Errors reported in IBM Security Guardium Key Lifecycle Manager
IBM Security Guardium Key Lifecycle Manager reports error messages that are returned in the drive sense data. The error messages are typically called fault symptom codes or FSCs and are stored in the IBM Security Guardium Key Lifecycle Manager audit log.
Error Number | Description | Action |
---|---|---|
EE02 | Encryption Read Message Failure, DriverErrorNotifyParameterError, Bad ASC & ASCQ received. ASC & ASCQ does not match with either of Key Creation/Key Translation or Key Acquisition operation. | The tape drive requested an unsupported action. |
EE0F | Encryption logic error, Internal error, Unexpected error, Internal programming error. | |
EE23 | Encryption Read Message Failure: Internal error, Unexpected error. | The message received from the drive or proxy server cannot be parsed because of a general error. |
EE25 | Encryption Configuration Problem, Errors that are related to the drive table occurred. | Verify the contents of the IBM Security Guardium Key Lifecycle Manager drive table by using the key management panels on the IBM Security Guardium Key Lifecycle Manager graphical user interface, or by running the Device List REST Service to verify whether the drive is correctly configured. For example, verify that the drive serial number, alias, and certificates are correct. |
EE29 | Encryption Read Message Failure: Invalid signature | The message received from the drive or proxy server does not match the signature on it. |
EE2B | Encryption Read Message Failure, Internal error, Either no signature in DSK or the signature in DSK cannot be verified. | |
EE2C | Encryption Read Message Failure, QueryDSKParameterError, Error parsing a QueryDSKMessage from a device. Unexpected dsk count or unexpected payload. | The tape drive requested an unsupported function. |
EE2D | Encryption Read Message Failure, Invalid Message Type | The Guardium Key Lifecycle Manager server received a message out of sequence or received a message that it does not know how to handle. |
EE2E | Encryption Read Message Failure, Internal error, Invalid signature type | The message received from the drive or proxy server does not have a valid signature type. |
EE31 | Encryption Configuration Problem, Errors that are related to the keystore occurred. | Check the key labels that you are trying to use or that are configured for the defaults. You
can list the certificates that are available to IBM Security Guardium Key Lifecycle Manager by using the List Key REST
Service. If you know that you are trying to use the defaults, then run the Device
List REST Service on the Guardium Key Lifecycle Manager server to
verify whether the drive is correctly configured (for example, the drive serial number, and
associated aliases/key labels are correct). If the drive without associated aliases
or key labels, check the values of the Note: For DS5000 storage servers,
IBM Security Guardium Key Lifecycle Manager erroneously returns an error code of
EE31 when a key group runs out of keys and the
stopRoundRobinKeyGrps property is enabled. The error can also occur for an
LTO device group.
The event is not a keystore error. To correct the problem, add more keys to the key group that is documented in the audit event. |
EE32 | IBM Security Guardium Key Lifecycle Manager was unable to locate the key that is requested on a key for a read request by an LTO device. | Use the LTO management panel or List Key REST Service to verify the existence of the requested key. |
EE34 | The key group that is configured as the system
default or is assigned as a device default is run out of keys. This
error can also occur if:
|
IBM Security Guardium Key Lifecycle Manager is configured to not reuse keys in key groups and one of the key groups is run out of keys. Use the LTO management panel to add more keys to this group. |
EE35 | This error can occur if you do not make a backup after keys or certificates are created. See the reference topic on the backup.keycert.before.serving property. | Back up newly created keys or certificates. |
EEE1 | Encryption logic error, Internal error, Unexpected error: EK/EEDK flags conflict with subpage. | |
EF01 | Encryption Configuration Problem, Drive not configured. | The drive that is trying to communicate with the Guardium Key Lifecycle Manager server is not present in the drive table. Run the Device List REST Service to check whether the drive is in the list. If not, configure the drive manually by using the Device Add REST Service with the correct drive information or set the device.AutoPendingAutoDiscovery attribute to an appropriate value by using the Device Group Attribute Update REST Service. |