specifies how the certificate is
used, either for secure communication using a TLS protocol, or for communication with a device such
as a tape drive.
System action
The certificate operation fails.
Administrator response
Specify a valid target application for which the
certificate is used. Then, try the operation again.
CTGKM0521E
Unsupported certificate format:
VALUE_0
Explanation
You specified an
value that is not valid for the certificate format. IBM Security Guardium Key Lifecycle Manager supports either a base64 and DER format for
certificates.
System action
The certificate operation fails.
Administrator response
Specify either base64 or DER as the certificate format.
Then, try the operation again.
CTGKM0522E Operation fails because the
certificate information is missing. Specify a valid certificate name, and retry the
operation.
Explanation
The certificate
operation fails because the certificate information is missing or null.
System action
The certificate
import operation fails.
Administrator response
Specify a valid certificate name and retry the operation. Use the Certificate List REST
Service to find or verify the certificate name.
CTGKM0523E Operation fails because the
keystore information is invalid or missing. Specify a valid keystore name, and retry the
operation.
Explanation
The certificate
import or keystore delete operation fails because the value of the keystore parameter is invalid or
missing.
System action
The certificate
operation fails.
Administrator response
Specify a valid keystore name and retry the operation. Use the Config Properties List REST
Service to verify the keystore name.
CTGKM0524E Operation fails because the
keystore name or UUID is invalid or missing. Specify a valid keystore name or UUID, and retry the
operation.
Explanation
The certificate
import or keystore delete operation fails because the value of the keystore parameter is invalid or
missing.
System action
The certificate
operation fails.
Administrator response
Specify a valid keystore name or UUID and retry the operation. Use the Config Properties
List REST Service to verify the keystore name.
CTGKM0525E Operation fails because the
parameter values are incorrect or missing. Specify valid parameter values, and retry the
operation.
Explanation
During general
validation, at least one value for a required parameter cannot be found for the Create
Certificate REST Service or Certificate Update REST
Service.
System action
The certificate operation fails.
Administrator response
Specify the missing value or values and retry the operation.
CTGKM0526E Certificate operation fails
because the certificate file name is missing. Specify the certificate file name, and retry the
operation.
Explanation
The certificate file
name must be specified for the Certificate Export REST Service or
Certificate Import REST Service.
System action
The certificate
operation fails.
Administrator response
Specify a valid certificate file name and retry the operation.
CTGKM0527E Certificate validity value
VALUE_0
is not valid
Explanation
The length of time in days that you specified for the
certificate does not fall within the expected range. The
value must be 1 or greater.
System action
The certificate operation fails.
Administrator response
Specify a valid length of time in days during which the
certificate can be used. Then, try the operation again.
CTGKM0528E Keystore name cannot exceed 64 characters.
Explanation
For the tklmKeystoreAdd command, you specified a
keystore name that exceeds a limit of 64 characters.
System action
The certificate operation fails.
Administrator response
Specify a keystore name that is 64 characters or less in
length. Then, try the operation again.
CTGKM0529E An error occurred generating certificate request.
Explanation
An exception occurred in internal processes.
System action
The certificate request is not created.
Administrator response
Verify the parameter values for the certificate request.
Then, try the operation again.
CTGKM0530E Cannot find the certificate.
Explanation
The value of the alias or uuid was not found when you
attempted an operation such as deleting, exporting, or
updating a certificate.
System action
The certificate operation fails.
Administrator response
Specify a valid alias or uuid for the target
certificate. Then, try the operation again.
CTGKM0531E Group delete operation fails
because the group UUID value is missing. Specify a valid UUID, and retry the operation.
Explanation
The group delete
operation requires a valid value for the UUID parameter.
System action
The group delete
operation fails.
Administrator response
Specify a valid group UUID value and retry the operation. Use the Group List REST
Service to view or verify the group UUID.
CTGKM0532E Compromise date cannot be later than today.
Explanation
The date on which you specify that a key or a
certificate is compromised cannot be a future date.
System action
The operation fails.
Administrator response
Specify a date that is not in the future, and then try
the operation again.
CTGKM0533E Activation date, retirement date, expiration date and
destroy date are not synchronized.
Explanation
There is a mismatch in dates between several parameters,
which must follow each other in time. A destroy date
value must occur after an expiration date value, for
example.
System action
The update certificate operation fails.
Administrator response
Enter values for dates that do not conflict in their
sequence on the calendar. Then, try the operation again.
CTGKM0534E Cannot reset activation date, old activation date has
passed:
Explanation
If the date of activation is older than the current
date, you cannot reset a new value for activation.
System action
The operation fails.
Administrator response
Use a different certificate. The activation date of this
certificate cannot be reset.
CTGKM0535E Cannot reset retirement date, old retirement date has
passed:
Explanation
If the date of retirement is older than the current
date, you cannot reset a new value for retirement.
System action
The operation fails.
Administrator response
Use a different certificate. This certificate is
retired, and the retirement date cannot be reset.
CTGKM0536E Cannot reset destroy date, old destroy date has passed:
Explanation
If the destroy date is older than the current date, you
cannot reset a new value for the destroy date.
System action
The operation fails.
Administrator response
Use a different certificate. The destroy date of this
certificate cannot be reset.
CTGKM0537E Cannot set state to be
VALUE_0
, current state is
VALUE_1
.
Explanation
The current state of the certificate cannot be reset to
the state that you specified. For example, you cannot
set the state of an active certificate to a pre-active
state.
System action
The operation fails.
Administrator response
Specify a different state for the certificate. Then, try
the operation again.
CTGKM0538E Error setting new state:
VALUE_0
, certificate is already compromised.
Explanation
A certificate that is in a compromised state cannot be set
to an earlier state.
System action
The operation fails.
Administrator response
Specify a subsequent state. Then, try the operation
again. Alternatively, you might need to use an
uncompromised certificate.
CTGKM0539E Error setting new state:
VALUE_0
, certificate is not compromised.
Explanation
A certificate must be in a compromised state before a
subsequent state can be set.
System action
The operation fails.
Administrator response
First, change the state of the certificate to
compromised. Then, try the operation again.
CTGKM0540E Certificate with alias VALUE_0 already exists in keystore.
Explanation
There is already a certificate in the keystore with the same alias as the one you are attempting to import.
System action
The operation fails.
Administrator response
Specify a different alias. Then, try the operation again.
CTGKM0541E uuid and certificate attributes must be specified.
Explanation
There might be an error in the uuid value for a
certificate.
System action
The operation fails.
Administrator response
Ensure that the uuid value of the certificate is valid.
Then, try the operation again.
CTGKM0542E
Not a
valid
encoded certificate file. Make sure to use the right file and it is not tampered or corrupted.
Explanation
The import operation determined that the certificate
file is not correctly encoded. It must be DER or base64
format.
System action
The operation fails.
Administrator response
Specify a certificate that has a DER or base64 format.
Then, try the operation again.
CTGKM0543E An error occurred importing certificate: {0}
Explanation
The certificate file might not exist, or you might have
made an error in specifying the file name of the
certificate.
System action
The operation fails.
Administrator response
Determine whether the certificate path and file name are
correct, and whether the file is corrupt. Correct the
problems. Then, try the operation again.
CTGKM0544E The certificate cannot be
retrieved from the keystore. Specify a valid certificate alias, and retry the operation.
Explanation
The certificate alias
is invalid or the keystore does not contain the target certificate.
System action
The operation
fails.
Administrator response
Ensure that the certificate alias is valid or the certificate is present in the keystore. Then,
retry the operation.
CTGKM0545E An error occurred exporting certificate.
Explanation
The file that you specified might be read-only, or you
do not have permission to write the file to a specific
location.
System action
The export operation fails.
Administrator response
Ensure that the file is write enabled, and that your
permissions are valid. Then, try the export operation
again.
CTGKM0546E Expiration date cannot be early than activation date:
VALUE_0
Explanation
The expiration date of a certificate must occur later in
time than the activation date.
System action
The operation fails.
Administrator response
Specify an expiration date that is later than the
activation date. Then, try the operation again.
CTGKM0547E Expiration date cannot be later than retirement date:
VALUE_0
Explanation
The expiration date of a certificate must occur earlier
in time than the retirement date.
System action
The operation fails.
Administrator response
Specify an expiration date that is earlier than the
retirement date. Then, try the operation again.
CTGKM0548E Expiration date cannot be later than destroy date:
VALUE_0
Explanation
The expiration date of a certificate must occur earlier
in time than the destroy date.
System action
The operation fails.
Administrator response
Specify an expiration date that is earlier than the
destroy date. Then, try the operation again.
CTGKM0549E Subject name of the certificate does not match subject name
in certificate request.
Explanation
The subject name of the certificate that returned from a
Certificate Authority does not match the subject name in
the original certificate request.
System action
The import operation fails.
Administrator response
Correct the file name or alias specification. Then, try
the operation again.
CTGKM0550E
Input value cannot be an empty string for parameter
VALUE_0
.
Explanation
The entry for the attribute name must not be blank or a
space.
System action
The operation fails.
Administrator response
Specify one or more valid characters for this entry.
Then, try the operation again.
CTGKM0551E Cannot find keystore provider for keystore type
VALUE_0
Explanation
The keystore type does not match the set of supported
providers.
System action
The operation fails.
Administrator response
Specify a supported keystore type. Then, try the
operation again.
CTGKM0552E
VALUE_0
type keystore is not supported.
Explanation
The keystore type is not in the set of supported
providers.
System action
The operation fails.
Administrator response
Specify a supported keystore type. Then, try the
operation again.
CTGKM0555E
Default property cannot be deleted:
VALUE_0
Explanation
You attempted to delete a property from the
SKLMConfig.properties file that IBM Security Guardium Key Lifecycle
Manager uses as a default property.
System action
The configuration operation fails.
Administrator response
Ensure that the property you intend to delete is a
customized property, or a property other than a default
property. Then, try the delete operation again.
CTGKM0556E
The property cannot be found
in the configuration properties file: VALUE_0. Specify a valid property, and
retry the operation.
Explanation
The Delete
Config Property REST Service cannot delete the property because the property does not
exist in the properties file.
System action
The configuration operation fails.
Administrator response
Ensure that the property exists in the properties file. You might use the Multiple Config
Properties REST Service to list the contents of the properties file. Specify a valid
target property and retry the delete operation.
CTGKM0557E
Cannot delete config.keystore.name property in configuration
file
Explanation
You attempted to
delete the config.keystore.name property from the SKLMConfig.properties file. IBM Security Guardium Key Lifecycle Manager must use this property to identify the keystore.
System action
The configuration operation fails.
Administrator response
You might change the value of the config.keystore.name property, but you cannot delete the property
itself. In a running production environment, do not modify the keystore name. If you must modify the
keystore name prior to production, ensure that you have a complete, current backup of your IBM Security Guardium Key Lifecycle Manager configuration.
CTGKM0559E Group name and type must be specified.
Explanation
The group name is missing, or the group type is not
valid.
System action
The operation fails.
Administrator response
Specify a value for the group name and a valid group
type. Then, try the operation again.
CTGKM0560E
VALUE_0
cannot be null.
Explanation
A value other than a space or blank is required.
System action
The operation fails.
Administrator response
Specify a supported value that is not a blank or a
space. Then, try the operation again.
CTGKM0561E Unsupported group type:
VALUE_0
Explanation
The value that you specified for the group type is not
supported.
System action
The operation fails.
Administrator response
Specify a supported value for a group type, such as
keygroup. Then, try the operation again.
CTGKM0562E The group cannot be found:
VALUE_0. Specify a valid group name, and retry the operation.
Explanation
The specified value
of the group name does not match an existing group. The group name is either incorrect or does not
exist in the specified group type.
System action
The operation
fails.
Administrator response
Specify a group that exists in the group type that you intend to use and retry the operation. Use
the Group List REST Service to verify that the group exists in the group type.
CTGKM0563E Cannot add a key to a device group.
Explanation
The value of the group type is incorrect.
System action
The operation fails.
Administrator response
Specify keygroup as the group type. Then, try the
operation again.
CTGKM0564E The entry cannot be identified:
VALUE_0. Specify a valid entry, and retry the operation.
Explanation
The specified value
of the entry does not match an existing certificate, key, or device. The specified certificate, key,
or device identifier is either incorrect or does not exist in the entry type.
System action
The operation
fails.
Administrator response
Specify an entry that exists in the entry type that you intend to use. If you are deleting an entry
from a group, use the Key List REST Service to verify that the entry exists in the group. Then,
retry the operation.
CTGKM0565E The key cannot be found:
VALUE_0. Specify a valid key, and retry the operation.
Explanation
The specified key
value does not match an existing key.
System action
The operation
fails.
Administrator response
Specify a key that exists in the type that you intend to use. If you are deleting a key from a
group, use the Group List REST Service or Key List REST
Service to verify that the key exists. Then, retry the operation.
CTGKM0566E Cannot add a certificate to a device group.
Explanation
The value of the group type is incorrect.
System action
The operation fails.
Administrator response
Specify keygroup as the group type. Then, try the
operation again.
CTGKM0567E The certificate cannot be
found: VALUE_0. Specify a valid certificate value, and retry the operation.
Explanation
The specified
certificate value does not match an existing certificate.
System action
The operation
fails.
Administrator response
Specify a valid certificate value and retry the operation. Use the Certificate List REST
Service to verify that the certificate exists.
CTGKM0569E The device cannot be found:
VALUE_0. Specify a valid device value, and retry the operation.
Explanation
The specified device
value does not match an existing device.
System action
The operation
fails.
Administrator response
Specify a valid device value and retry the operation. Use the Device List REST
Service to verify that the device exists.
CTGKM0570E Failed to add group entry.
Explanation
The entry was not added to the group. This might be an
internal error.
System action
The operation fails.
Administrator response
The audit log might contain information about the error. Collect the information and contact IBM Support.
CTGKM0571E File already exists:
VALUE_0
Explanation
The file that you are attempting to export matches the
name of an existing file.
System action
The operation fails.
Administrator response
Specify a different path and file name. Then, try the
operation again.
CTGKM0580E Operation fails because the
keystore name or certificate alias is missing. Specify a valid keystore name or certificate alias,
and retry the operation.
Explanation
The keystore name or
the certificate alias is not specified.
System action
The operation
fails.
Administrator response
Specify a valid keystore name and certificate alias and retry the operation.
CTGKM0581E
Internal key server exception.
Explanation
The IBM Security Guardium Key Lifecycle Manager data store returned an error when attempting to
delete a certificate.
System action
The operation fails.
Administrator response
The audit log might contain information about the error.
Collect the information and contact IBM Support.
CTGKM0582E Wrong password.
Explanation
The existing keystore password that you provided did not
match the actual password.
System action
The operation fails.
Administrator response
Specify the correct password value for the keystore.
Then, try the operation again.
CTGKM0583E Group already exists:
VALUE_0
Explanation
The group that you are attempting to create already
exists.
System action
The operation fails.
Administrator response
Specify an alternative name for the group. Then, try the
operation again.
CTGKM0584E The key in the certificate to be imported does not match the
key in the original certificate request.
Explanation
The key of the certificate that returned from a
Certificate Authority does not match the key in the
original certificate request.
System action
The operation fails.
Administrator response
Import the certificate response using an alias that
corresponds to this response. Then, try the operation
again.
CTGKM0585E Error occurred while verifying the key and certificate.
Explanation
This is an internal database error.
System action
The operation fails.
Administrator response
The audit log might contain information about the error. Collect the information and contact IBM Support.
CTGKM0586E Operation fails because the
keystore name or key alias is incorrect or missing. Specify a valid keystore name or key alias, and
retry the operation.
Explanation
The keystore name or
the key alias value is incorrect or missing. To list or delete a key, all required values, such as
the keystore name must be correctly specified.
System action
The operation
fails.
Administrator response
Specify a valid keystore name and key alias, and retry the operation. Use the Key List REST
Service to view the keys that are currently in the keystore.
CTGKM0587E Alias
VALUE_0
does not exist in the keystore
VALUE_1
Explanation
The key alias is incorrectly specified. The alias does
not exist in the specified keystore.
System action
The operation fails.
Administrator response
Ensure that the alias value is correct. Then, try the
operation again.
CTGKM0588E Error occurred while loading data from the file
VALUE_0
Explanation
This is an error in reading data from a key or
certificate file.
System action
The operation fails.
Administrator response
Ensure that the path and filename are correct. Then, try
the operation again.
CTGKM0589E Error occurred while retrieving the entry
VALUE_0
from the keystore
VALUE_1
Explanation
Both the path name and the keystore password must be
correctly specified.
System action
The operation fails.
Administrator response
Ensure that the keystore path name and password are
valid. Then, try the operation again.
CTGKM0590E The file does not have any data.
Explanation
An attempt was made to import a private key from a
private key file. The private key file is empty.
System action
The operation fails.
Administrator response
Ensure that you specified a file that contains the
desired private key. Then, try the operation again.
CTGKM0591E
Import operation fails because
VALUE_0 has more than one key entry. Only one key can be imported at a time.
Explanation
The Key Import REST
Service is used to import a PKCS12 file that contains more private key entries than supported. Only
one private key can be imported using this operation.
System action
The import key
operation fails.
Administrator response
Import the key from a file that contains only one private key, and retry the operation.
CTGKM0592E Import operation fails because
the key alias already exists: VALUE_0. Specify a different alias, and retry the
operation.
Explanation
The specified key
alias already exists in the keystore.
System action
The import key
operation fails.
Administrator response
Specify a different key alias and retry the operation. Use the Key List REST
Service to view the keys that are currently in the keystore.
CTGKM0593E Entry in
VALUE_0
is not the private key entry.
Explanation
You attempted to import a private key. However, the
entry in the PKCS12 file is not a private key entry. It
might be a certificate entry.
System action
The operation fails.
Administrator response
You might need to obtain a different file, and validate
that the file has a private key. Then, try the operation
again.
CTGKM0594E No private key entry in the file
VALUE_0
Explanation
You attempted to import a private key. However, there is
no private key entry in the PKCS12 file.
System action
The operation fails.
Administrator response
You might need to obtain a different file, and validate
that the file has a private key. Then, try the operation
again.
CTGKM0595E Key alias cannot exceed 12 characters in length.
Explanation
A key alias for a set of multiple keys has a prefix that
must be 3 characters long. If you create only one key,
the value for the alias cannot exceed 12 characters.
System action
The secret key or keys are not created.
Administrator response
Specify an alias that does not exceed the character
limit. Then, try the operation again.
CTGKM0596E Alias
VALUE_0
already exists in the keystore
VALUE_1
Explanation
You attempted to generate a key, but the key alias
already exists in the keystore. A different alias is
required.
System action
The secret key or keys are not created.
Administrator response
Specify a different alias. Then, try the operation
again.
CTGKM0597E Error occurred while generating the secret key.
Explanation
The Java™ Cryptography Extension attempted to generate a secret key, but the process failed.
System action
The secret key or keys are not created.
Administrator response
Try the operation again. If the problem continues, collect any information that might be in the audit log and then contact IBM Support.
CTGKM0598E Operation fails because the
number of keys is invalid. Ensure that the number of keys is not smaller than 1 or greater than
9999, and retry the operation.
Explanation
For the
Secret Key Create REST Service, the value for the numOfKeys
parameter must be a positive integer. It cannot be smaller than 1 or greater than 9999.
System action
The secret keys are
not created.
Administrator response
Specify a value for the number of keys that is not smaller than 1 or greater than 9999, and retry
the operation.
CTGKM0599E Unable to add the key to the keystore because of an internal error. Refer to the logs for
more information. Correct the errors, and retry the operation.
Explanation
The Secret Key Create REST Service or Key Import REST
Service failed to add a key to the keystore.
System action
The secret key or keys are not added to the keystore.
Administrator response
Refer to the logs for more information. Correct the errors, and retry the
operation.
CTGKM0600E
Method Not Implemented:
VALUE_0
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates when a method call encounters an error
condition.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the method call. You might need to contact IBM Support.
CTGKM0601E
An error occurred adding/updating value for attribute
VALUE_0
Explanation
An attempt was made to write a null value to the
SKLMConfig.properties file. The file might be write
protected. Alternatively, an internal component such as
the key server component returned an error or was not
available.
System action
The operation fails.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you
might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the
operation again. If the problem continues, examine the audit log for exception information about the
update to the attribute. Make necessary corrections. Then, try the operation again. You might need
to call IBM Support.
CTGKM0602E An error occurred getting the value for attribute
VALUE_0
Explanation
An attempt was made to read a value from the
SKLMConfig.properties file. You might not be
authorized to read the SKLMConfig.properties file.
System action
The operation fails.
Administrator response
Ensure that you have the correct authorization. If the problem continues, examine the audit log for exception information about the error. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.
CTGKM0603E
An error occurred deleting attribute
VALUE_0
Explanation
An attempt was made to delete an attribute value from
the SKLMConfig.properties file. The file might be
write protected. Alternatively, an internal component
such as the key server component returned an error or was
not available.
System action
The operation fails.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you
might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the
operation again. If the problem continues, examine the audit log for exception information about the
update to the attribute. Make necessary corrections. Then, try the operation again. You might need
to call IBM Support.
CTGKM0604E An error occurred merging configuration with file
VALUE_0
Explanation
Merging in this context means that a problem occurred in
merging two configuration files. This might occur during
migration of configuration data from an existing
Encryption Key Manager server. Data was not written from
an existing configuration file into a new
SKLMConfig.properties file. The new file might write
protected, or you might not have sufficient authority.
System action
The operation fails.
Administrator response
Ensure that the SKLMConfig.properties file is write enabled and that you have appropriate access to the file. You might also examine the audit log for exception information. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.
CTGKM0605E An error occurred replacing configuration file with file
VALUE_0
Explanation
Configuration file replacement might occur during
migration of configuration data from an existing
Encryption Key Manager server. You might not have
sufficient authority to replace the configuration file.
System action
The operation fails.
Administrator response
Ensure that you have appropriate access to the file. You might also examine the audit log for exception information. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.
CTGKM0615E Keystore password cannot exceed 175 single-byte or 87 double-byte characters.
Explanation
Keystore password cannot exceed 175 single-byte or 87 double-byte characters.
System action
Keystore password update fails.
Administrator response
Enter a password not greater than 175 single-byte or 87 double-byte characters.
CTGKM0616E Device with UUID VALUE_0 does not belong to the device group VALUE_1.
Explanation
The device with the specified UUID does not belong to the specified device group.
System action
Device list fails.
Administrator response
Enter the correct device group, or leave it blank.
CTGKM0617E authorization.provider.class cannot be a numeric string.
Explanation
authorization.provider.class cannot be a numeric string.
System action
The operation fails.
Administrator response
Specify a non-numeric value.
CTGKM0618E
VALUE_0 can only be positive integer.
Explanation
The value must be an integer greater than zero.
System action
The operation fails.
Administrator response
Specify a positive integer.
CTGKM0620E
Error parsing XML template.
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates after problems occur reading an XML
template file that has syntax errors.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the XML parsing error. You might need to contact IBM
Support.
CTGKM0621E
Error in XML element
VALUE_0
, expecting
VALUE_1
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates after problems occur reading an XML
template file that has errors.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the error. You might need to contact IBM Support.
CTGKM0622E
XML attribute
VALUE_0
missing for element
VALUE_1
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates after problems occur reading an XML
template file that has errors.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the error. You might need to contact IBM Support.
CTGKM0623E
Error in XML template attribute value
VALUE_0
for attribute
VALUE_1
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates after problems occur reading an XML
template file that has errors.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the error. You might need to contact IBM Support.
CTGKM0624E
Template
VALUE_0
not found.
Explanation
This is an internal message that IBM Security Guardium Key Lifecycle
Manager generates after problems occur attempting to
read an XML template file.
System action
The operation fails.
Administrator response
This error should not occur in your environment. First,
examine the audit log for exception information about
the error. You might need to contact IBM Support.
CTGKM0630E Validation error:
VALUE_1 for parameter VALUE_0. Specify a valid value for the
parameter and retry the operation.
Explanation
The validation error
occurs if the specified parameter value is invalid.
System action
The operation
fails.
Administrator response
Specify a valid value for the parameter and retry the operation.
CTGKM0631E Missing required parameter
VALUE_0
.
Explanation
The value that you specified for the required parameter
is blank or missing.
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM0632E Missing required
VALUE_0
parameter
VALUE_1
Explanation
The required parameter value is blank or missing.
System action
The operation fails.
Administrator response
Specify a valid value for the required parameter. Then,
try the operation again.
CTGKM0633E
Validation error:
VALUE_1
is invalid for parameter
VALUE_0
VALUE_2
. Specify one of these valid values:
Explanation
The value that you specified for the parameter is not
valid.
System action
The operation fails.
Administrator response
Ensure that the value that you specified is valid. Then,
try the operation again.
CTGKM0634E Validation Error:
VALUE_1 for parameter VALUE_0 must be 16 characters long and
contain valid characters. Specify a valid value for the parameter and retry the operation.
Explanation
The validation error
occurs when the parameter value is invalid.
System action
The operation
fails.
Administrator response
Specify a valid value for the parameter and retry the operation.
CTGKM0635E Incorrect syntax for required parameter attribute. Syntax is {attribute1}{attribute2}..{attributeN}.
Explanation
The syntax for the parameter 'attribute' was incorrect.
System action
The operation fails.
Administrator response
Correct the syntax, and try again.
CTGKM0640E Certificate Request file already exists:
VALUE_0
Explanation
The file name that you specified in the certificate
request matches a certificate request file name that
currently exists.
System action
The operation fails.
Administrator response
Specify a different file name for the certificate
request. For example, specify myUniqueRequest.crt. Then,
try the operation again.
CTGKM0641E Error in writing file
VALUE_0
:
VALUE_1
Explanation
You might not have authorization to write a certificate
request file, or the path name that you specified is
incorrect.
System action
The operation fails.
Administrator response
Ensure that you have appropriate access to the file, and that the path and file names are correctly specified. Then, try the operation again. You might also examine the audit log for exception information about the file operation. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.
CTGKM0645E The device
VALUE_0 cannot be found. Specify a valid device value, and retry the operation.
Explanation
The operations fails
to read the device information because the identifier for the device does not match an existing
device serial number. This is an internal error.
System action
The operation fails.
Administrator response
Ensure that the device value matches an existing device. Also, ensure that the specified type
matches the device group. Use the Device List REST Service to identify existing devices in a group.
Then, retry the operation.
CTGKM0650E
Error while attempting to encrypt a file using
algorithm:
error_msg
Explanation
Error occurred while attempting to encrypt a file using
algorithm
System action
Operation invoking the encryption fails.
Administrator response
Error can occur for a number of reasons: missing algorithm, incorrect algorithm parameter, incorrect
encryption key or key specification (password), incorrect padding mechanism. This error is not
expected to occur. If it does, the IBM Security Guardium Key Lifecycle Manager
administrator should investigate the cause.
CTGKM0651E
Error while attempting to decrypt a file using
algorithm:
error_msg
Explanation
This error occurred while attempting to decrypt a file
using the algorithm.
System action
The operation fails.
Administrator response
This error can occur for a number of reasons: missing algorithm, incorrect algorithm parameter,
incorrect encryption key or key specification (password), or an incorrect padding mechanism. This
error is not expected to occur. If it does, the IBM Security Guardium Key Lifecycle Manager administrator should investigate the cause.
CTGKM0660E tklmCertList supports the optional parameters -usage and -v, and these parameter combinations: No parameters; or -uuid; or -alias and -keystoreName; or -attributes.
Explanation
The command failed because the combination of parameter
values that you specified is not valid.
System action
The operation fails.
Administrator response
Specify no parameter, or specify a value for alias, or
specify an attribute, or specify both a uuid and
keystoreName. Then, try the operation again.
CTGKM0704E Group name cannot contain \' \\ \'.
Explanation
The group name must not contain the characters \' \\ \' in the name.
System action
The operation fails.
Administrator response
Specify a group name that does not contain \' \\ \'. Then, try the operation again.
CTGKM0705E Operation fails because either
the group name or group UUID is missing. Specify either group name or group UUID, and retry the
operation.
Explanation
The operation
requires either the group name or the group UUID.
System action
The operation fails.
Administrator response
Specify either a group name or group UUID and retry the operation.
CTGKM0706E The key group with the name
VALUE_0
does not have the UUID
VALUE_1.
Explanation
The specified group name and group UUID do not match.
System action
The operation fails.
Administrator response
Correct the group name or UUID, or specify only one of the two. Then, try the operation again.
CTGKM0742E Key type not valid:
VALUE_0.
Explanation
Key type entered is not valid.
System action
Key operation fails.
Administrator response
Check the logs for more information.
CTGKM0750E Validation Error:
VALUE_0 for compromised. Specify a value of y for the compromised attribute, and
retry the operation.
Explanation
When using the
Certificate Update REST Service to specify that a certificate is compromised, the
only valid value is y (compromised). A compromised certificate cannot be changed to an uncompromised
state.
System action
The certificate
state is not changed.
Administrator response
Specify a value of y for the compromised attribute and retry the operation.
CTGKM0751E Failed to update the state of
the certificate because of conflicting parameter values. Specify a value of y for the trusted
attribute only if the certificate is not marked as compromised.
Explanation
When using the
Certificate Update REST Service to specify that a certificate is compromised, the certificate cannot
be marked as trusted. A certificate can only be marked as trusted if it is not in the expired,
retired, or compromised state.
System action
The operation to
change the certificate state fails.
Administrator response
Do not specify a value of y for the trusted attribute if the certificate needs to be marked as
compromised.
CTGKM0752E Validation Error:
VALUE_0 for trusted. Specify a value of y or n for the trusted attribute, and
retry the operation.
Explanation
To specify if a
certificate is trusted or not, the Certificate Update REST Service supports only two valid values: y
(trusted) or n (not trusted).
System action
The certificate
attribute is not changed.
Administrator response
Specify a value of y or n for the trusted attribute and retry the operation.
CTGKM0753E Operation failed because the
certificate is not in a valid state to be marked as trusted. Check the state of the certificate and
mark it as trusted if the certificate state is not compromised, destroyed, expired or retired.
Explanation
If the certificate is
in a compromised, destroyed, expired or retired state, then it cannot be marked as trusted. Only
certificates that are in an active or pre-active state can be marked as trusted.
System action
The certificate
attribute is not changed.
Administrator response
Check the state of the certificate using the Certificate List REST Service. Mark the certificate as
trusted if the certificate state is not compromised, destroyed, expired or retired.
CTGKM0758E
Certificate with alias
VALUE_0
cannot
be deleted because this certificate is specified as an
TLS/KMIP or IKEv2-SCSI certificate and is in use.
Explanation
Using the tklmCertDelete command, you cannot delete a
certificate that is specified as the TLS/KMIP or
IKEv2-SCSI certificate.
System action
The certificate delete operation fails.
Administrator response
Specify a different certificate as the TLS/KMIP or
IKEv2-SCSI certificate. Ensure that the certificate that you intend to
delete no longer has the specification. Then, try the
operation again.
CTGKM0759E
Key with alias
VALUE_0
cannot
be deleted because the certificate associated with this key is
specified as an TLS/KMIP or IKEv2-SCSI certificate and is in use.
Explanation
Using the tklmKeyDelete command, you cannot delete a key for
which certificate is specified as the TLS/KMIP or IKEv2-SCSI certificate.
System action
The key delete operation fails.
Administrator response
Specify a different certificate as the TLS/KMIP or IKEv2-SCSI certificate.
Ensure that the key that you intend to delete no longer has
the specification. Then, try the operation again.
CTGKM0760E Certificate with alias =
VALUE_0 cannot be deleted because this certificate is specified as a default or
partner certificate. Specify a different certificate as default or partner, and retry the operation.
Explanation
The certificate is
specified as the system default or partner certificate and hence, cannot be deleted.
System action
The certificate delete operation fails.
Administrator response
Specify a different certificate as the system default or partner certificate. Ensure that the
certificate that you intend to delete is not a default or partner certificate. Then, retry the
operation.
CTGKM0761E The key with alias =
VALUE_0 cannot be deleted because the certificate associated with this key is
specified as a default or partner certificate. Ensure that the key is not associated with a system
default or partner certificate, and retry the operation.
Explanation
The specified key is
associated with a system default or partner certificate and hence, the key cannot be deleted.
System action
The key delete operation fails.
Administrator response
Specify a different certificate as the system default or partner. Ensure that the key that you
intend to delete is not associated with a system default or partner certificate, and retry the
operation.
CTGKM0775E Operation failed because it is
not supported in FIPS mode. Change the value of the FIPS property to off and restart the server
before using this operation.
Explanation
Algorithms used by
this operation are not supported in a FIPS mode environment.
System action
The operation
fails.
Administrator response
Change the value of the FIPS property to off and restart the server before using this operation.
CTGKM0776W The number of device audit entries returned reaches the limit of 2000 records.
Only the first 2000 entries are displayed.
You might need to specify a different filter for your search.
Explanation
The list operation only fetches the first 2000 rows.
System action
The first 2000 entries are displayed.
Administrator response
The result set reached the 2000 entries limit. Specify a different filter, and try the operation again.
CTGKM0800E Unable to add device because a
device with the same primary key exists in the table VALUE_0. Specify a different primary key, and
retry the operation.
Explanation
With the
Device Add REST Service, you can add a primary key to the database that uniquely
represents a device with a combination of several parameters (serialNumber,
type, and worldwideName). The add operation fails because
the primary key and device already exist in the database.
System action
The device add
operation fails.
Administrator response
Specify a different primary key for the device that you intend to add and retry the operation.
CTGKM0801E
A key group name and a key alias cannot be same in the
IBM Security Guardium Key Lifecycle Manager database.
Specify a unique key group name and try again.
Explanation
Before creating
metadata for a key, IBM Security Guardium Key Lifecycle Manager verifies that a key group does not
already exist with the same name as the alias. Similarly, before creating a key group, the IBM Security Guardium Key Lifecycle Manager verifies that a key does not exist with the same
alias as the group name.
System action
The create operation fails.
Administrator response
If you are creating a key, specify a different alias
name. If you are creating a key group, specify a
different key group name.
CTGKM0802E
The backup program could not determine the database name
from the data source URL:
VALUE_0
Explanation
The IBM Security Guardium Key Lifecycle Manager determines the name of database to backup by parsing
the data source URL that was specified during the installation of the database. The backup program
failed because the database name could not be determined.
System action
The database backup operation fails.
Administrator response
Verify that the data source URL is correctly specified. Then, try the operation again.
CTGKM0803E
The backup program could not determine the directory to
which database files will be saved.
Explanation
IBM Security Guardium Key Lifecycle Manager determines the directory to save the files by using
the datastore.properties file. The backup program failed because the directory could not be
determined.
System action
The database backup operation fails.
Administrator response
Verify that the IBM Security Guardium Key Lifecycle Manager has been configured
correctly and the correct value for the tklm.backup.db2.dir property exists in the properties file.
CTGKM0804E
The backup program failed because archival logging has not
been enabled.
Explanation
The IBM Security Guardium Key Lifecycle Manager requires that archival logging is enabled for the
IBM Security Guardium Key Lifecycle Manager in order to perform an online backup. The
installation program enables the archival logging.
System action
The database backup operation fails.
Administrator response
Verify that the IBM Security Guardium Key Lifecycle Manager has been configured
correctly and that archival logging is enabled. To determine the logging method that Db2 currently uses, run this command: db2 get db
cfg for sklmdb
CTGKM0805E
The backup program failed because the backup program could
not write to the directory that was specified for the
database files.
Explanation
IBM Security Guardium Key Lifecycle Manager
Explanation
requires that
directory that is specified in the datastore.properties file exists for the property
tklm.backup.db2.dir and is writeable. The Db2
backup utility found an error in the specified directory.
System action
The database backup operation fails.
Administrator response
Verify that the directory specified in the properties
file exists and is writeable.
CTGKM0806E
An error occurred reading the sklm.properties file.
Explanation
IBM Security Guardium Key Lifecycle Manager reads the sklm.properties file to determine
appropriate parameters to perform a database restore operation. An error occurred while reading this
file.
System action
The database restore operation fails.
Administrator response
Ensure that the sklm.properties file is read enabled. If an internal component failed, you might
restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation
again. If the problem continues, examine the audit log for exception information. Make necessary
corrections. Then, try the operation again. You might need to contact IBM Support.
CTGKM0807E An error occurred getting the value for attribute
VALUE_0
Explanation
An attempt was made to read a value from the
sklm.properties file. You might not be authorized to read
the sklm.properties file.
System action
The database restore operation fails.
Administrator response
Ensure that you have the correct authorization. If the problem continues, examine the audit log for exception information about the error. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.
CTGKM0808E
The restore program could not determine the directory from
which to restore database files.
Explanation
IBM Security Guardium Key Lifecycle Manager determines the directory to restore the file from
arguments specified to the restore program. If the arguments are not specified, it determines the
directory from the datastore.properties file. The restore program failed because the directory could
not be determined.
System action
The database restore operation fails.
Administrator response
Verify that IBM Security Guardium Key Lifecycle Manager has been configured correctly
and a valid tklm.backup.db2.dir value exists in the datastore.properties file.
CTGKM0809E
A null value was specified for the timestamp associated with
the previously saved database files.
Explanation
IBM Security Guardium Key Lifecycle Manager determines the timestamp to restore the file from
arguments specified to the restore program. The restore program failed because the timestamp could
not be determined.
System action
The database restore operation fails.
Administrator response
Verify that IBM Security Guardium Key Lifecycle Manager has been configured correctly.
CTGKM0850E
An exception occurred during
the restore operation. Examine the db2restore.log for exception information. Complete the restore
operation before attempting any other IBM Security Guardium Key Lifecycle Manager
tasks.
Explanation
IBM Security Guardium Key Lifecycle Manager encountered an exception.
System action
The database restore operation fails.
Administrator response
Ensure that you have configured IBM Security Guardium Key Lifecycle Manager correctly.
If the problem continues, examine the db2tklmrestore log for exception information about the error.
Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.
CTGKM0851E The group cannot be created because an entity (key) cannot be in multiple key groups. The entity
VALUE_0 is
already a member of the group
VALUE_1.
Explanation
While creating a group, you specified an entity that already exists in another group. The entity cannot not be in multiple groups.
System action
The group creation operation fails.
Administrator response
Specify an entity (key) that does not exist in another group. Then, try the operation again.
CTGKM0852E The specified entity (key) VALUE_0 cannot be added to the group because the entity cannot be in multiple groups.
The entity is already a member of the group VALUE_1.
Explanation
While adding an entity to a group, you specified an entity that already exists in another group. The entity cannot not be in multiple groups.
System action
The group creation operation fails.
Administrator response
Specify an entity (key) that does not exist in another group. Then, try the operation again.
CTGKM0900E
Database connection failed on data source
VALUE_0
.
Check to see if database server needs to be restarted or if database user's password needs to be updated.
Explanation
The database may be
down or the database user's password for accessing the IBM Security Guardium Key Lifecycle Manager database might need to be updated.
System action
The database operation fails.
Administrator response
Verify that the database is up or check if the database user's password for accessing the IBM Security Guardium Key Lifecycle Manager database might need to be updated, for example,
after a mandated password change on the corresponding operating system account.
CTGKM0901E
Backup operation fails because
the backup directory cannot be resolved. Specify a valid backup directory name and path, and retry
the operation.
Explanation
The name or path of
the backup directory is invalid, and hence could not be resolved.
System action
The backup
operation fails.
Administrator response
Specify a valid backup directory and retry the operation.
CTGKM0902E
Default backup directory cannot be determined:
VALUE_0
.
Explanation
The configuration property tklm.backup.dir cannot be
found.
System action
The IBM Security Guardium Key Lifecycle Manager backup operation fails.
Administrator response
Ensure that the tklm.backup.dir parameter is set in the
configuration file or provide the backupDirectory
parameter to the backup operation.
CTGKM0903W
IBM Security Guardium Key Lifecycle Manager restore is already in progress.
Explanation
Only one restore/backup operation is allowed at any
given time.
System action
The requested operation will not be performed.
Administrator response
Wait until the operation completes.
CTGKM0904W
IBM Security Guardium Key Lifecycle Manager backup is already in progress.
Explanation
Only one restore/backup operation is allowed at any
given time.
System action
The requested operation will not be performed.
Administrator response
Wait until the operation completes.
CTGKM0905E Backup of
VALUE_0
failed:
VALUE_1
.
Explanation
Backup failed unexpectedly.
System action
Backup fails.
Administrator response
Check the log entries to find out the reason for backup
failure.
CTGKM0906E
Specified backup file does not exist:
VALUE_0
.
Explanation
The backup file does not exist.
System action
The IBM Security Guardium Key Lifecycle Manager restore operation fails.
Administrator response
Make sure that the backup file path provided to the
restore operation is valid.
CTGKM0907E Restore of
VALUE_0
failed:
VALUE_1
.
Explanation
Restore failed unexpectedly.
System action
Restore fails.
Administrator response
Check the log entries to find out the reason for restore
failure.
CTGKM0908E Error reading manifest from the backup jar file:
VALUE_0
.
Explanation
Backup manifest could be corrupted or incorrect for
unknown reasons.
System action
Restore fails.
Administrator response
Check the log entries to find out the reason for restore
failure.
CTGKM0909E Error making a backup copy of existing configuration file:
VALUE_0
.
Explanation
Backup copy of a configuration file could not be made.
System action
Restore fails.
Administrator response
Check the log entries to find out the reason for restore
failure.
CTGKM0910E I/O error while creating backup jar file
jar_file_name
\nError message:
error_msg
.
Explanation
Input/Output file error occurred while creating the
backup jar file.
System action
Backup fails.
Administrator response
Check the log entries to find out the reason for backup
failure.
CTGKM0911E Entry in the jar has been modified since the backup file was
created: \nJar file:
jar_file_name
\nJar entry name:
jar_entry_name
\nDestination:
destination
Explanation
An entry in the backup jar file has been changed since
the jar file was created. This may indicate a corrupt
file or a backup jar which has been tampered with in
some way.
System action
Restore fails.
Administrator response
Check the integrity of the backup file in question. Use
another backup jar file if available.
CTGKM0912E I/O error, missing or corrupt data detected while extracting jar file entry.\nJar file name:
jar_file_name
\nJar entry name:
jar_entry_name
\nDestination:
destination
Explanation
Backup jar file or an entry in the backup jar file is missing, corrupt or has been tampered with.
System action
Restore fails.
Administrator response
Check the integrity of the backup file in question. Use
another backup jar file if available.
CTGKM0913E
I/O error while decrypting and/or extracting jar file.
\nPossible cause: Incorrect password may have been provided,
which results in the jar entry being decrypted incorrectly.
Explanation
I/O error occurred while decrypting and/or extracting
a jar file entry. A common reason for this error is that
a file was encrypted using one password and an incorrect
or null password was provided to decrypt the file.
Decryption will still take place, but the decrypted file
is not valid and cannot be used in later stages of the
restore.
System action
Restore fails.
Administrator response
Check the password provided for decryption. Check if the
destination location contains sufficient disk space to
hold the decrypted/extracted file. Check the log
files for additional clues if necessary. Retry the
operation.
CTGKM0914W
IBM Security Guardium Key Lifecycle Manager backup or restore operation is
in progress. Database connections cannot be obtained at this
moment. Try again later.
Explanation
To minimize the risk of data inconsistency, a IBM Security Guardium Key
Lifecycle Manager backup or restore operation needs to
be done while the database is not used by the IBM Security Guardium Key
Lifecycle Manager server. This warning message will be
displayed in the graphical user interface and/or log
file.
System action
Database connection is not possible and the IBM Security Guardium Key
Lifecycle Manager operation requesting it fails.
Administrator response
Retry your operation after the backup or restore is
done.
CTGKM0915E
IBM Security Guardium Key Lifecycle Manager backup failed due to low disk space on the file system containing the backup directory
VALUE_0
.
Explanation
The database backup failed due to low disk space on the file system containing the backup
directory.
System action
The backup operation fails.
Administrator response
Increase the available disk space on the file system containing
the database backup directory. Then try the operation again.
CTGKM0916W
Warning: Information about this backup was not saved. However, the IBM Security Guardium Key Lifecycle Manager backup operation saved all the necessary files, which could be used for a restore operation in the future.
Explanation
A successful backup operation saves information about the backup in a file named SKLM_HOME/config/lastbackupinfo.
However, the step to save this information failed, or the information is incorrect.
You can still use the backup file for a restore operation. Possible reasons for failure:
Another process was using the lastbackupinfo file, or permissions for the SKLM_HOME/config directory are incorrect.
System action
The backup operation succeeded but the information about the most recent backup could not be saved.
Administrator response
Verify that no other process is using the lastbackupinfo file and the SKLM_HOME/config directory has the
correct read and write permissions. Then try the backup operation again if you want this information to
be accurate.
CTGKM0917E
IBM Security Guardium Key Lifecycle Manager failed to determine the information about the last
successful backup. Possible reasons: A backup was never done on this system, the file permissions
are incorrect, or the file was deleted.
Explanation
After a successful
backup, IBM Security Guardium Key Lifecycle Manager saves the information about the
backup in a file named SKLM_HOME/config/lastbackupinfo. This
file could not be read.
System action
The IBM Security Guardium Key Lifecycle Manager fails to determine the information about the last
successful backup.
Administrator response
If you restored a backup from another system, this file may not be available. Verify that the
SKLM_HOME/config/lastbackupinfo file exists and that the
file has read permission. Run the operation again.
CTGKM0918E Cannot add a value to a single-valued KMIP attribute when a value already exists.
Object uuid: VALUE_0,
Object name: VALUE_1,
Attribute name: VALUE_2.
Explanation
Cannot add a value to a single-valued KMIP attribute when value already exists.
Existing value can be modified or deleted.
System action
The operation fails.
Administrator response
Modify or delete the value. Then, try the operation again.
CTGKM0919E Cannot modify attribute value. Current value is not defined at index VALUE_0. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.
Explanation
Cannot modify a value on a multi-valued KMIP attribute because the value does not exist at the specified index.
System action
The operation fails.
Administrator response
Modify or delete the value. Then, try the operation again.
CTGKM0920E Cannot delete attribute value. Incorrect attribute value index was specified: VALUE_0. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.
Explanation
Cannot delete a value because the value does not exist at the specified index.
System action
The operation fails.
Administrator response
Provide a valid index.
CTGKM0921E Cannot modify attribute value. New value is not provided. Object uuid: VALUE_0, Object name: VALUE_1, Attribute name: VALUE_2.
Explanation
Cannot modify a value because a new value was not provided.
System action
The operation fails.
Administrator response
Provide a valid new value or delete the existing value.
CTGKM0922E Range Specification is not valid: VALUE_0
Explanation
One or two range-capable values of the same range-capable attribute type are expected.
System action
The operation fails.
Administrator response
Provide a valid range. Then, try the operation again.
CTGKM0923E Unsupported parameter type detected: VALUE_0
Explanation
Unsupported parameter type was specified.
System action
The operation fails.
Administrator response
Provide a valid parameter. Then, try the operation again.
CTGKM0924E
Unsupported usage mask '
VALUE_0
' on object with uuid
VALUE_1
Explanation
Unsupported KMIP usage mask was detected in the data store.
System action
The IBM Security Guardium Key Lifecycle Manager cannot retrieve object's data.
Administrator response
Investigate the source of incorrect data and correct or delete it before trying again.
CTGKM0925E Cannot VALUE_0 a value when no attribute value was supplied.
Object uuid: VALUE_1,
Object name: VALUE_2,
Attribute name: VALUE_3.
Explanation
Cannot perform the operation when no attribute value is passed.
System action
The operation fails.
Administrator response
Supply the value. Then, try the operation again.
CTGKM0926E Cannot VALUE_0 a value when no attribute value currently exists.
Object uuid: VALUE_1,
Object name: VALUE_2,
Attribute name: VALUE_3.
Explanation
Cannot perform the operation when that attribute does not exist on that object.
System action
The operation fails.
Administrator response
Add the attribute with its value.
CTGKM0927E Cannot VALUE_0 a value when no attribute value currently exists at that index.
Object uuid: VALUE_1,
Object name: VALUE_2,
Attribute name: VALUE_3.
Index: VALUE_4.
Explanation
Cannot perform the operation when that attribute does not exist on that object.
System action
The operation fails.
Administrator response
Add the attribute with its value.
CTGKM0928E Certificate alias cannot contain \' \\ \' or \' / \' or \' .
Explanation
You cannot create a certificate with \' \\ \' or \' / \' or \' in the alias.
System action
The operation fails.
Administrator response
Specify an alias that does not contain \' \\ \' or \' / \' or \' . Then, try the operation again.
CTGKM0929E Error occurred while looking up version numbers.
Explanation
Command could not be executed. On Windows systems, ensure that the environment variable ProgramFiles is set correctly. If you are running 64-bit Windows, ensure that the environment variable ProgramFiles(x86) is also correctly set.
System action
The operation fails.
Administrator response
Ensure that the required environment variables are correctly set.
CTGKM0930E Because this certificate is outside of its validity period and the
validate certificates check is enabled, cannot assign this
certificate to the device.
Explanation
The certificate is outside of its validity period and not available for use.
System action
The operation fails.
Administrator response
Select another certificate.
CTGKM0931E Not all version numbers were successfully retrieved.
Explanation
Some version numbers could not be retrieved. Ensure that the 'IBM ADE Service' service is running.
System action
The operation fails.
Administrator response
Ensure that the service 'IBM ADE Service' is running. To start the service in Windows, go to the Control Panel > Services. To start the service in Linux®, run the /usr/ibm/common/acsi/bin/acsisrv.sh command. Then, try the operation again.
CTGKM0932E The value of newAlias cannot be an empty string.
Explanation
You must provide a value for newAlias.
System action
The operation fails.
Administrator response
Specify a value for newAlias. Then, try the operation again.
CTGKM0933E Certificate with alias VALUE_0 is compromised and cannot be set as a system, partner, or device default.
Explanation
A compromised certificate cannot be set as a system, partner, or device default.
System action
The operation fails.
Administrator response
Select another certificate to use as a default.
CTGKM0934E Key with alias VALUE_0 is compromised and cannot be set as a device default.
Explanation
A compromised key cannot be set as a device default.
System action
The operation fails.
Administrator response
Select another key to use as a default.
CTGKM0935E alias is required if newAlias is specified.
Explanation
The alias parameter is required if newAlias is specified.
System action
The operation fails.
Administrator response
Specify an alias and try the operation again.
CTGKM0937E Target uuid is not valid for the rollover object to be deleted:
VALUE_0
Explanation
The target uuid is not valid for the rollover object.
System action
The operation fails.
Administrator response
Ensure that the target uuid is valid and try the operation again.
CTGKM0938E Device group of the target is not valid for the rollover object to be deleted:
VALUE_0
Explanation
The target device group is not valid for the rollover object.
System action
The operation fails.
Administrator response
Ensure that the target device group is valid and try the operation again.
CTGKM0940E Common name cannot exceed 256 characters.
Explanation
Common name is too long. The maximum length allowed is 256 characters.
System action
Certificate creation fails.
Administrator response
Specify a common name not exceeding 256 characters, then try the operation again.
CTGKM0942E
Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are required. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.
Explanation
For Stronger encryption we require Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.
Administrator response
Install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.
CTGKM0944E
Password must be specified.
Explanation
Password must be specified.
Administrator response
Specify a password and try again.
CTGKM0945E
Backup Identifier is missing.
Explanation
Backup Identifier must be present.
System action
Restore operation fails.
Administrator response
Ensure that the backup identifier is present
and retry the operation.
CTGKM0946E The system is not configured to use HSM. But, the backup
you are trying to restore is protected by HSM-based encryption.
System action
The restore operation fails.
Administrator response
Configure the system with HSM-based configuration
settings.
CTGKM0947E
Backup system version below 4.1 is not supported with restore container system version. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.
Explanation
For restore on container system we require mimimum version 4.1. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.
Administrator response
Upgrade to version 4.1. Create the backup and then try restore again.
CTGKM1000E Error while invoking scheduled task handler:\n
\tTask Id: task_id\n
\tTask Type: task_type\n
\tTask Name: task_name\n
\tOriginal error message: error_message
Explanation
Error occurred while instantiating a scheduled task handler class.
System action
Task will not be executed.
Audit log will contain a failure message.
Administrator response
This should not happen under normal conditions.
Make sure that the task handler class exists in
the correct location and is specified correctly.
CTGKM1001E Required task name value is not defined.
Explanation
Required task name value was detected missing when scheduling a task.
System action
Task will not be scheduled.
Administrator response
This should not happen under normal conditions.
Make sure that the task information contains all required
values before submitting it.
CTGKM1002E Required task type value is not defined.
Explanation
Required task type value was detected missing when scheduling a task.
System action
Task will not be scheduled.
Administrator response
This should not happen under normal conditions.
Make sure that the task information contains all required
values before submitting it.
CTGKM1003E Error while scheduling a task:\n
Original error message: error_message
Explanation
Required task type value was detected missing when scheduling a task.
System action
Task will not be scheduled.
Administrator response
This should not happen under normal conditions.
Make sure that the task information contains all required
values before submitting it.
CTGKM1004E Error occurred while suspending a scheduled task:\n
Original error message: error_message
Explanation
Error occurred while suspending a scheduled task.
System action
Task will not be suspended.
Administrator response
This should not happen under normal conditions.
Investigate the logs for clues.
CTGKM1005E Error occurred while resuming a suspended scheduled task:\n
Original error message: error_message
Explanation
Error occurred while resuming a suspended scheduled task.
System action
Task will not be resumed.
Administrator response
This should not happen under normal conditions.
Investigate the logs for clues.
CTGKM1006E Error occurred while canceling a scheduled task:\n
Original error message: error_message
Explanation
Error occurred while canceling a scheduled task.
System action
Task will not be canceled.
Administrator response
This should not happen under normal conditions.
Investigate the logs for clues.
CTGKM1007E Error occurred while purging a task:\n
Original error message: error_message
Explanation
Error occurred while purging a task.
System action
Task will not be purged.
Administrator response
This should not happen under normal conditions.
Investigate the logs for clues.
CTGKM1008E Scheduler is not available:\n
Original error message: error_message
Explanation
Scheduler is not available.
System action
Scheduler related operations fail.
Administrator response
This should not happen under normal conditions.
Investigate the logs and server startup log for clues.
Restart the system.
Check if the database server is operating correctly.
CTGKM1009E Error in scheduler task detected:\n
Original error message: error_message
Explanation
Error in scheduler task detected.
System action
Operations involving this task will fail.
Administrator response
This should not happen under normal conditions.
Investigate the logs for clues.
Delete the task and reschedule.
CTGKM1072W The system will be restored from
${0}. The key and configuration data will be restored to the level of the backup that you select.
Any changes made after the selected backup will be lost, including the metadata. After restoring
from this backup, the server will be restarted automatically. The server will not be available
during the restart process. After the server is restarted, you must restart the browser session (Log
in again to use the product user interface). Do you want to continue?
Explanation
The key and
configuration data are restored to the level of the backup that you select. Any changes made after
the selected backup are lost, including the metadata.
System action
The key and
configuration data are restored to the level of the backup you select. Later changes are
lost.
Administrator response
Confirm that you want to restore from this backup level. When the operation completes, manually
restart the Guardium Key Lifecycle Manager server.
CTGKM1100E Object (object_type) with identifier object_id cannot be found.
Explanation
The identifier value that you specified does not match an
existing object.
System action
The operation fails.
Administrator response
Specify an identifier which corresponds to an existing object.
CTGKM1101E Incorrect or missing parameter was passed to perform a data store operation.
Parameter identifier: parameter_id
Explanation
Incorrect input was specified for a data store operation.
System action
The operation fails.
Administrator response
Make sure that correct parameters are used as input.
CTGKM1107E Error: symmetricKeySet
VALUE_1
for parameter
VALUE_0
.
Explanation
The passed symmetricKeySet is either not a valid key or key group.
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1108E Key Group for device group is not valid:
VALUE_1
for parameter
VALUE_0
.
Explanation
The passed symmetricKeySet key group is not the valid device group
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1109E Key for device group is not valid
VALUE_1
for parameter
VALUE_0
.
Explanation
The passed symmetricKeySet key is not the valid device group.
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1110E Certificate alias
VALUE_0
does not exist in this device group.
Explanation
The passed defaultAlias1/defaultAlias2 does not exist.
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1111E Key Alias does not belong to device group
VALUE_1
for parameter
VALUE_0
.
Explanation
The passed defaultAlias1/defaultAlias2 does not match the given device group.
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1115E Cannot change the device group of this device. It is associated with a key or key group.
Explanation
Cannot change the device group. The device is associated with a key or key group.
System action
Cannot change the device group. The device is associated with a key or key group.
Administrator response
Cannot change the device group. The device is associated with a key or key group.
CTGKM1116E Cannot change the device group of this device. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.
Explanation
Cannot change the device group. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.
System action
The operation fails.
Administrator response
Cannot change the device group. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.
CTGKM1117E Cannot change the device group membership. The key is used by one or more devices.
Explanation
Cannot change the device group membership. The key is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The key is used by one or more devices.
CTGKM1118E Cannot change the device group membership. The certificate is used by one or more devices.
Explanation
Cannot change the device group membership. The certificate is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The certificate is used by one or more devices.
CTGKM1119E Cannot change the device group membership. The certificate is used by one or more devices.
Explanation
Cannot change the device group membership. The certificate is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The certificate is used by one or more devices.
CTGKM1120E Cannot change the device group membership. The symmetric key is used by one or more devices.
Explanation
Cannot change the device group membership. The symmetric key is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The symmetric key is used by one or more devices.
CTGKM1121E Cannot change the device group membership. The group is used by one or more devices.
Explanation
Cannot change the device group membership. The group is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The group is used by one or more devices.
CTGKM1122E Cannot change the device group membership. The symmetric key is used by one or more devices.
Explanation
Cannot change the device group membership. The symmetric key is used by one or more devices.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The symmetric key is used by one or more devices.
CTGKM1123E Cannot change the device group membership. The symmetric key is being used by another device group.
Explanation
Cannot change the device group membership. The symmetric key is being used by another device group.
System action
Cannot change the device group membership. The symmetric key is being used by another device group.
Administrator response
Cannot change the device group membership. The symmetric key is being used by another device group.
CTGKM1124E Cannot change the device group membership. The symmetric key is being used by another device.
Explanation
Cannot change the device group membership. The symmetric key is being used by another device.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The symmetric key is being used by another device.
CTGKM1125E Cannot change the device group membership. The certificate is being used by another device group.
Explanation
Cannot change the device group membership. The certificate is being used by another device group.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The certificate is being used by another device group.
CTGKM1126E Cannot change the device group membership. The certificate is being used by another device group.
Explanation
Cannot change the device group membership. The certificate is being used by another device group.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The certificate is being used by another device group.
CTGKM1127E Cannot change the device group membership. The certificate is being used by another device.
Explanation
Cannot change the device group membership. The certificate is being used by another device.
System action
The operation fails.
Administrator response
Cannot change the device group membership. The certificate is being used by another device.
CTGKM1129E Target and source device groups family type does not match.
CTGKM1130E Cannot delete a device group when keys, certificates, groups, or devices are attached to that device group.
CTGKM1131E Key Alias Device Group does not match the device.
CTGKM1132E Symmetric Key Alias device group does not match device.
CTGKM1133E Delete operation failed because
family device groups cannot be deleted.
CTGKM1134E Device group already exists.
Specify a different device group name and retry the operation.
Explanation
Device group already
exists.
System action
Operation
fails.
Administrator response
Specify a different device group name and retry the operation.
CTGKM1135E Incorrect device group family
VALUE_0
Explanation
The device family must exist.
System action
The operation fails.
Administrator response
Specify an existing device family.
CTGKM1136E Group device group does not match the secret key device group usage.
Explanation
The group device group must match the secret key device group.
System action
The operation fails.
Administrator response
Group device group does not match the secret key device group usage.
CTGKM1137E Cannot add an empty key group as the default symmetricKeySet.
Explanation
The key group must have keys.
System action
The operation fails.
Administrator response
Cannot add an empty key group as the default symmetricKeySet.
CTGKM1138E No attributes were specified for the device group attribute
update operation.
Explanation
No attribute-value pairs were specified to update
information for a device group attribute.
System action
The operation fails.
Administrator response
Collect available audit log information and contact IBM Support.
CTGKM1139E
Incorrect value for device group name
VALUE_0
Explanation
The device group name must follow the requirement:
1. Can only contain alphanumeric characters and underscore.
2. First character cannot be a digit.
3. Maximum length is 256.
System action
The operation fails.
Administrator response
The device group name must follow the requirement:
1. Name can only contain alphanumeric character and underscore
2. First character cannot be a digit.
3. Maximum length should be 256.
CTGKM1140E Device family
VALUE_0
cannot be used to create a device group.
Explanation
The specified device family cannot be used for this operation.
System action
Device group not created.
Administrator response
Specify a different device family. Then, try again.
CTGKM1141E aliasOne and aliasTwo are not valid attributes for the LTO device group and DS5000 device group.
Explanation
Key aliasOne and aliasTwo are not used by LTO and DS5000 device groups.
System action
Device not created or updated.
Administrator response
Remove the attributes aliasOne and aliasTwo. Then, try the operation again.
CTGKM1142E symAlias is not a valid attribute for a DS8000 device group and 3592 device group.
Explanation
symAlias is not used by DS8000 and 3592 device groups.
System action
Device not created or updated.
Administrator response
Remove the attribute symAlias. Then, try the operation again.
CTGKM1143E Cannot delete enableKMIPDelete attribute. enableKMIPDelete attribute must have a value of true or false.
Explanation
enableKMIPDelete attribute must have a value of true or false.
System action
The operation fails.
Administrator response
Do not run this command to delete the enableKMIPDelete attribute value.
CTGKM1144E Value for enableKMIPDelete attribute is not valid. A valid value is true or false.
Explanation
Value for enableKMIPDelete attribute is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false for the enableKMIPDelete attribute and try the operation again.
CTGKM1145E Expired or inactive Key Alias cannot be set as default.
Explanation
The defaultAlias1 or defaultAlias2 is expired or inactive
System action
The operation fails.
Administrator response
Specify a valid value for the parameter. Then, try the
operation again.
CTGKM1146E The device group
VALUE_0
does not support secret keys.
Explanation
The device group does not support secret keys.
System action
The operation fails.
Administrator response
Specify a device group that supports secret keys. Then, try the operation again.
CTGKM1147E The device group
VALUE_0
does not support certificates.
Explanation
The device group does not support certificates.
System action
The operation fails.
Administrator response
Specify a device group that supports secret keys. Then, try the operation again.
CTGKM1148E Value for enableMachineAffinity attribute is not valid. A valid value is true or false.
Explanation
Value for enableMachineAffinity attribute is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false for the enableMachineAffinity attribute and try the operation again.
CTGKM1149E Value for device.AutoPendingAutoDiscovery attribute is not valid. Valid values are 0, 1 and 2.
Explanation
Value for device.AutoPendingAutoDiscovery attribute is not valid. Valid values are 0, 1 and 2.
System action
The operation fails.
Administrator response
Specify valid values (0,1,2) for device.AutoPendingAutoDiscovery attribute and try the operation again.
CTGKM1152E
TLS or IKEv2-SCSI certificate is not allowed to move to other device groups.
Explanation
TLS or IKEv2-SCSI certificate is not allowed to move to other device groups.
System action
The operation fails.
CTGKM1150E Cannot delete machineAffinity attribute. machineAffinity must have a value of true or false.
Explanation
machineAffinity attribute must have a value of true or false.
System action
The operation fails.
Administrator response
Do not run this command to delete the machineAffinity attribute value.
CTGKM1151E Cannot delete device.AutoPendingAutoDiscovery attribute. device.AutoPendingAutoDiscovery must have a value of 0, 1 or 2.
Explanation
device.AutoPendingAutoDiscovery attribute must have a value of 0, 1 or 2.
System action
The operation fails.
Administrator response
Do not run this command to delete the device.AutoPendingAutoDiscovery attribute value.
CTGKM1153E Cannot add a DS5000 family device with symAlias specified.
Explanation
You attempted to create a DS5000 family device and associate it with a
key group.
System action
The device add operation fails.
Administrator response
Do not specify symAlias. Then, try the operation again.
CTGKM1154E Cannot associate a device with an empty key group.
Explanation
Cannot associate a device with an empty key group.
System action
The device update operation fails.
Administrator response
Specify a different symAlias. Then, try the operation again.
CTGKM1156E Conflicted key VALUE_0 cannot be moved to a new device group.
Explanation
Conflicted key cannot be moved to a new device group.
System action
The key update operation fails.
Administrator response
Specify a different key alias. Then, try the operation again.
CTGKM1157E Unknown key can be moved to either VALUE_0
or VALUE_1
or VALUE_2
device group only.
Explanation
Unknown key cannot be moved to a device group other than DS8000, 3592, SSLSERVER.
System action
The key update operation fails.
Administrator response
Specify a different device group. Then, try the operation again.
CTGKM1158E Conflicted certificate VALUE_0 cannot be moved to a new device group.
Explanation
Conflicted certificate cannot be moved to a new device group.
System action
The certificate update operation fails.
Administrator response
Specify a different certificate alias. Then, try the operation again.
CTGKM1159E Unknown certificate can be moved to either VALUE_0
or VALUE_1
or VALUE_2
device group only.
Explanation
Unknown certificate cannot be moved to a device group other than DS8000, 3592, SSLSERVER.
System action
The certificate update operation fails.
Administrator response
Specify a different device group. Then, try the operation again.
CTGKM1160E Unknown device can be moved to either VALUE_0
or VALUE_1
device group only.
Explanation
Unknown device cannot be moved to a device group other than LTO, 3592.
System action
The device update operation fails.
Administrator response
Specify a different device group. Then, try the operation again.
CTGKM1161E Conflicted certificate cannot be specified for a default rollover.
This certificate is not valid: alias
Explanation
Conflicated certificate cannot be specified for a default rollover.
System action
The add rollover operation fails.
Administrator response
Specify a different certificate alias. Then, try the operation again.
CTGKM1162E The device group
VALUE_0
does not support keys.
Explanation
The device group does not support keys.
System action
The operation fails.
Administrator response
Specify a device group that support keys. Then, try the operation again.
CTGKM1163E The key with alias VALUE_0 cannot be moved.
Keys belonging to a key group cannot be moved between device groups.
Explanation
Keys are not allowed to be moved between device groups if that key is member of any key group.
System action
The key update operation fails.
Administrator response
Specify a key which does not belong to a key group, then try again.
CTGKM1200E Error getting device groups for device family
VALUE_0
.
Explanation
Exception occurred during the process.
System action
The operation fails.
Administrator response
See the log for more details.
CTGKM1201E Error getting device families for device group
VALUE_0
.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1202E Error getting a list of device groups.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1203E Error creating device group
VALUE_0
.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1204E Error deleting device group
VALUE_0
.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1205E Error setting machine affinity.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1206E Error setting auto pending.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1207E Error getting devices referencing key group.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1208E Error getting devices referencing certificate.
Explanation
Exception occurred during the process.
System action
See the log for more details.
Administrator response
See the log for more details.
CTGKM1209E Concurrent update error. Another user might have changed the data.
Explanation
Exception occurred while performing a concurrent update.
System action
See the log for more details.
Administrator response
Refresh and try again.
CTGKM1210E
An error occurred while accepting the pending device.
Explanation
The device may have already been accepted, there
may be an error in the additional fields specified
while accepting this device, or the IBM Security Guardium Key Lifecycle
Manager database might not be available. Additional
information should accompany this message.
System action
The device may not have been accepted, or the device
was accepted but additional fields specified for
the device may not have been set.
Administrator response
The additional information accompanying this message
might guide your response. You might need to confirm
that the database is available.
CTGKM1211E
An error occurred while rejecting the pending device.
Explanation
The device may have already been rejected by
another user or the IBM Security Guardium Key Lifecycle
Manager database might not be available. Additional
information should accompany this message.
System action
The device may not have been rejected.
Administrator response
The additional information accompanying this message
might guide your response. You might need to confirm
that the database is available.
CTGKM1212E
An error occurred while setting the default key group.
Explanation
IBM Security Guardium Key Lifecycle Manager database might not be available. Additional
information should accompany this message.
System action
Cannot update the default key group.
Administrator response
The additional information accompanying this message
might guide your response.
CTGKM1213E
An error occurred while setting the default certificate.
Explanation
IBM Security Guardium Key Lifecycle Manager database might not be available. Additional
information should accompany this message.
System action
Cannot update the default certificate.
Administrator response
The additional information accompanying this message
might guide your response.
CTGKM1214E
An error occurred while setting the partner certificate.
Explanation
IBM Security Guardium Key Lifecycle Manager database might not be available. Additional
information should accompany this message.
System action
Cannot update the partner certificate.
Administrator response
The additional information accompanying this message
might guide your response.
CTGKM1215W Not all keys were made. Some aliases of the keys for the specified
key group collided with another key group generated at the same time.
You might want to use Modify Key Group panel to add additional keys.
Explanation
There were key alias conflicts and the total number of keys requested could not be created.
System action
No action required.
Administrator response
Use Modify Key Group panel to add additional keys.
CTGKM1301E The key group VALUE_0 cannot be set as a system or device default,
because all its keys are compromised.
Explanation
Key groups containing only compromised keys cannot be set as a system or device default.
System action
The operation fails.
Administrator response
Add non-compromised keys to the key group, or specify a different key group.
CTGKM1302E The private key algorithm is VALUE_0, which is not supported for usage
VALUE_1.
The supported algorithms are: VALUE_2
Explanation
The private key uses an encryption algorithm which is not supported for the specified device group.
System action
The operation fails.
Administrator response
Change the usage, or specify another private key with an appropriate encryption algorithm. Then, try the operation again.
CTGKM1303E Unable to access keystore file VALUE_0.
Explanation
Keystore file is missing or not readable.
System action
The operation fails.
Administrator response
Ensure that the specified file exists and has the correct permissions.
CTGKM1307E Keys could not be released because no backup has been made.
Explanation
A backup is required before keys can be released.
System action
The operation fails.
Administrator response
Make a backup, then try the operation again.
CTGKM1308E The configuration property VALUE_0 cannot be manually updated or deleted.
Explanation
The configuration property cannot be manually updated or deleted.
System action
The operation fails.
Administrator response
No action required.
CTGKM1400E Machine ID cannot be null.
Explanation
Machine ID is a required attribute.
System action
The operation fails.
Administrator response
Specify a valid machine ID.
CTGKM1401E Either machine ID or machine text is required.
Explanation
Either machine ID or machine text is required.
System action
The operation fails.
Administrator response
Specify either the machine ID or machine text. Then, try the operation again.
CTGKM1402E Machine UUID cannot be null.
Explanation
Machine UUID cannot be a null attribute.
System action
The operation fails.
Administrator response
Specify a value for the machine UUID.
CTGKM1403E Device group does not exist.
Explanation
The specified device group is not a valid or known device group.
System action
The operation fails.
Administrator response
Specify another valid device group.
CTGKM1404E Device group is not a DS5000 device group.
Explanation
The specified device group is not a DS5000 device group or a member of the DS5000 device family.
System action
The operation fails.
Administrator response
Specify a valid DS5000 device group or DS5000 device family.
CTGKM1405E Device UUID cannot be null.
Explanation
The specified device UUID cannot be empty or null.
System action
The operation fails.
Administrator response
Specify a valid device UUID.
CTGKM1406E
Device does not exist.
Explanation
The specified
device does not exist or is not a valid device in IBM Security Guardium Key Lifecycle Manager.
System action
The operation fails.
Administrator response
Specify a valid and known device group.
CTGKM1407E
No machine IDs exist.
Explanation
No machine IDs
exist in IBM Security Guardium Key Lifecycle Manager.
System action
The operation fails.
Administrator response
No machine IDs exist.
CTGKM1408E Machine ID/Text not found.
Explanation
This Machine ID/Text does not exist or is not valid.
System action
The operation fails.
Administrator response
Specify a valid machine identifier.
CTGKM1409E Machine affinity is ON. The device is associated with at least one machine and cannot be deleted or rejected.
Explanation
Machine affinity is ON. The device is associated with at least one machine and cannot be deleted or rejected.
System action
The operation fails.
Administrator response
Delete the machine device association before trying to delete or reject the device.
CTGKM1410E Either Machine UUID, Machine Text, or Machine ID is required.
Explanation
A value is required for either machine UUID, machine text, or machine ID.
System action
The operation fails.
Administrator response
Specify the machine UUID, machine text, or machine ID, and try again.
CTGKM1411E Machine Identifier field must be between 1 (minimum) and 48 (maximum) characters in length.
Explanation
Machine Identifier field should be between 1 and 48 characters in length.
System action
The operation fails.
Administrator response
Specify a machine identifier that is between 1 (minimum) and 48 (maximum) characters in length.
CTGKM1416E The specified machine must exist for the operation to succeed.
Explanation
Machine device association cannot be added. The machine does not exist.
System action
The operation fails.
Administrator response
Specify a valid machine identifier for this association.
CTGKM1417E Machine does not exist and cannot be updated.
Explanation
Machine lookup failed. It appears the machine does not exist.
System action
The operation fails.
Administrator response
Specify a valid machine identifier to update.
CTGKM1418E Machine text is not unique.
Explanation
Machine text is not unique. There is already a machine ID with that machine text.
System action
The operation fails.
Administrator response
Specify a unique string for the machine text.
CTGKM1419E Machine has existing machine affinities.
Explanation
The machine has existing machine affinities.
System action
The operation fails.
Administrator response
Delete all machine affinities before deleting the machine ID.
CTGKM1420E Device text is not unique.
Explanation
There is already a device with that device text.
System action
The operation fails.
Administrator response
Specify a different unique device text.
CTGKM1422E serialNumber cannot be updated with the device group.
Explanation
A serial number update is not supported for the device group.
System action
The operation fails.
Administrator response
Do not use a serial number as an attribute for this action.
CTGKM1423E
VALUE_0 is not allowed for a non-DS5000 device group.
Explanation
This attribute is not allowed for a non-DS5000 device group.
System action
The operation fails.
Administrator response
Do not use this attribute for this action.
CTGKM1425E The machine device association or the device is not pending.
Explanation
The machine device association or the device has been accepted or is not in pending status.
System action
No action taken.
Administrator response
You cannot accept a nonpending machine/device.
CTGKM1426E
Machine ID is not
unique.
Explanation
The machine ID
given is not unique in IBM Security Guardium Key Lifecycle Manager.
System action
The operation fails.
Administrator response
Specify a valid unique machine identifier.
CTGKM1427E
Machine affinity already exists.
Explanation
Machine affinity
for this device and machine already exists in IBM Security Guardium Key Lifecycle Manager.
System action
The operation fails.
Administrator response
Specify a different unique machine identifier and device.
CTGKM1429E The DS5000 number of keys cannot exceed 12.
Explanation
The DS5000 number of keys cannot exceed 12.
System action
The operation fails.
Administrator response
Specify a value between 0 and 12 for the number of keys.
CTGKM1430E This device has pending machine affinities. Reject the pending machine affinities first.
Explanation
This pending device has pending machine affinities. Reject the pending machine affinities first.
System action
The operation fails.
Administrator response
Reject the pending machine affinities first.
CTGKM1431E Value for DS5000 number of keys is not valid. The value must be a positive integer.
Explanation
The value for the DS5000 number of keys can only be a positive integer.
System action
The operation fails.
Administrator response
Specify a positive integer for the number of keys.
CTGKM1432E symmetricKeySet is not a valid attribute for a DS5000 device group.
Explanation
symmetricKeySet is not used by DS5000.
System action
Device group not created or updated.
Administrator response
Remove the symmetricKeySet attribute and try the operation again.
CTGKM1433E Values for machineText
VALUE_1
and machineID
VALUE_0 do not match.
Explanation
MachineText and MachineID do not match.
System action
Machine device will not be listed.
Administrator response
Specify a different value for machineText or machineID and try the operation again.
CTGKM1434E Machine Text must be between 1 and 96 characters in length.
Explanation
The value of the machineText parameter must be between 1 and 96 characters in length.
System action
The operation fails.
Administrator response
Specify a value for the machineText parameter between 1 and 96 characters in length.
CTGKM1435E Machine ID/Text does not match the Machine UUID.
Explanation
Machine ID/Text does not match the machine with the specified UUID.
System action
The operation fails.
Administrator response
Specify a different value for Machine ID/Text.
CTGKM1436E No machine affinity between device VALUE_0 and machine VALUE_1.
Explanation
Machine affinity is only supported for DS5000 devices.
System action
The operation fails.
Administrator response
Specify a DS5000 device.
CTGKM1500E NULL attribute array.
Explanation
No attributes were specified for a new template.
System action
The template is not created.
Administrator response
Specify attributes for the template, then try the operation again.
CTGKM1501E Found inappropriate attribute for template:
VALUE_0
Explanation
The specified attribute is not supported by the template.
System action
The template is not created.
Administrator response
Remove or change the unsupported attribute, then try the operation again.
CTGKM1502E NULL template names array.
Explanation
No template names were specified to be merged.
System action
The template merge fails.
Administrator response
Specify template names to be merged, then try the operation again.
CTGKM1503E Template with name
VALUE_0
not found.
Explanation
The specified template was not found in the database.
System action
The message processing fails because the template attributes
cannot be read.
Administrator response
Specify the correct template name and try again.
CTGKM1504E The authentication information in the request was not able to be validated, or there was no authentication information in the request when there SHOULD have been.
Explanation
The authentication information is either missing or not valid.
System action
The authentication failed because the information provided is not valid or missing.
Administrator response
Specify the correct authentication information and try again.
CTGKM1505E The client does not have permission to perform the requested operation.
Explanation
The client is not authorized to perform the requested operation.
System action
The requested operation failed because the client does not have
the permission.
Administrator response
Make sure that the requested operation is authorized and retry the action.
CTGKM1506E The operation failed due to a cryptographic error.
Explanation
The requested operation failed due to a cryptographic error.
System action
The requested operation failed because the key cannot be read due to a cryptographic error.
Administrator response
Please look at the exception message and take appropriate action.
CTGKM1507E An OPTIONAL feature specified in the request is not supported.
Explanation
The requested OPTIONAL feature is not supported.
System action
The request failed because the feature is not supported.
Administrator response
Remove or change the feature, then try the operation again.
CTGKM1508E The client requested an operation that was not able to be performed with the specified parameters.
Explanation
The specified parameters are not valid for the requested operation.
System action
The requested operation failed because the specified parameters
are not valid.
Administrator response
Specify the correct parameters and try again.
CTGKM1509E Some data item in the request has an incorrect value.
Explanation
Some of the parameter value in the request is not valid.
System action
The requested operation failed because one or more of the attributes has an incorrect value.
Administrator response
Make sure to pass in the correct attribute values and retry the action.
CTGKM1510E The request message was not understood by the server.
Explanation
The message in the request was not understood by the server.
System action
The processing of the message failed because it was not understood by the server.
Administrator response
Specify the correct message in the request and try again.
CTGKM1511E A requested object was not found or did not exist.
Explanation
The requested object was not found.
System action
The requested operation failed because the object did not exist.
Administrator response
Make sure to pass the identifier for the existing object and retry the action.
CTGKM1512E The operation requires additional OPTIONAL information in the request, which is not present.
Explanation
The request is missing the OPTIONAL information required for the operation.
System action
The requested operation failed because it is missing the OPTIONAL information required.
Administrator response
Make sure to pass in the required OPTIONAL information and retry the action.
CTGKM1513E The object must be recovered from the archive before performing the operation.
Explanation
The requested object is archived.
System action
The requested operation failed because the object is archived.
Administrator response
Make sure that the object is recovered and retry the action.
CTGKM1514E The operation was asynchronous, and the operation was canceled by the Cancel operation before it completed successfully.
Explanation
The asynchronous operation was canceled before it completed successfully.
System action
The requested operation failed because it was canceled before it completed successfully.
Administrator response
No action required.
CTGKM1515E The operation requested by the request message is not supported by the server.
Explanation
The requested operation is not supported by the server.
System action
The requested operation failed because it is not supported by the server.
Administrator response
Specify a supported operation then try the operation again.
CTGKM1516E The response to a request would exceed the maximum response size in the request.
Explanation
The response size exceeds the maximum response size specified in the request.
System action
The requested operation failed because the response size exceeds the
maximum response size specified in the request.
Administrator response
Increase the maximum response size in the request, then try the operation again.
CTGKM1517E Value out of range.
Explanation
The specified value is out of range.
System action
The requested operation failed because the value specified is out of the enumerated list.
Administrator response
Specify the correct value and retry the action.
CTGKM1520E The server was not able to perform the requested operation.
Explanation
An unexpected error occurred on the KMIP server.
System action
This error is returned to the KMIP client.
Administrator response
Please look at the exception message and take appropriate action.
CTGKM1521E The operation failed due to an inappropriate index.
Explanation
The caller passed an incorrect index on a multivalued attribute.
System action
This error is returned to the KMIP client.
Administrator response
Specify another index, and try the operation again.
CTGKM1522E Attribute VALUE_0 is not supported.
Explanation
Attribute name is unknown or unsupported.
System action
The operation fails.
Administrator response
Specify a supported attribute name, and try the operation again.
CTGKM1523E Index must be specified for update or delete operation on a multivalued attribute.
Explanation
Index was not specified for an update or delete operation on a multivalued attribute.
System action
The operation fails.
Administrator response
Specify an index, and try the operation again.
CTGKM1524E The operation VALUE_0 is not supported.
Explanation
The operation is not supported.
System action
The operation fails.
Administrator response
Specify a supported operation name, then try again.
CTGKM1525E The field VALUE_0 is not supported for the attribute VALUE_1.
Explanation
The field provided is not supported for the attribute.
System action
The operation fails.
Administrator response
Specify a field that is supported for the attribute, then try the operation again.
CTGKM1526E Date must be in the format VALUE_0, and represent a valid date.
Explanation
The date supplied is not valid.
System action
The operation fails.
Administrator response
Specify a valid date in the correct format, then try the operation again.
CTGKM1527E Attribute values must be specified for add or update operation.
Explanation
The add and update attributes operations require that attribute values be specified.
System action
The operation fails.
Administrator response
Specify the attribute values, then try the opreation again.
CTGKM1528E
VALUE_0 fields must be specified for attribute VALUE_1.
Explanation
The listed fields are required when adding or updating this attribute.
System action
The operation fails.
Administrator response
Specify values for all the listed fields, then try the operation again.
CTGKM1529E Name for a custom attribute must begin with either VALUE_0 or VALUE_1.
Explanation
The name for a custom KMIP attribute must follow the stated requirements.
System action
The operation fails.
Administrator response
Specify a custom attribute name that meets the requirements, then try the operation again.
CTGKM1530E The value VALUE_0 is not supported for the field VALUE_1.
Explanation
The value is not supported for the specified field.
System action
The operation fails.
Administrator response
Specify a supported value, then try the operation again.
CTGKM1531E
The value exceeds the limit for a multi-valued attribute.
Explanation
The value exceeds
the limit for a multi-valued attribute set by the IBM Security Guardium Key Lifecycle Manager server.
System action
The operation fails.
Administrator response
Set the property mv.attribute.max.values in SKLMConfig.properties file to a higher value and try again.
CTGKM1532E Value contains reserved wildcard characters that are not allowed.
Explanation
The specified value contains reserved wildcard characters such as (* and %).
System action
The requested operation failed because the value specified is not valid.
Administrator response
Specify the correct value and retry the action.
CTGKM1533E The request cannot be processed.
Explanation
The request from this device cannot be processed.
System action
The requested operation fails.
Administrator response
Check the setting for accepting devices for this device group through the graphical user interface.
Take appropriate action either to accept this device from the pending list or
set the flag to automatically accept all new devices. Then try the request again.
CTGKM1534E The request cannot be processed.
Explanation
An internal error occurred and the request from this device cannot be processed.
System action
The requested operation fails.
Administrator response
Check the setting for accepting devices for this device group through the graphical user interface.
Then retry the action.
CTGKM1535E
VALUE_0 is too large.
Explanation
The object or attribute is oversized and cannot be processed.
System action
The operation fails.
Administrator response
The key bytes length exceeds the maximum length 8K supported by the keystore. Try again with a reduced size.
CTGKM1536E Key must be specified.
Explanation
The key to create or register is not specified in the request.
System action
The requested operation fails.
Administrator response
Specify the key, then try the operation again.
CTGKM1537E Key group VALUE_0 does not exist.
Explanation
The specified key group in the request does not exist.
System action
The requested operation fails.
Administrator response
Specify an existing key group, then try the operation again.
CTGKM1538E Usage mask must be specified.
Explanation
The usage mask must be specified for a symmetric key in the request.
System action
The requested operation fails.
Administrator response
Specify the usage mask, then try the operation again.
CTGKM1539E Algorithm VALUE_0 not supported.
Explanation
Algorithm not supported for the requested operation.
System action
The requested operation fails.
Administrator response
Specify a supported algortihm, then try the operation again.
CTGKM1540E Key size VALUE_0 not supported for algorithm VALUE_1.
Explanation
Key size is not supported for the algorithm specified in the request.
System action
The requested operation fails.
Administrator response
Ensure that the key size specified is supported by the algorithm. Try the operation again.
CTGKM1541E Unexpected key type, only register of SecretKey supported.
Explanation
To register a key, it must be of type javax.crypto.SecretKey in the request.
System action
The requested operation fails.
Administrator response
Specify a key of type SecretKey, then try the operation again.
CTGKM1542E JCE problem with DESede or AES while generating a secret key.
Explanation
JCE unable to generate a secret key with algorithm DESede or AES.
System action
The requested operation fails.
Administrator response
Ensure that the JCE provider supports the requested algorithm and try again.
CTGKM1543E Algorithm VALUE_0 not supported by the provider for hashing.
Explanation
The algorithm is not supported by the provider.
System action
The requested operation fails.
Administrator response
Specify an algorithm that is supported by the provider, then try the operation again.
CTGKM1544E The following attribute(s) are not allowed for the VALUE_0
operation: VALUE_1
Explanation
Some of the attributes are not allowed for the requested operation.
System action
The requested operation fails.
Administrator response
Remove the attributes that are not allowed, and try the operation again.
CTGKM1545E y-KeyGroupGetNext must supply a key group name.
Explanation
The y-KeyGroupGetNext custom server attribute must supply a key group name.
System action
The requested operation fails.
Administrator response
Specify a key group name, then try the operation again.
CTGKM1546E An object with the nametype of VALUE_0
and the namevalue of VALUE_1
already exists.
Explanation
The caller is trying to reuse an existing name for an object.
System action
The requested operation fails.
Administrator response
Specify a different nametype/namevalue. Then try the operation again.
CTGKM1547E This VALUE_0
requires an instance of VALUE_1.
Explanation
The caller is trying to set an unsupported value.
System action
The requested operation fails.
Administrator response
Specify a supported value, then try the operation again.
CTGKM1548E Unsupported object type: VALUE_0
Explanation
The caller is requesting an operation on an unsupported object type.
System action
The requested operation fails.
Administrator response
Specify a supported object type, then try the operation again.
CTGKM1549E StorageStatusMask: VALUE_0 is not valid.
Explanation
The caller is requesting an unsupported storage status mask.
System action
The requested operation fails.
Administrator response
Specify a supported storage status mask and try the operation again.
CTGKM1550E No search attributes were specified on the LOCATE request.
Explanation
The caller omitted required parameters.
System action
The requested operation fails.
Administrator response
Specify the search attributes in the LOCATE request, then try again.
CTGKM1551E The VALUE_0 operation
is not valid for an object of type VALUE_1.
Explanation
The caller requested an operation that is inappropriate for that object.
System action
The requested operation fails.
Administrator response
Specify an operation supported for the object, then try again.
CTGKM1552E The VALUE_0 attribute
requires a non-null value.
Explanation
The attribute cannot contain a null value.
System action
Cannot process the message.
Administrator response
Ensure that the attribute value is non-null, then try again.
CTGKM1553E The attribute name is not specified.
Explanation
The attribute name is not specified.
System action
The requested operation fails.
Administrator response
Specify the attribute name, then try the operation again.
CTGKM1554E The attribute VALUE_0 does not exist.
Explanation
The specified attribute does not exist.
System action
The requested operation fails.
Administrator response
Specify an existing attribute, then try the operation again.
CTGKM1555E The index VALUE_0 is not valid for a single-valued attribute.
Explanation
For a single-valued attribute, the index can only be 0.
System action
The requested operation fails.
Administrator response
Specify the correct index for a single-valued attribute, then try the operation again.
CTGKM1556E The value at index VALUE_0 does not exist.
Explanation
The value at the specified index does not exist.
System action
The requested operation fails.
Administrator response
Ensure that a value exists at the specified index. Then, try the operation again.
CTGKM1557E Could not construct VALUE_0 from the input provided.
Underlying field name or error message VALUE_1
Explanation
The caller provided input that could not be processed.
System action
The requested operation fails.
Administrator response
Specify a correct value for this attribute, then try the operation again.
CTGKM1558E No key material is available for the object with identifier
VALUE_0.
Explanation
No key material is available, possibly because none was ever sent to the server.
System action
The requested operation fails.
CTGKM1559E No key material is available for the object with identifier
VALUE_0.
The object has been destroyed.
Explanation
No key material exists on the server because the object has been destroyed.
System action
The requested operation fails.
CTGKM1560E Object with UUID VALUE_0 and type VALUE_1
does not exist.
Explanation
An object with the specified UUID and type does not exist.
System action
The requested operation fails.
Administrator response
Specify another UUID and type, then try the operation again.
CTGKM1561E
Object with UUID
VALUE_0
could not be served for cryptographic use because
it is not backed up.
Explanation
Object with the specified UUID cannot be served for cryptographic use because it is not backed up.
System action
The requested operation fails.
Administrator response
Back up IBM Security Guardium Key Lifecycle Manager, then try the operation again.
CTGKM1562E Cannot register a key in a key group if no key material is supplied by the caller.
Explanation
Keys that are in key groups must contain cryptographic material, but the caller is not providing any.
System action
The requested operation fails.
CTGKM1563E Object with UUID VALUE_0 could not be served for cryptographic use because
it is not released.
Explanation
Object with the specified UUID cannot be served for cryptographic use because it is not released. This message
may also occur if the config property release.date is missing or wrongly formatted.
System action
The requested operation fails.
Administrator response
Run the tklmKeyRelease command to release keys, then try the operation again.
CTGKM1701E For DS5000 device group, device text must be less than 96 characters in length.
Explanation
For the DS5000 device group, the value of the deviceText parameter must be less than 96 characters in length.
System action
The operation fails.
Administrator response
For DS5000 devices, specify a value for deviceText that is less than 96 characters in length.
CTGKM1702E Unable to generate more than 12 keys at a time for DS5000 group.
Explanation
DS5000 keys can only generated 12 or less at a time.
System action
The operation fails.
Administrator response
Reduce the number of requested keys and try the operation again.
CTGKM1703E Incorrect device group ID : VALUE_0
Explanation
Device group ID is not found.
System action
The operation fails.
Administrator response
Change the device group and try the operation again.
CTGKM1704E Device description cannot exceed 255 characters in length.
Explanation
The device description exceeded 255 characters in length.
System action
The operation fails.
Administrator response
Change to a shorter description and try the operation again.
CTGKM1706E The certificate VALUE_0 is scheduled for a future rollover, and cannot be moved or deleted.
Explanation
A certificate which is scheduled for a future rollover cannot be moved or deleted.
System action
The operation fails.
Administrator response
Remove any pending rollovers for this certificate, then try the operation again.
CTGKM1707E The key group VALUE_0 is scheduled for a future rollover, and cannot be moved or deleted.
Explanation
A key group which is scheduled for a future rollover cannot be moved or deleted.
System action
The operation fails.
Administrator response
Remove any pending rollovers for this key group, then try the operation again.
CTGKM1901E Device group:
VALUE_0
is not a valid group for license count.
Explanation
This device group must be one of the valid device groups listed in the license list.
System action
Specify a correct group name.
Administrator response
Specify a correct group name.
CTGKM1936E dateAfter cannot be later than dateBefore.
Explanation
dateAfter is after dateBefore. This will give an empty time interval.
System action
The operation fails.
Administrator response
Specify different dateAfter and dateBefore values, and try the operation again.
CTGKM2100E The value for replication.role is not valid. Accepted values are CLONE or MASTER.
Explanation
The value for the replication.role must be CLONE or MASTER.
System action
The operation fails.
Administrator response
Correct setting of replication.role parameter to CLONE or MASTER.
CTGKM2101E Location specified in replication.BackupDestDir is not a valid directory.
Explanation
replication.BackupDestDir must specify a valid directory.
System action
The operation fails.
Administrator response
Correct setting of replication.BackupDestDir to a valid directory.
CTGKM2102E No valid replication config file exists. It will be created.
Explanation
No valid replication config file exists. It will be created.
System action
The operation fails.
Administrator response
No action required.
CTGKM2103E The value for replication.MaxLogFileSize is not valid. Acceptable values are between 100 and 500000 bytes.
Explanation
The replication log file size can be between 100 and 500000 bytes.
System action
The operation fails.
Administrator response
Correct setting of replication.MaxLogFileSize.
CTGKM2104E The value for replication.MaxLogFileNum is not valid. Acceptable values are between 2 and 100.
Explanation
The value for replication.MaxLogFileNum must be between 2 and 100.
System action
The operation fails.
Administrator response
Correct setting of replication.MaxLogFileNum.
CTGKM2105E The value for replication.MaxBackupNum is not valid. Acceptable values are between 2 and 10.
Explanation
The value for replication.MaxBackupNum must be between 2 and 10.
System action
The operation fails.
Administrator response
Correct setting of replication.MaxBackupNum.
CTGKM2106E Value for replication.MasterListenPort is not valid. Acceptable values are integers between 1 and 65535.
Explanation
Valid values for replication.MasterListenPort are integers between 1 and 65535.
System action
The operation fails.
Administrator response
Correct setting of replication.MasterListenPort.
CTGKM2107E
Value for replication.MasterListenPort is not a valid port number or is used as a port elsewhere in IBM Security Guardium Key Lifecycle Manager.
Explanation
replication.MasterListenPort is not a valid port number, or is the same as one of restore.ListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.
System action
The operation fails.
Administrator response
Correct setting of replication.MasterListenPort to a valid, available port number.
CTGKM2108E Value for the backup.CheckFrequency is not valid. Acceptable values are integers equal to or greater than 1.
Explanation
Valid values for backup.CheckFrequency are integers equal to or greater than 1.
System action
The operation fails.
Administrator response
Correct setting of backup.CheckFrequency to be an integer equal to or greater than 1.
CTGKM2109E Command ignored. Backup time has already been set.
Explanation
Command ignored. Backup time has already been set as per the backup.DailyStartReplicationBackupTime parameter.
System action
Command ignored.
Administrator response
No action required.
CTGKM2110E Value of backup.DailyStartReplicationBackupTime is not valid. It should be in HH:MM format.
Explanation
Value of backup.DailyStartReplicationBackupTime should be a valid time in HH:MM format.
System action
The operation fails.
Administrator response
Correct backup.DailyStartReplicationBackupTime to be a valid time in HH:MM format.
CTGKM2111E
Value for backup.SerializeRestores is not valid. Accepted values are either true or false.
Explanation
Value for configuration parameter backup.SerializeRestores must be either true or false.
System action
The operation fails.
Administrator response
Correct backup.SerializeRestores to be either true or false.
CTGKM2112E The value for backup.BackupDescriptionText must not exceed 100 characters.
Explanation
The value for backup.BackupDescriptionText must not exceed 100 characters.
System action
The operation fails.
Administrator response
Correct backup.BackupDescriptionText such that it does not exceed 100 characters.
CTGKM2113E The value for backup.ReleaseKeys is not valid. Accepted values are RESTORE, BACKUP or OFF.
Explanation
The value for backup.ReleaseKeys must be one of RESTORE, BACKUP or OFF.
System action
The operation fails.
Administrator response
Correct backup.ReleaseKeys to be one of RESTORE, BACKUP or OFF.
CTGKM2114E
Failed to release keys for use
because the enableKeyRelease parameter in the configuration file is set to
false. Set the value of the enableKeyRelease parameter to true, and retry the
operation.
Explanation
To update the
backup.ReleaseKeys parameter, the value of the
enableKeyRelease parameter in the configuration file should be set to
true.
System action
The operation fails.
Administrator response
Use the Config Properties List REST Service to check the value of
enableKeyRelease. Use the Update Config Property REST
Service to update the value of enableKeyRelease. After you are sure
that enableKeyRelease is set to true, retry the operation.
CTGKM2115E restore.ListenPort parameter is not a valid port number. Accepted values are integers between 1 and 65535.
Explanation
The value of restore.ListenPort parameter should be an integer between 1 and 65535.
System action
The operation fails.
Administrator response
Correct restore.ListenPort to be a valid port number.
CTGKM2116E
The value of
restore.ListenPort must not be shared with any other IBM Security Guardium Key Lifecycle Manager port parameter settings.
Explanation
The value for the restore.ListenPort parameter cannot be the same as values for the replication.MasterListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.
System action
The operation fails.
Administrator response
Correct restore.ListenPort to be a valid port number not used elsewhere in IBM Security Guardium Key Lifecycle Manager.
CTGKM2117E Value of restore.DailyStartReplicationRestoreTime is not valid. It should be in HH:MM format.
Explanation
The value for restore.DailyStartReplicationRestoreTime should be a valid time in HH:MM format.
System action
The operation fails.
Administrator response
Correct restore.DailyStartReplicationRestoreTime to be a valid time in HH:MM format.
CTGKM2118E The value for the restore.NumAttemptRetryFailedRestore parameter must be between 0 and 2.
Explanation
The value for the restore.NumAttemptRetryFailedRestore parameter must be between 0 and 2.
System action
The operation fails.
Administrator response
Correct restore.NumAttemptRetryFailedRestore to be between 0 and 2.
CTGKM2119E Value for restore.RevertToPreviousBackupOnFailure must be either true or false.
Explanation
Value for configuration parameter restore.RevertToPreviousBackupOnFailure can only be either true or false.
System action
The operation fails.
Administrator response
Correct restore.RevertToPeviousBackupOnFailure to be either true or false.
CTGKM2120E Value for the backup.ClientPort(n) parameter must be an integer between 1 and 65535.
Explanation
Value for the backup.ClientPort(n) parameter must be an integer between 1 and 65535.
System action
The operation fails.
Administrator response
Correct backup.ClientPort(n) to be an integer between 1 and 65535.
CTGKM2121E
backup.ClientPort must not be
shared with any other IBM Security Guardium Key Lifecycle Manager port parameter
settings.
Explanation
The value for the backup.ClientPort parameter cannot be the same as values for the replication.MasterListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.
System action
The operation fails.
Administrator response
Correct restore.ListenPort to be a valid port number not used elsewhere in IBM Security Guardium Key Lifecycle Manager.
CTGKM2122E backup.EncryptionPassword must not be fewer than 6 characters or exceed 175 single-byte or 87 double-byte characters.
Explanation
backup.EncryptionPassword cannot be null, fewer than 6 characters or longer than 175 single-byte or 87 double-byte characters.
System action
The operation fails.
Administrator response
Correct backup.EncryptionPassword to a valid value.
CTGKM2123E The backup.ObfuscatedEncryptionPassword parameter cannot be updated.
Explanation
The backup.ObfuscatedEncryptionPassword parameter cannot be updated.
System action
The operation fails.
Administrator response
No action required.
CTGKM2124E The StopReplication has timed out!.
Explanation
The StopReplication has timed out!.
System action
The operation fails.
Administrator response
No action required.
CTGKM2125E restore.TipadminPassword must not be fewer than 6 or more than 20 characters.
Explanation
restore.TipadminPassword cannot be shorter than 6 characters or longer than 20 characters.
System action
The operation fails.
Administrator response
Correct restore.TipadminPassword to a valid value.
CTGKM2126E The restore.ObfuscatedTipadminPassword parameter cannot be updated.
Explanation
The restore.ObfuscatedTipadminPassword parameter cannot be updated.
System action
The operation fails.
Administrator response
No action required.
CTGKM2201W Replication already in progress.
Explanation
Replication request rejected as one is already in progress.
System action
No action necessary.
Administrator response
Re-try replication when the currently running one has completed.
CTGKM2202E Replication failed for
Explanation
Replication has failed for the host listed.
System action
No action necessary.
Administrator response
No action necessary.
CTGKM2203E
Replication failed with a connection error
Explanation
Replication has failed for the host listed with a connection error.
System action
Check debug for exceptions.
Administrator response
Ensure that the hosts and ports listed are available.
CTGKM2204E
Replication failed with a validation error
Explanation
Replication has failed for the host listed with a validation error.
System action
Check debug for exceptions.
Administrator response
Check debug for exceptions.
CTGKM2206E
The replication operation
failed to start. Examine the log files to determine the cause of failure.
Explanation
The Replication
operation did not initialize.
System action
Replication
fails.
Administrator response
Examine the audit and debug logs to determine the cause of failure.
CTGKM2207W
Replication operation is
already initialized.
Explanation
The replication
start is ignored as the task is already up and running.
Administrator response
No action necessary.
CTGKM2209E
Replication operation failed
to stop. Examine the audit and debug logs to determine the cause of failure.
Explanation
The replication
stop operation failed.
System action
Replication
operation fails to stop.
Administrator response
Examine the audit and debug logs to determine the cause of failure.
CTGKM2210W
Replication operation is
already stopped.
Explanation
The replication
stop operation is ignored because it is already stopped.
Administrator response
No action necessary.
CTGKM2211E
Command failed as the -confirm parameter is not set to Y.
Explanation
IBM Security Guardium Key Lifecycle Manager Replication stop command will not work
without the confirm parameter being specified as Y.
System action
No action necessary.
Administrator response
If stop is required, rerun the command with the -confirm parameter set to Y.
CTGKM2212E
Replication timed out
Explanation
Replication for the specified host timed out.
System action
Check debug log.
Administrator response
Correct any problems on master or clone systems and retry.
CTGKM2213W Replication result unknown for
Explanation
Result for the replication of the specified host is unknown.
System action
Check debug log.
Administrator response
Check debug log.
CTGKM2214E
Replication fails because the
parameters are incorrectly specified. Specify both host name and port parameters, or no parameters,
and retry the operation.
Explanation
The
Replication Now REST Service requires either no parameters to replicate to all
defined hosts, or both host name and port parameters to replicate to a single
clone.
System action
The
Replication Now REST Service fails.
Administrator response
Specify correct parameters and retry the operation.
CTGKM2222E
No valid replication configuration file exists.
Explanation
Either no replication configuration file exists, or it is invalid.
System action
No action required.
Administrator response
Create a valid replication configuration file and retry the operation.
CTGKM2237E Replication failed.
Explanation
Replication failed.
System action
No action necessary.
Administrator response
No action required.
CTGKM2243E Replication can only be invoked on the master machine.
Explanation
Replication now invoked from CLI on a clone machine. However, it can only in invoked on the master machine.
System action
No action necessary.
Administrator response
Go to master machine and invoke replication.
CTGKM2244E
VALUE_0 can not be updated.
Explanation
The config property referenced in the message can not be updated by the CLI. It is only updated by the product.
System action
No action necessary.
Administrator response
No action necessary.
CTGKM2245E Cannot modify the key
Explanation
Attempt to modify the key did not complete. The key that you intend to update, might not be found,
or there might be a database error. There might be more
information in the message that describes the problem.
System action
The key was not modified.
Administrator response
Additional information might guide your response. Make
appropriate changes. Then, try the operation again.
CTGKM2246E
Cannot update the replication.MaxBackupNum property. Specify an integer value that is between 2 - 10.
Explanation
Value for replication.MaxBackupNum property must be an integer value that is between 2 - 100.
System action
The operation fails.
Administrator response
Specify a valid integer value that is between 2 - 10 for the replication.MaxBackupNum property.
CTGKM2247E
Cannot update the replication.Incremental.CheckFrequency property. Specify an integer value that is equal to or greater than 60.
Explanation
Value for replication.Incremental.CheckFrequency property must be equal to or greater than 60.
System action
The operation fails.
Administrator response
Specify a valid integer value that is equal to or greater than 60 for the replication.Incremental.CheckFrequency property.
CTGKM2248E
Cannot update the replication.Incremental.Enable property. Specify one of these values: true, false.
Explanation
Value for the replication.Incremental.Enable property must be true or false.
System action
The operation to update the configuration property fails.
Administrator response
Specify true or false as the value for the replication.Incremental.Enable property and retry the operation.
CTGKM2250E
Cannot configure the backup.Client property because replication is not supported.
Explanation
The backup.Client property cannot be updated because Replication is not supported in a containerized deployment.
System action
Replication configuration fails.
Administrator response
No action needed.
CTGKM2253E
Replication failed. User name
VALUE_0
doesn't exists exists in this installation.
Create the users and try again.
Explanation
User name doesn't exist. Please create the users and try again.
System action
The operation fails.
Administrator response
Create the users and try again.
CTGKM2300E Client certificate push is disabled.
Explanation
enableClientCertPush is set to false in the configuration file.
System action
The operation fails.
Administrator response
Change the value from false to true for the enableClientCertPush property in the SKLMConfig.properties file.
CTGKM2301E The number of pending client certificates has been reached.
Explanation
The number of pending client certificates exceeds the configuration value for maxPendingClientCerts.
System action
The operation fails.
Administrator response
Increase the value for the maxPendingClientCerts property in the SKLMConfig.properties file.
CTGKM2302E The X509 certificate cannot be null.
Explanation
The X509 certificate to be added to the pending client certificate list is null.
System action
The operation fails.
Administrator response
Add the X509 certificate and continue.
CTGKM2303E Client certificate exists in the pending client certificate list in the database:
VALUE_0
Explanation
Client certificate exists in the pending client certificate list in the database.
System action
The operation fails.
Administrator response
None.
CTGKM2304E Client certificate alias is required.
Explanation
Client certificate alias is required.
System action
The operation fails.
Administrator response
Add the alias string and try again.
CTGKM2305E Client certificate UUID is required.
Explanation
The client certificate UUID is required.
System action
The operation fails.
Administrator response
Add the UUID and try again.
CTGKM2306E Client certificate alias already in use:
VALUE_0
Explanation
The client certificate alias is already in use in the database and keystore.
System action
The operation fails.
Administrator response
Use a different alias and try again.
CTGKM2307E Client certificate UUID not found in the database:
VALUE_0
Explanation
The client certificate UUID was not found in the database.
System action
The operation fails.
Administrator response
Change to a valid UUID and try again.
CTGKM2308E There are no pending client certificates in the database.
Explanation
There are no pending client certificates in the database.
System action
The operation fails.
Administrator response
No action.
CTGKM2311E maxPendingClientCerts does not fall within the valid value set of 1 to 999.
VALUE_0
Explanation
maxPendingClientCerts does not fall within the valid value set of 1 to 999.
System action
The operation fails.
Administrator response
Update the configuration parameter and try again.
CTGKM2312E enableClientCertPush is not true or false.
Explanation
enableClientCertPush is not true or false.
System action
The operation fails.
Administrator response
Update the configuration parameter and try again.
CTGKM2313E maxPendingClientCerts does not fall within the valid value set of 1 to 999.
Explanation
maxPendingClientCerts does not fall within the valid value set of 1 to 999.
System action
The operation fails.
Administrator response
Update the configuration parameter and try again.
CTGKM2314E Certificate expired. Expired certificate cannot be used as client certificate.
Explanation
Certificate expired. Expired certificate cannot be used as client certificate.
System action
Update operation fails.
Administrator response
Specify a valid certificate alias and try the operation again.
CTGKM2901E
Export operation fails because
the export directory cannot be resolved. Specify a valid export directory name and path, and retry
the operation.
Explanation
The name or path of
the export directory is invalid and hence, the directory cannot be resolved.
System action
The export
operation fails.
Administrator response
Specify a valid export directory name and path and retry the export operation.
CTGKM2902W
IBM Security Guardium Key
Lifecycle Manager export is already in progress.
Explanation
Only one import/export operation is allowed at any
given time.
System action
The requested operation will not be performed.
Administrator response
Wait until the operation completes.
CTGKM2903E
Export of
VALUE_0
failed:
VALUE_1
.
Explanation
Export failed unexpectedly.
System action
Export fails.
Administrator response
Check the log entries to find out the reason for export
failure.
CTGKM2905E Status of the export operation
is unknown.
Explanation
Export failed
unexpectedly. Check the logs for more information
System action
Export fails.
Administrator response
Check the log entries to find out the reason for export failure.
CTGKM2906E Export operation
failed.
Explanation
Export operation
failed. Check the logs for more information.
System action
Export
fails.
Administrator response
Check the log entries to find out the reason for export failure.
CTGKM2907E
Device Group with name
VALUE_0
is not found.
Explanation
Incorrect Correct Device Group Name is provided
System action
Export fails.
Administrator response
Please Provide the Correct Device Group Name.
CTGKM2910E
Key Group with name
VALUE_0
is not found. .
Explanation
Key Group mentioned in export manifest file not found
System action
Export fails.
Administrator response
Please check if the export file is not corrupted.
CTGKM2911E
Import of
VALUE_0
failed:
VALUE_1
.
Explanation
Import failed unexpectedly.
System action
Import fails.
Administrator response
Check the log entries to find out the reason for import
failure.
CTGKM2912W Import is already in progress.
Explanation
Only one import/export operation is allowed at any given time.
System action
The requested operation will not be performed.
Administrator response
Wait until the operation completes.
CTGKM2913W
Export is already in progress.
Explanation
Only one import/export operation is allowed at any
given time.
System action
The requested operation will not be performed.
Administrator response
Wait until the operation completes.
CTGKM2914E The key is missing for decryption. Check whether the provided
file is valid.
System action
The operation fails.
Administrator response
Specify the correct file and retry.
CTGKM2915E
Specified export file does not exist:
VALUE_0
.
Explanation
The export file does not exist.
System action
The IBM Security Guardium Key Lifecycle Manager import operation fails.
Administrator response
Make sure that the export file path provided to the
import operation is valid.
CTGKM2916E
Error reading manifest from the export jar file:
VALUE_0
.
Explanation
Export manifest could be corrupted or incorrect for
unknown reasons.
System action
Restore fails.
Administrator response
Check the log entries to find out the reason for import
failure.
CTGKM2917E
I/O error while decrypting and/or extracting export file.
\nPossible cause: Incorrect password may have been provided,
which results in the export entry being decrypted incorrectly.
Explanation
I/O error occurred while decrypting and/or extracting
a export file entry. A common reason for this error is that
a file was encrypted using one password and an incorrect
or null password was provided to decrypt the file.
Decryption will still take place, but the decrypted file
is not valid and cannot be used in later stages of the
restore.
System action
Import fails.
Administrator response
Check the password provided for decryption. Check if the
destination location contains sufficient disk space to
hold the decrypted/extracted file. Check the log
files for additional clues if necessary. Retry the
operation.
CTGKM2918E
Certificate with Alias name
VALUE_0
doesn't exists.
Explanation
Certificate with Alias name doesn't exist. Please provide the exisiting alias.
Administrator response
Certificate with alias name does not exist. Provide the existing
alias.
CTGKM2919E
Certificate with Alias name
VALUE_0
already exists.
Explanation
Certificate with Alias name already exists. Please provide the different alias name.
Administrator response
Certificate with alias name already exists. Provide a different alias
name.
CTGKM2920E
Key with Alias name
VALUE_0
already exists.
Explanation
Key with Alias name already exists. Please provide the different alias name.
Administrator response
Key with alias name already exists. Provide a different alias
name.
CTGKM2921E
Key with Alias name
VALUE_0
doesn't exists.
Explanation
Key with Alias name doesn't exist. Please provide the exisiting alias.
Administrator response
Key with alias name does not exist. Provide the existing
alias.
CTGKM2922E
Object with the given name
VALUE_0
doesn't exists.
Explanation
Object with the given old name doesn't exist in the system. Please check the given old name.
Administrator response
Device with serial number does not exist. Provide the serial number that
is registered.
CTGKM2923E
The given new name
VALUE_0
is already associated with an Object.
Explanation
An Object with given new name already exists in the system. Please provide different new name for the object.
Administrator response
Device with Serial number already exists. Provide a different serial
number.
CTGKM2924E
Successfully deleted
VALUE_0
.
Explanation
Successfully deleted the export file.
CTGKM2925E
Error deleting file :
VALUE_0
.
Explanation
An error occurred while deleting the export file.
CTGKM2926E
Getting error while generating UUID. InstanceID is not initialized.
Explanation
System is not able to generate UUID as mandatory InstanceID is not initialized or generated properly while installation.
CTGKM2927E
Invalid file extension. Valid extensions are .cer or .der for baser64 and DER formats respectively.
Explanation
User must export certificate file with valid extension.
Administrator response
You must export the certificate file with valid
extension.
CTGKM2928E
Internal Server Error. Please contact IBM Support.
System action
The operation fails.
Administrator response
Check the log file to find the root cause and contact IBM Support.
CTGKM2934E
Type is not valid
System action
The type provided is not supported.
Administrator response
Ensure that the type provided is supported by the system.
CTGKM2935E
Requested operation not supported on this System.
Explanation
The operation you are trying to execute is not supported on this System. This could be because the it is a Clone System or Read only System.
System action
Login fails.
Administrator response
Check if the System is Clone or Read only.
CTGKM2937E
Error restarting IBM Security Guardium Key Lifecycle Manager Server, please check logs for more information.
System action
The server restart operation fails.
Administrator response
Check the log file to find the root cause and correct the problem.
CTGKM2938E
Error creating Master Key Packets for Keystore Password Obfuscation.
System action
The request has been halted.
Administrator response
Review the log files. Make changes as needed and retry the
request.
CTGKM2939E
Error during Obfuscating Keystore Password.
System action
The request has been halted.
Administrator response
Review the log files. Make changes as needed and retry the
request.
CTGKM2940E
Error during DeObfuscating Keystore Password.
CTGKM2941E
Packet writing in file failed. Directory location doesn't exist.
System action
The operation will return failure.
Administrator response
Confirm that the directory exists and has the correct
permissions.
CTGKM2942E Packet reading from file failed.
System action
The request has been halted.
Administrator response
Verify that the given file exist and it is valid and retry the
operation.
CTGKM2946E
Configuration of masters is Incomplete.
System action
An error is logged.
Administrator response
Specify the missing configuration attributes and try
again.
CTGKM2947W
No entry found with the mentioned Cluster Name. Please check the value passed.
Administrator response
Specify a server which exists in the
repository.
CTGKM2950E
Port value for
VALUE_0
should be in the range 0-65535
System action
The operation fails.
Administrator response
Specify a valid port number and ensure that the port is not used by other
applications on the system.
CTGKM2951E
VALUE_0 should be either Primary, Standby or Master
System action
Multi-master configuration fails.
Administrator response
Specify a valid role: Primary, Standby, Master
CTGKM2953E
Multi-Master is already configured.
CTGKM2954E
Login request to the instance with hostname
VALUE_0
and port
VALUE_1
is unsuccessful.
System action
Multi-master configuration fails.
Administrator response
Ensure that the specified values for port and host name are
correct.
CTGKM2955E
Master key needs to be created on this server before the Multi-Master setup.
Administrator response
Create a master key to continue with multi-master
configuration.
CTGKM2956E
Input value cannot be an exceed the size of
VALUE_0
for parameter
VALUE_1
System action
Multi-master configuration fails.
Administrator response
Specify the valid values. Then, try the operation again.
CTGKM2957E
Master with Instance ID
VALUE_0
already exists.
System action
Multi-master configuration fails.
Administrator response
Specify an instance ID that is valid and unique.
CTGKM2958E
Master with Instance ID
VALUE_0
not found.
System action
Operation fails.
Administrator response
Verify that you specified the correct instance ID of master server.
CTGKM2959E
VALUE_0
should be STANDALONE (0), REPLICATION (1) or MULTI_MASTER (2)
System action
Operation fails.
Administrator response
Specify a valid value.
CTGKM2960E
VALUE_0
should be LOCAL (0), PRIMARY (1), STANDBY(2) or NODE (3)
System action
Operation fails.
Administrator response
Specify a valid value.
CTGKM2961E
VALUE_0
should be NOT_CONFIGURED (0), NODES_CONFIGURED (1), AGENTS_CONFIGURED (2), DB2_CONFIGURED (3), WAS_CONFIGURED (4) or CONFIGURED (5) or OUT_OF_SYNC (6)
System action
Operation fails.
Administrator response
Specify a valid value.
CTGKM2963E VALUE_0 should be within range 1-3.
System action
Operation fails.
Administrator response
Specify a valid value.
CTGKM2964E
Standby Priority Index missing for Instance with Hostname
VALUE_0
System action
Operation fails.
Administrator response
Specify a valid priority index number for standby
master.
CTGKM2965E
Standby Priority Index for Instance with Hostname(s)
VALUE_0
and
VALUE_1
are same.
System action
Operation fails.
Administrator response
Specify a valid priority index number for standby
master.
CTGKM2966E
Invalid value for Standby Priority Index. The value must be in ascending order starting from 1.
System action
Operation fails.
Administrator response
Verify the number of standby masters in the multi-master
cluster.
CTGKM2967E
Multi-Master configuration must be done on Primary machine. Primary machine Hostname specified
VALUE_0
and This machine hostname
VALUE_1
CTGKM2968E
Instance with Hostname
VALUE_0
is already added.
System action
Operation fails.
CTGKM2969E VALUE_0 should be either 0 or 1.
System action
Operation fails.
Administrator response
Specify a valid value.
CTGKM2970E
Agent is not Running.
System action
Operation fails.
Administrator response
Start the agent and retry the operation.
CTGKM2971E
Operating System for Standby System
VALUE_0
is different from that of Primary System.
System action
Operation fails.
Administrator response
Ensure that the primary and standby systems have the same operating
system and level.
CTGKM2972E
Request failed. Only one master is allowed to be removed at a time.
System action
Operation fails.
CTGKM2973E
Request failed. The master server does not exist in the Multi-Master cluster.
System action
Operation fails.
CTGKM2974E
Request failed. Primary master server of the cluster cannot be removed.
System action
Operation fails.
CTGKM2975E
Cannot remove the standby master server. Multi-Master cluster must have at least one
standby master server.
System action
Operation fails.
CTGKM2976E
WAS Configuration failed to update after removing master.
System action
Operation fails.
CTGKM2977E
Stop Agent Services failed during remove master.
System action
Operation fails.
Administrator response
Ensure that the Stop Agent Service is up and
running.
CTGKM2978E
Restart servers failed.
System action
Operation fails.
CTGKM2979E
Reset HADR failed during remove master.
System action
Operation fails.
CTGKM2980E
Rollforward end of logs failed during remove master.
System action
Operation fails.
CTGKM2982E
Standby master failed to Takeover as Primary.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2983E
Primary or Standby master server is missing in Multi-Master cluster. Adding server is not allowed in current state.
System action
Operation fails.
Administrator response
You must add a standby server to the cluster before adding master
server.
CTGKM2984E
Failed to start Agent on instance
VALUE_0
.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2985E
Failed to connect to
VALUE_0
.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2986E
Failed to add master.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2987E
Failed to remove master.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2988E
Failed to modify master.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2990E
Instance with IP/hostname
VALUE_0
not found.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2991E
Error fetching present SKLM Instance.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM2994E IOException while running VALUE_0.
System action
Operation fails.
Administrator response
Check the text of the Java IOException for possible reasons for the error.
CTGKM2995E AgentException while running VALUE_0.
System action
Operation fails.
Administrator response
Review the message for possible reasons for the
error.
CTGKM2996E Error occurred while running VALUE_0.
System action
Operation fails.
Administrator response
Check the log file and correct the problem.
CTGKM2997E Exception occurred while running VALUE_0.
System action
Operation fails.
Administrator response
Attempt to diagnose the cause of the error based on the exception text.
CTGKM2998E KLMException while running VALUE_0.
System action
Operation fails.
Administrator response
Attempt to diagnose the cause of the error based on the exception
text.
CTGKM2999E
Master Key creation failed.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM3000E
Master Key Transmission failed on master
VALUE_0
.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM3001E
Error refreshing master
VALUE_0
. Showing the last updated status.
System action
Refresh operation fails.
Administrator response
See the log for more details.
CTGKM3003E
Promoting standby to primary failed.
System action
Operation fails.
Administrator response
See the log for more details.
CTGKM3004E
The master with Host name / IP address
VALUE_0
already exist in the cluster.
System action
Operation fails.
CTGKM3006E
Couldn't verify if HADR role while executing
VALUE_0
.
System action
Operation fails.
CTGKM3010E Scheduler could not be found:\n
Original error message: error_message
Explanation
Error in scheduler task detected.
System action
Operations involving scheduler will fail.
Administrator response
This should not happen under normal conditions.
Investigate the logs and server startup log for clues.
Restart the server.
CTGKM3011E
Invalid exisiting Db2 password. DB Password updation service failed.
System action
DB2 password update operation failed.
Administrator response
Specify a valid password for the DB2 administrator ID. Verify that the user ID has a password that is valid and ready to use.
CTGKM3013E
DB Password updation service for SKLM instance failed.
System action
DB2® password update operation failed.
Administrator response
See the log files for more details.
CTGKM3015E
Database password update service for IBM Security Guardium Key Lifecycle Manager Multi-Master cluster failed.
System action
password update operation
fails.
Administrator response
Check the log to
identify the root cause. Correct the problem, and then rerun the REST service to change the password on the Multi-Master
setup.
CTGKM3016E Invalid range. Keys with given prefix in alias range already generated.
Explanation
The specified alias range prefix is already generated.
Administrator response
Specify a different prefix for the alias range. Then, try the operation
again.
CTGKM3017E
Invalid range. Keys with given prefix in alias range doesn't exist.
System action
The operation fails.
Administrator response
Specify a valid range. Then, try the operation
again.
CTGKM3019E
Setup of Isolated Server failed.
System action
Setting up the isolated master in read-only mode is failed.
Administrator response
Check the log entries to find out the reason for the failure. Make
appropriate changes. Then, try the operation again.
CTGKM3020E
Not a recognized device group:
VALUE_0
Explanation
The specifed device
group does not match any device group stored in the database.
System action
The operation fails.
Administrator response
Specify a valid device group and try again.
CTGKM3021E Operation cannot be null.
Explanation
The specifed KLMOperation object is null. This is an internal error.
System action
The operation fails.
Administrator response
This is an internal error that external users should not see. Contact IBM Support.
CTGKM3022E
User
VALUE_0
does not have appropriate permission to perform this
operation. Depending on what the target resource is, it usually requires at least one of the
listed permission(s):
VALUE_1
.
Explanation
The user does
not have the appropriate permissions for this operation.
System action
The operation fails.
Administrator response
Check the user's permission. Refer to the product documentation in the IBM Knowledge Center to
understand the permissions required for this operation. Set up appropriate permissions for the user
and try again.
CTGKM3023E
User VALUE_0
does not have a valid IBM Security Guardium Key Lifecycle Manager role.
Some roles require both device group and action permissions. Verify that the user's role has
appropriate permissions.
Explanation
User does not have
a valid IBM Security Guardium Key Lifecycle Manager role.
System action
The operation fails.
Administrator response
Check the user's permission. Refer to the product documentation in the IBM Knowledge Center to
understand the permissions required for this operation. Set up appropriate permissions for the user
and try again.
CTGKM3024E No permission set defined for operation VALUE_0.
Explanation
No permission set defined for the specified operation.
System action
The operation fails.
Administrator response
This is an internal error that external users should not see. Contact IBM Support.
CTGKM3025E Operation VALUE_0 requires device group permission, but specified resource is null.
Explanation
The specified operation requires device group permission but the device group resource is not specified.
System action
The operation fails.
Administrator response
The specified operation requires device group permission but the device group resource is not specified. This is an internal error that external users should not see. Contact IBM Support.
CTGKM3026E The target resource's device group name cannot be null.
Explanation
At permission checking, the target resource's device group name is not specified.
System action
This is an internal error that external users should not see. Contact IBM Support.
Administrator response
This is an internal error that external users should not see. Contact IBM Support.
CTGKM3027E
Device group must be specified.
Explanation
Device group must
be specified while invoking AuthorizationService.getPermission to get a user's IBM Security Guardium Key Lifecycle Manager permission.
System action
The operation fails.
Administrator response
The call to AuthorizationService.getPermission(KLMUserSession, String) must have a device group parameter specified.
This is usually an internal error that external users should not see. If this API is invoked by another
application, the application needs to adjust the parameter.
CTGKM3028E
Cannot merge these two permissions.
Explanation
If two IBM Security Guardium Key Lifecycle Manager permissions have different device groups, they
cannot be merged.
System action
The operation fails.
Administrator response
The call to KLMPermission.merge(KLMPermission) cannot merge the specified permission. This is usually
an internal error that external users should not see.
If this API is invoked by another application, the application needs to adjust the
parameters.
CTGKM3029E No device group information specified.
Explanation
No device group information specified in the KLMDeviceType object.
System action
The operation fails.
Administrator response
KLMDeviceType object must include the device group name or device group ID. The caller needs to adjust the parameter.
CTGKM3030E User has no permission to query certificates. Check the user's permissions.
Explanation
Access is denied for query certificate operation. Check the user's permissions.
System action
The operation fails.
Administrator response
Check user's role and permissions. Assign appropriate permissions to the user. Then, try again.
CTGKM3031E User has no permission to query keys. Check the user's permissions.
Explanation
The permissions associated with the user role are not appropriate for query key operation.
System action
The operation fails.
Administrator response
Check the user's role and permissions. Assign appropriate permissions to the user. Then, try again.
CTGKM3032E User has no permission to query key groups. Check the user's permissions.
Explanation
The permissions associated with the user role are not appropriate for query key group operation.
System action
The operation fails.
Administrator response
Check the user's role and permissions. Assign appropriate permissions to the user. Then, try again.
CTGKM3033E User has no permission to query devices. Check user's permission.
Explanation
The permissions associated with the user role is not appropriate for query device operation.
System action
The device query fails.
Administrator response
Check user's role and permission set. Assign appropriate permissions to the user.
CTGKM3034E Cannot do 3592 rollover operation for non-3592 device group certificate.
Explanation
The certificate's device group must match the rollover device group.
System action
The operation fails.
Administrator response
Check the device group of the certificate and modify it to match the target rollover device group, or choose
a different certificate for the rollover.
CTGKM3035E Cannot do LTO rollover operation for a non-LTO device group key group.
Explanation
The key group's device group must match the rollover device group.
System action
The operation fails.
Administrator response
Check the device group of the certificate and modify it to match the target rollover device group, or choose
a different key group for the rollover.
CTGKM3036E
Cannot find the specified rollover task.
Explanation
Cannot find the
specified rollover task from the database.
System action
The operation fails.
Administrator response
Correct the specified rollover task parameters. Then, try again.
CTGKM3037E Failed to create key group VALUE_0
and keys with prefix VALUE_0
Explanation
Failed to create the key group and keys with specified prefix.
System action
The operation fails.
Administrator response
Look at the logs for more information and retry. If the failure still exists, contact IBM support.
CTGKM3038E Cannot change the key in a DS5000 key group to another key group.
Explanation
DS5000 key group and keys are bound together. You cannot change the group membership of an
individual DS5000 key directly.
System action
The operation fails.
Administrator response
You are not allowed to change the key of a DS5000 key group to another key group.
CTGKM3039E Cannot change the key's group membership. The key is used by one or more devices.
Explanation
Cannot change the key's group membership. The key is used by one or more devices.
System action
The operation fails.
Administrator response
You are not allowed to change the key of a DS5000 key group to another key group. The key is used by one or more devices.
CTGKM3040E Object with identifier object_id cannot be found.
Explanation
The identifier value that you specified does not match an
existing object.
System action
The operation fails.
Administrator response
Specify an identifier that corresponds to an existing object.
CTGKM3041E User object_id has no access to the destroyed object. The destroyed
object has no device group information and only the klmSecurityOfficer role can access it.
Explanation
When a KLM key or certificate is marked as destroyed, its data in the relation table are removed. There
is no device group information. Only the klmSecurityOfficer role can access the object.
System action
The operation fails.
Administrator response
Log in as security officer to view the destroyed objects.
CTGKM3042E
The operation fails because
the key alias is not specified. Specify the alias of the key that encrypts the secret key file, and
retry the operation.
Explanation
To import the
secret key file, specify the alias of the public private key pair so that IBM Security Guardium Key
Lifecycle Manager can get the private key to decrypt the file.
System action
The operation fails.
Administrator response
Specify the keyAlias when you use the Key Import REST Service.
CTGKM3043E Error occurred while loading data from the file
VALUE_0. Make sure that the password is correct
and the file has not been tampered with.
Explanation
This is an error in reading data from a key or
certificate file.
System action
The operation fails.
Administrator response
Ensure that the path and filename are correct, and that the password is correct. Then, try
the operation again.
CTGKM3044E
The file VALUE_0
is reserved for internal IBM Security Guardium Key Lifecycle Manager
keystore. Use another file name.
Explanation
User cannot create
a new keystore that has the same location and file name as the internal IBM Security Guardium Key Lifecycle Manager keystore.
System action
The operation fails.
Administrator response
Use a different file name. Then, try
the operation again.
CTGKM3045E Value for configuration parameter Audit.eventQueue.max is not valid. A valid value is a non-negative integer.
Explanation
Audit.eventQueue.max is a non-negative integer.
System action
The operation fails.
Administrator response
Specify 0 or a positive integer and try
the operation again.
CTGKM3046E Value for configuration parameter Audit.handler.file.size is not valid. A valid value is a non-negative integer.
Explanation
Audit.handler.file.size is a non-negative integer.
System action
The operation fails.
Administrator response
Specify 0 or a positive integer and try
the operation again.
CTGKM3047E Value for configuration parameter Audit.handler.file.threadlifespan is not valid. A valid value is a non-negative integer.
Explanation
Audit.handler.file.threadlifespan is a non-negative integer.
System action
The operation fails.
Administrator response
Specify 0 or a positive integer and try
the operation again.
CTGKM3048E Value for configuration parameter Audit.handler.file.multithreads is not valid. A valid value is true or false.
Explanation
Audit.handler.file.multithreads parameter allows the use of multiple threads while logging
audit events. The valid value is either true or false.
System action
The operation fails.
Administrator response
Specify true or false and try
the operation again.
CTGKM3049E The
tklm.backup.dir configuration parameter cannot be modified directly. To change
to a different directory, specify the new directory when doing the next backup.
Explanation
The current backup
directory cannot be modified. To change to a different directory, specify the new directory when
doing the next backup.
System action
The operation fails.
Administrator response
Do not use the Config Update REST Service to modify the
tklm.backup.dir configuration parameter.
CTGKM3050E Value for configuration parameter cert.valiDATE is not valid. A valid value is true or false.
Explanation
Valid value for cert.valiDATE is true or false.
System action
The operation fails.
Administrator response
Specify true or false as the value.
CTGKM3051E Keystore name cannot be modified by updating configuration parameter config.keystore.name directly. Use a keystore command to update the name.
Explanation
Keystore name cannot be modified by updating config.keystore.name directly. Use a keystore command to update the name.
System action
The operation fails.
Administrator response
Keystore name cannot be modified by updating config.keystore.name directly. Use a keystore command to update the name.
CTGKM3052E Invlalid value for configuration parameter disableDatabaseBackup. A valid value is true or false.
Explanation
Value for configuration parameter disableDatabaseBackup is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false as the input value.
CTGKM3053E Value for configuration parameter fips is not valid. A valid value is on or off.
Explanation
Value for configuration parameter fips is not valid. A valid value is on or off.
System action
The operation fails.
Administrator response
Specify on or off as the input value.
CTGKM3054E Value for configuration parameter requireHardwareProtectionForSymmetricKeys is not valid. A valid value is true or false.
Explanation
Value for configuration parameter requireHardwareProtectionForSymmetricKeys is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false as the input value.
CTGKM3055E Unable to modify the backup
directory. To change to a different directory, specify the new directory when you perform the next
backup.
Explanation
The current backup
directory cannot be modified. To change to a different directory, specify the new directory when you
perform the next backup.
System action
The operation fails.
Administrator response
Do not use the Update Config Property REST Service to modify the
tklm.backup.db2.dir parameter. Specify the new directory in the next backup
run.
CTGKM3056E Value for configuration parameter tklm.encryption.pbe.algorithm is not valid. A valid value is PBEWithMD5AndTripleDES.
Explanation
Value for configuration parameter tklm.encryption.pbe.algorithm is not valid. A valid value is PBEWithMD5AndTripleDES.
System action
The operation fails.
Administrator response
Specify PBEWithMD5AndTripleDES as the input value.
CTGKM3057E Value for configuration parameter TransportListener.ssl.clientauthentication is not valid. A valid value is 0, 1 or 2.
Explanation
Value for configuration parameter TransportListener.ssl.clientauthentication is not valid. A valid value is 0, 1 or 2.
System action
The operation fails.
Administrator response
Specify 0, 1 or 2 as the input value.
CTGKM3058E Value for configuration parameter TransportListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.
Explanation
Value for configuration parameter TransportListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.
System action
The operation fails.
Administrator response
Specify an integer between 1 and 65535 as the input value.
CTGKM3059E
Value for configuration parameter TransportListener.ssl.protocols is not valid. A valid value is TLS, SSL_TLSv2 or TLSv1.2.
Explanation
Value for configuration parameter TransportListener.ssl.protocols is not valid. A valid value is TLS, SSL_TLSv2 or TLSv1.2.
System action
The operation fails.
Administrator response
Specify TLS, SSL_TLSv2, or TLSv1.2 as the input value.
CTGKM3060E Value for configuration parameter TransportListener.ssl.timeout is not valid. A valid value is an integer between 1 and 120.
Explanation
Value for configuration parameter TransportListener.ssl.timeout is not valid. A valid value is an integer between 1 and 120.
System action
The operation fails.
Administrator response
Specify an integer between 1 and 120 as the input value.
CTGKM3061E Value for configuration parameter TransportListener.tcp.port is not valid. A valid value is an integer between 1 and 65535.
Explanation
Value for configuration parameter TransportListener.tcp.port is not valid. A valid value is an integer between 1 and 65535.
System action
The operation fails.
Administrator response
Specify an integer between 1 and 65535 as the input value and ensure that the port is not used by other applications on the system.
CTGKM3062E Value for configuration parameter TransportListener.tcp.timeout is not valid. A valid value is an integer between 1 and 120.
Explanation
Value for configuration parameter TransportListener.tcp.timeout is not valid. A valid value is an integer between 1 and 120.
System action
The operation fails.
Administrator response
Specify an integer between 1 and 120 as the input value.
CTGKM3063E Value for configuration parameter stopRoundRobinKeyGrps is not valid. A valid value is true or false.
Explanation
Value for configuration parameter stopRoundRobinKeyGrps is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false.
CTGKM3064E Value for configuration parameter useSKIDefaultLabels is not valid. A valid value is true or false.
Explanation
Value for configuration parameter useSKIDefaultLabels is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false.
CTGKM3065E Value for configuration parameter zOSCompatibility is not valid. A valid value is true or false.
Explanation
Value for configuration parameter zOSCompatibility is not valid. A valid value is true or false.
System action
The operation fails.
Administrator response
Specify true or false.
CTGKM3066E Value for configuration parameter pcache.refresh.interval is not valid. A valid value is a positive integer.
Explanation
Value for configuration parameter pcache.refresh.interval is not valid. A valid value is a positive integer.
System action
The operation fails.
Administrator response
Specify a positive integer.
CTGKM3067E Failed to create the directory for the log file:
Explanation
Cannot create a new directory as specified.
System action
The operation fails.
Administrator response
Specify a valid directory name and try again.
CTGKM3068E Cannot create the new log file: VALUE_0
Explanation
Cannot create a new log file as specified.
System action
The operation fails.
Administrator response
Specify a valid file name and try again.
CTGKM3069E Not a valid file name. Specify a path and file name that is relative to SKLM_HOME.
Explanation
Not a valid file name. Specify a path and file name that is relative to SKLM_HOME.
System action
The operation fails.
Administrator response
Specify a valid file and path name and try again.
CTGKM3070E
Value for the debug configuration parameter is not valid. Contact IBM Support for valid values.
Explanation
Value for the debug configuration parameter is not valid. Contact IBM Support for valid values.
System action
The operation fails.
Administrator response
Specify a valid value and try again.
CTGKM3071E
Cannot set the certificate alias because the keystore is not defined.
Explanation
There is no certificate alias to be set because the keystore is not defined.
System action
The operation fails.
Administrator response
Add or create a keystore for IBM Security Guardium Key Lifecycle Manager. Specify
the certificate alias that exists in the keystore and try again.
CTGKM3072E The specified certificate has a different usage. Use a different certificate.
Explanation
The specified certificate has a different usage. Use a different certificate.
System action
The operation fails.
Administrator response
Specify a different certificate alias and try again.
CTGKM3073E Cannot find the class in classpath: VALUE_0
Explanation
Cannot find the class in classpath.
System action
The operation fails.
Administrator response
Make sure the class and package name are correct in the configuration file.
CTGKM3074E Not a valid class name. The class object cannot be instantiated: VALUE_0
Explanation
Not a valid class name. The class object cannot be instantiated.
System action
The operation fails.
Administrator response
Make sure the class and package name are correct in the configuration file.
CTGKM3075E Not a valid class name. It must implement SecurityEventHandlerSpi class: VALUE_0
Explanation
Not a valid class name. It must implement SecurityEventHandlerSpi class
System action
The operation fails.
Administrator response
Make sure the class and package name are correct in the configuration file.
CTGKM3076E Unsupported event type: VALUE_0
Explanation
Unsupported event type.
System action
The operation fails.
Administrator response
Make sure the event type specified in the configuration file is correct.
CTGKM3077E Value for configuration parameter VALUE_0 is not valid. Valid values are success, failure, or both that are separated by comma or semicolon.
Explanation
Valid values are success, failure, or both that are separated by a comma or semicolon.
System action
The operation fails.
Administrator response
Make sure the value is success, failure, or both that are separated by a comma or semicolon.
CTGKM3078E Keystore is not defined. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
Explanation
Keystore is not defined. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
System action
The operation fails.
Administrator response
Create the keystore and certificates and then try the operation again.
CTGKM3079E TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
Explanation
TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
System action
The operation fails.
Administrator response
Create the keystore and certificates and then try the operation again.
CTGKM3080E TLSContext is not initialized.
The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
Explanation
TLSContext is not
initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
System action
The operation fails.
Administrator response
Create the keystore and certificates and then try the operation again.
CTGKM3081E Not a supported cipher suite: VALUE_0
Explanation
Not a supported cipher suite.
System action
The operation fails.
Administrator response
Specify a different value and try the operation again.
CTGKM3082E No TLS certificate alias
defined in the configuration file. TrustManager and KeyManager are not initialized. The
TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
Explanation
No TLS certificate
alias defined in the configuration file. TrustManager and KeyManager are not initialized. The
TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.
System action
The operation fails.
Administrator response
Set config.keystore.ssl.certalias in the configuration file and try the operation again.
CTGKM3083E Configuration parameter tklm.encryption.password cannot be updated.
Explanation
Configuration parameter tklm.encryption.password cannot be updated.
System action
The operation fails.
Administrator response
Configuration parameter tklm.encryption.password cannot be updated.
CTGKM3084E Value for configuration parameter numberOfKeys is not valid. A valid value is a positive integer
Explanation
Value for configuration parameter numberOfKeys is not valid. A valid value is a positive integer, such as 12.
System action
The operation fails.
Administrator response
Specify a positive integer.
CTGKM3085E To export the secret key, user must have proper permissions on the certificate and public key that are used to encrypt the secret key file.
Explanation
To export the secret key, user must have proper permissions on the certificate and public key that are used to encrypt the secret key file.
System action
The operation fails.
Administrator response
Give the user the proper permissions on the certificate and try again.
CTGKM3086E To import the secret key, user must have the proper permissions on the private key that is used to decrypt the secret key file.
Explanation
To import the secret key, user must have the proper permissions on the private key that is used to decrypt the secret key file.
System action
The operation fails.
Administrator response
Give the user the proper permissions on the private key and try again.
CTGKM3087E Deletion is not permitted on the object. Check the enableKMIPDelete flag on the object's device group.
Explanation
Deletion is not permitted on the object when the enableKMIPDelete flag is turned off.
System action
The operation fails.
Administrator response
Turn on the enableKMIPDelete flag on the object's device group and try the operation again.
CTGKM3088E
Not a recognized device group internal identifier:
VALUE_0
Explanation
The specifed device
group internal identifier does not match any device group stored in the database.
System action
The operation fails.
Administrator response
Contact IBM Support.
CTGKM3089E Credential is not specified in KMIPUserSession.
Explanation
KMIPUserSession object must provide the user credential for authorization purpose
System action
The authorization of the KMIP user failed.
Administrator response
Check if the KMIP client provides an appropriate credential such as correct client certificate.
CTGKM3090E The KMIP user is not authorized to access the target object.
Explanation
The KMIP user is not authorized to access the target object.
System action
The authorization of the KMIP user failed.
Administrator response
Check if the KMIP client provides appropriate credentials such as the correct client certificate.
CTGKM3091E There is no KMIP policy defined for the operation.
Explanation
There is no KMIP policy defined for the operation.
System action
The authorization of the KMIP user failed.
Administrator response
The requested KMIP operation may not be supported. Contact IBM Support.
CTGKM3092E KLMResource is not properly instantiated.
Explanation
KLMResource is not properly instantiated.
System action
The authorization of the KMIP user failed.
Administrator response
Contact IBM Support.
CTGKM3093E Device group must be specified as a KMIP user credential.
Explanation
Device group must be specified as a KMIP user credential.
System action
The authorization of the KMIP user failed.
Administrator response
Check if the KMIP request message includes device metadata information.
CTGKM3094E Name or ID of a device group must be specified in device metadata as a KMIP user credential.
Explanation
Name or ID of a device group must be specified in device metadata as a KMIP user credential.
System action
The authorization of the KMIP user failed.
Administrator response
Check if the KMIP request message includes a name or ID of a device group as part of device metadata information.
CTGKM3095E KMIP user's device metadata credential does not match device group information in the target resource.
Explanation
KMIP user's device metadata credential does not match device group information in the target resource.
System action
The authorization of the KMIP user failed.
Administrator response
Contact IBM Support for assistance.
CTGKM3096E Credential in KMIP user session is not properly specified.
Explanation
Credential in KMIP user session is not properly specified.
System action
The authorization of the KMIP user failed.
Administrator response
Contact IBM Support for assistance.
CTGKM3097E User has no authority to access the target object. Access requires action permission on device group, klmConfigure or klmSecurityOfficer permission.
Explanation
User has no authority to access the target object. Access requires action permission on device group, klmConfigure or klmSecurityOfficer permission.
System action
Authorization fails.
Administrator response
Check if the user has appropriate permissions.
CTGKM3098E
Certificate expired. Expired certificate cannot be used as default TLS or IKEv2-SCSI certificate.
Explanation
Certificate expired. An expired certificate cannot be used as a default TLS or IKEv2-SCSI certificate.
System action
Update operation fails.
Administrator response
Specify a valid certificate alias and try the operation again.
CTGKM3099E Keystore name VALUE_0 for keystore UUID VALUE_1 is not valid.
Explanation
The specified keystore name is not valid.
System action
The keystore list operation fails.
Administrator response
Specify a different keystore name and try the operation again.
CTGKM3100E Value for configuration parameter lock.timeout is not valid. A valid value is a non negative integer.
Explanation
The specified lock.timeout value is not valid.
System action
The operation to update the lock.tmeout value failed.
Administrator response
Specify a different value and try the operation again.
CTGKM3101E The operation failed as dependent data has been locked. Another user might be accessing the same data. Try the operation again later.
Explanation
The dependant data has been locked and the current thread failed to
acquire the lock on the data within limited time frame. It may be because
another user is accessing the same data.
System action
Try the operation again.
Administrator response
Try the operation again.
CTGKM3102E
VALUE_0 and VALUE_1 cannot use the same port.
Explanation
TCP, KMIP, TLS cannot
use the same port.
System action
The operation fails.
Administrator response
Try the operation again.
CTGKM3103E Value for configuration parameter KMIPListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.
Explanation
Value for configuration parameter KMIPListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.
System action
The operation fails.
Administrator response
Specify an integer between 1 and 65535 as the input value and ensure that the port is not used by other applications on the system.
CTGKM3104E Value for configuration parameter backup.keycert.before.serving is not valid. The value must be either true or false.
Explanation
Value for configuration parameter backup.keycert.before.serving is not valid. The value must be either true or false.
System action
The operation fails.
Administrator response
Specify either true or false as the value.
CTGKM3105E Cannot use the certificate for key export operation. The certificate contains an EC key.
Explanation
The certificate contains an EC public key. The IBM JVM 5.0 does not support key encryption using EC key.
System action
The operation fails. Specify a different certificate and try the operation again.
Administrator response
Specify a different certificate and try the operation again.
CTGKM3107E Value for configuration parameter autoRestartAfterRestore is not valid. The value must be either true or false.
Explanation
Value for configuration parameter autoRestartAfterRestore is not valid. The value must be either true or false.
System action
The operation fails.
Administrator response
Specify either true or false as the value.
CTGKM3109E Key or certificate with alias or key prefix VALUE_0 was not served because it has not been released.
Explanation
Keys or certificates must be released before they can be served. This message
may also occur if the config property release.date is missing or wrongly formatted.
System action
The operation fails.
Administrator response
First, run the command tklmKeyRelease. Then try the operation again.
CTGKM3106E
Key or certificate with alias or key prefix
VALUE_0
was not served because it is not backed up.
Explanation
Keys or certificates must be backed up before they can be served.
System action
The operation fails.
Administrator response
First back up IBM Security Guardium Key Lifecycle Manager. Then, try the operation
again.
CTGKM3110E Value for configuration parameter enableKeyRelease is not valid. The value must be either true or false.
Explanation
Value for configuration parameter enableKeyRelease is not valid. The value must be either true or false.
System action
The operation fails.
Administrator response
Specify either true or false as the value.
CTGKM3111E Value for configuration parameter requireSHA2Signatures is not valid. The value must be either true or false.
Explanation
Value for configuration parameter requireSHA2Signatures is not valid. The value must be either true or false.
System action
The operation fails.
Administrator response
Specify either true or false as the value.
CTGKM3112E
Cannot generate self signed certificate for GPFS Device Family.
Explanation
Self signed certificate creation is not allowed for GPFS type of devices.
System action
The certificate operation fails.
Administrator response
Specify the correct Device Family where the certificate needs to be created.
CTGKM3221E
Join Back to Cluster process has failed.
System action
The operation fails.
Administrator response
Check the log entries to find out the reason for the failure. Make
appropriate changes. Then, try the operation again.
CTGKM3222E
The Db2 admin group name cannot be longer than 8 characters.
System action
Installation cannot
continue until you correct the error.
CTGKM3223E
Initial Backup folder doesn't exist at target Standby Master.
System action
The operation fails.
Administrator response
Provide a correct folder identifier. Then, retry the
operation.
CTGKM3224E
Restoring process of Initial Backup failed at target Standby master.
System action
The operation fails.
Administrator response
Check the log entries to find out the reason for the failure. Make
appropriate changes. Then, try the operation again.
CTGKM3225E
Intial Backup file doesn't exists in initialbackup folder.
System action
The operation fails.
CTGKM3226E Validation failed for field VALUE_0.
System action
The operation fails.
CTGKM3227W Not yet updated.
Explanation
When you log in to the IBM Security Guardium Key Lifecycle Manager
graphical user interface for the first time, the status of the Masters table in the Multi-master
pane is displayed as Not yet updated.
System action
Status of the Masters table is not updated.
Administrator response
In the Masters table, select a Master, and click Refresh
Master. The Masters table refreshes and displays the latest
status.
CTGKM3229E
The
VALUE_0
server failed the following prerequisite checks:
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the multi-master server. Then, try the operation
again.
CTGKM3230E Port VALUE_0 is not a valid one.
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the IBM Security Guardium Key Lifecycle Manager multi-master server. Then, try the operation
again.
CTGKM3231E
Operating system and Db2 levels don't match.
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the multi-master server. Then, try the operation
again.
CTGKM3232E
User doesn't have permission to access the temp directory.
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the multi-master server. Then, try the operation
again.
CTGKM3233E
Incoming instance
VALUE_0
contains master key and hence, can't be added to the cluster.
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the multi-master server. Then, try the operation
again.
CTGKM3234E Credentials of VALUE_0 are not valid.
System action
Prerequisite check failed.
Administrator response
Review the requirements to add a master server to the IBM Security Guardium Key Lifecycle Manager multi-master server. Then, try the operation
again.
CTGKM3235E
Updating MultiMaster Config details failed while removing Standby Master.
System action
Remove standby master server operation fails.
Administrator response
Check the log to
identify the root cause. Correct the problem, and then retry the standby master server removal
operation.
CTGKM3237E
Db2® credential check failed. Check whether Db2 server is running, and mapping of the host name to IP address on both the servers is correct.
System action
The Add master operation fails.
Administrator response
Ensure that the master server that is being added to the cluster has
access to the
database.
CTGKM3238E Exception occurred while updating replication configuration details.
Explanation
During the replication setup, replication configuration fails.
System action
The replication configuration operation fails.
Administrator response
Check the IBM Security Guardium Key Lifecycle Manager log to
identify the root cause. Correct the problem, and then retry the replication configuration
operation.
CTGKM3239E Exception occurred while adding clone.
Explanation
During the replication setup, replication configuration fails.
System action
The replication configuration operation fails.
Administrator response
Check the IBM Security Guardium Key Lifecycle Manager log to
identify the root cause. Correct the problem, and then retry the replication configuration
operation.
CTGKM3241E
The IBM Security Guardium Key Lifecycle Manager version on the server is not the same as the IBM Security Guardium Key Lifecycle Manager version on the Multi-Master cluster.
System action
The Add master operation fails.
Administrator response
Ensure that the
version of the master server to be added is the same as the version of the primary master
server.
CTGKM3242E
The operating system version
or Db2 version of the server are different than
those of the primary master server.
Explanation
As a prerequisite
check, the Add master operation validates whether the server has the same operating system and
Db2 versions as those of the primary master
server.
System action
The Add master operation fails.
Administrator response
Add a server that has the same operating system and Db2 versions as those of the primary master server, and
retry the operation.
CTGKM3243E
The Db2 user (For example, sklmdb41) does not have read-write