Error and warning messages

These are the IBM® Security Guardium® Key Lifecycle Manager error and warning messages.

File Deleted Antigen for Exchange removed getadmingroupname.vbs since it was found to match the FILE FILTER= unnamed: *.vbs file filter.

Explanation

The problem is typically caused on Windows systems by antivirus installation software.

System action

Installation fails.

Administrator response

Take these steps:
  1. Obtain and reinstall the getadmingroupname.vbs file.
  2. Change the antivirus file filter to avoid removing this file.
  3. Install IBM Security Guardium Key Lifecycle Manager again.

CTGKM0519E Operation fails because the key alias VALUE_0 already exists. Specify valid alias, and retry the operation.

Explanation

Operation fails because the specified key alias already exists.

System action

The certificate operation fails.

Administrator response

Specify valid alias, and retry the operation.

CTGKM2101E Location specified in replication.BackupDestDir is not a valid directory.

Explanation

replication.BackupDestDir must specify a valid directory.

System action

The operation fails.

Administrator response

Correct setting of replication.BackupDestDir to a valid directory.

CTGKM2102E No valid replication config file exists. It will be created.

Explanation

No valid replication config file exists. It will be created.

System action

The operation fails.

Administrator response

No action required.

CTGKM1015E Key server is down.

Explanation

The key server is an internal component that the Guardium Key Lifecycle Manager server contains. There might be a protocol or a certificate error or the database might not be started when the Guardium Key Lifecycle Manager server comes up.

System action

Keys are not served.

Administrator response

You might need to correct a protocol or certificate specification or start the database. Examine the audit log for error messages. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.

CTGKM1016E TCP port not available.

Explanation

The TCP port did not initialize. Guardium Key Lifecycle Manager is not ready to accept key requests on the TCP port. It might be that another process has the port or that the socket timed out.

System action

The TCP port fails to initialize and TCP communication fails.

Administrator response

Ensure that no other program is using the TCP port. If the other process must have the port, specify a new TCP port number. Then restart the Guardium Key Lifecycle Manager server. If the problem continues, examine the audit log. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.

CTGKM1017E TLS failed to initialize.

Explanation

The TLS port did not initialize. Guardium Key Lifecycle Manager is not ready to accept key requests from a client on the TLS port. It might be that another process has the port or that the socket timed out.

System action

The TLS port fails to initialize and TLS communication fails.

Administrator response

Ensure that no other program is using the TLS port. If the other process must have the port, specify a new TLS port number. Then restart the Guardium Key Lifecycle Manager server. If the problem continues, examine the audit log. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.

CTGKM1018E KMIP failed to initialize.

Explanation

An internal error occurred. IBM Security Guardium Key Lifecycle Manager could not complete initialization for KMIP. It might be that another process has the port or that the socket timed out.

System action

The KMIP TLS port fails to initialize and IBM Security Guardium Key Lifecycle Manager cannot accept KMIP requests from a client.

Administrator response

Ensure that no other program is using the KMIP TLS port. If the other process must have the port, specify a new KMIP TLS port number. Then restart the Guardium Key Lifecycle Manager server. If the problem continues, examine the audit log. After making corrections, restart the Guardium Key Lifecycle Manager server. You might need to contact IBM Support.

CTGKM1020E Each port value must be unique. Two or more of the port values configured have the same value.

Explanation

TCP, TLS, and KMIP TLS cannot use the same port.

System action

The TCP, TLS, or KMIP TLS port values will not be saved until the values are updated to be unique values.

Administrator response

Set the TCP, TLS, and KMIP TLS ports to unique values.

CTGKM1050E An entry in a required field is missing, or an entry is not valid. The field is highlighted below.

Explanation

You attempted to change to another page or to submit changes when either a required field is not complete or you entered a value that is not valid.

System action

Additional page help appears by the field that has the error.

Administrator response

Correct the entry. Then submit the change again.

CTGKM1051E Because this certificate is currently the ${0} certificate and is in use, it cannot be deleted. If you still wish to delete this certificate, you must change the ${0} certificate.

Explanation

You cannot delete a certificate that is currently specified as the default or the system partner certificate, or a certificate that is currently assigned as the in-use TLS/KMIP server certificate.

System action

The operation fails.

Administrator response

Specify another certificate as the current default or system partner certificate, or the in-use TLS/KMIP server certificate. Then try to delete this certificate again.

CTGKM1052W Certificate will be deleted only if it is not currently used by any device. Any ${0} written previously using this certificate will be non-readable if the certificate is deleted. Are you sure you would like to try to delete ${1}?

Explanation

You cannot delete a certificate that is currently used by a device. Delete certificates only when the data protected by those certificates is no longer needed.

System action

If you proceed, the certificate is deleted. Deleting a certificate marks the certificate as destroyed in the database and deletes the material from the keystore.

Administrator response

Continue to delete the certificate, assuming it is not in use by a device.

CTGKM1053W Are you sure you would like to delete the device with device serial number ${0}?

Explanation

This message confirms that you want to delete the selected device.

System action

Confirming the message deletes the device.

Administrator response

Ensure that the serial number correctly identifies the device that you intend to delete. Then click OK to delete the device.

CTGKM1054E Because this key group is currently the ${0} key group and is in use, it cannot be deleted. If you still wish to delete this key group, you must change the ${0} key group.

Explanation

IBM Security Guardium Key Lifecycle Manager could not delete a key group that is a default.

System action

The key group is retained in the IBM Security Guardium Key Lifecycle Manager database.

Administrator response

Ensure that the key group is not the default or reassign another key group to be the system default. Then try the operation again.

CTGKM1055W Deleting a key group deletes all the keys within a key group. Any data protected by these keys will be non-readable if the keys are deleted. Are you sure you would like to delete ${0}?

Explanation

Deleting a key group marks the key group and all keys in the group as destroyed in the database and deletes the material from the keystore.

System action

If you proceed, the key group and all keys in the key group are deleted.

Administrator response

Ensure that data protected by the keys in the key group is no longer needed. Then continue the delete operation.

CTGKM1056W Directory ${0} does not exist. Do you want to create it?

Explanation

The selected directory path that is specified to store the keystore does not currently exist.

System action

If you continue, the directory is created.

Administrator response

Confirm that you want to create the directory to store the keystore.

CTGKM1057W Deleting a key will render any data protected by the key non-readable. Are you sure you would like to delete the following key: ${0}?

Explanation

Deleting a key marks the key as destroyed in the database and deletes the material from the keystore. Data protected by the key is no longer readable.

System action

If you proceed, the key is deleted.

Administrator response

Ensure that data protected by the key is no longer needed. Then continue the delete operation.

CTGKM1058W Delete ${0}. Warning: Critical data will be deleted. Do you want to continue?

Explanation

You are about to delete a backup file. This message asks you to confirm the deletion.

System action

If you continue, the backup file is deleted.

Administrator response

Ensure that the data protected by this backup level is no longer needed, or is replicated in another level. Then continue the delete operation.

CTGKM1059E Path entered is not valid.

Explanation

The path that you entered is not a valid path.

System action

The path does not exist.

Administrator response

Specify a correct, existing path. Then try again.

CTGKM1060W Warning: If you delete ${0}, the level of this backup cannot be restored. Do you want to continue?

Explanation

Deleting a backup file means you cannot restore the level again.

System action

If you proceed, the backup file is deleted.

Administrator response

Ensure that data protected by this backup level is no longer needed, or is replicated in another level. Then continue the delete operation.

CTGKM1061W Creating backup to ${0}. Do you want to continue?

Explanation

This operation writes a backup file to the specified location.

System action

The operation writes a backup file to the location in this message.

Administrator response

Confirm that you want the backup file written to the specified location. Then continue.

CTGKM1062W The system will be restored from ${0}. The key and configuration data will be restored to the level of the backup that you select. Any changes made after the selected backup will be lost, including the metadata. After restoring from this backup, the server will be restarted automatically. The server will not be available during the restart process. After the server is restarted, you must restart the browser session (Log in again to use the product user interface). Do you want to continue?

Explanation

The key and configuration data are restored to the level of the backup that you select. Any changes made after the selected backup are lost, including the metadata.

System action

The key and configuration data are restored to the level of the backup you select. Later changes are lost.

Administrator response

Confirm that you want to restore from this backup level. When the operation completes, manually restart the Guardium Key Lifecycle Manager server.

CTGKM1063E A default key group needs to include at least one key.

Explanation

There are no keys in the default key group. Values in fields on this page might specify no keys, fail to add needed keys, or delete existing keys to zero.

System action

The operation fails.

Administrator response

Ensure that the key group has at least one valid key. Then try again to specify the key group as the default.

CTGKM1064E You cannot delete this certificate, which is currently used by ${0} tape drives as either a system default, or as a partner certificate. First, use the appropriate ${0} management panel to specify a different certificate as the system default or partner certificate. Then, delete the certificate.

Explanation

You cannot delete a certificate that is in use as the system default or partner certificate.

System action

The operation fails.

Administrator response

First, use the appropriate ${0} management panel to specify a different certificate as the system default or partner certificate. Then, delete the certificate.

CTGKM1065W The number of keys returned exceeds the limit of ${0} records, which are displayed. You might need to specify a different filter for your search. Then try again.

Explanation

The search returned more keys than the limit allows.

System action

The search fails.

Administrator response

You might need to specify a different filter for your search. Then try again.

CTGKM1066W Critical data is added. Create a backup to ensure that you can restore this data later.

Explanation

Critical data is added such as certificates or keys.

System action

Data is added.

Administrator response

To ensure that you can restore critical data in case of loss, create a backup file.

CTGKM1067W Are you sure you would like to delete ${0}? ${0} will no longer become a default in the future.

Explanation

This operation deletes assignment of the certificate or key group as a future default rollover.

System action

The system deletes the assignment as a rollover for the certificate or key group. The action does not delete the certificate or key group.

Administrator response

Determine that there is no requirement to use the certificate or key group as a future default. Then continue.

CTGKM1068E You need to select at least one type of default.

Explanation

You attempted to specify a certificate for future use as a rollover without also specifying that the certificate will be the default or partner certificate, or both, on an effective date.

System action

The operation pauses until you specify that the selected certificate is a default or partner certificate, or both, on the effective date.

Administrator response

Specify use as either the default or partner certificate, or both, for the certificate. Then continue.

CTGKM1069E Select a certificate from the list.

Explanation

To continue, the operation requires that you select a certificate.

System action

The operation pauses until you specify a certificate.

Administrator response

Select a valid certificate. Then continue.

CTGKM1070E There is no certificate defined. Close this panel and add a certificate.

Explanation

A required certificate is not in place.

System action

The operation fails.

Administrator response

Add the necessary certificate. Then try again.

CTGKM1071E IBM Security Guardium Key Lifecycle Manager application does not appear to be in a running state. The Guardium Key Lifecycle Manager server may be down at the moment or is still starting. Make sure that the Guardium Key Lifecycle Manager server is up and try your request again.

Explanation

The Guardium Key Lifecycle Manager server might be down at the moment or is still starting.

System action

The operation fails.

Administrator response

Ensure that the Guardium Key Lifecycle Manager server is running. Then try your request again.

CTGKM1075E Insufficient permission to see the information provided on this page.

Explanation

Your role does not have the necessary permission to view the data.

System action

The page does not display the information.

Administrator response

Obtain a user ID with the required permission. Then try again.

CTGKM1076W The current TLS/KMIP server certificate has been updated. Restart the server to put this change into effect. Then create a backup to ensure that you can restore this data.

Explanation

An update occurred to the current TLS/KMIP server certificate.

System action

The certificate update completes.

Administrator response

Restart the server to put this change into effect. Then create a backup to ensure that you can restore this data.

CTGKM1077W The current TLS server certificate has been updated. In order for this change to go into effect you must restart the server.

Explanation

An update occurred to the current TLS server certificate.

System action

The certificate update completes.

Administrator response

Restart the server to put this change into effect. Then create a backup to ensure that you can restore this data.

CTGKM1078W Are you sure you would like to delete certificate ${0}?

Explanation

Deleting a certificate marks the certificate as destroyed in the database and deletes the material from the keystore. Delete certificates only when the data protected by those certificates is no longer needed. Deleting certificates is similar to erasing the data. After certificates are deleted, data protected by those certificates is not retrievable.

System action

If you continue, the certificate is deleted.

Administrator response

Ensure that the certificate and the data that it protects are not needed. Then continue.

CTGKM1080E Insufficient permission to perform this action.

Explanation

Your role lacks one or more permissions required to take the action.

System action

The action fails.

Administrator response

Obtain a user ID with the required permissions. Then try again.

CTGKM1081W Are you sure that you want to delete device group ${0}?

Explanation

You might delete an empty device group such as myLTO. You cannot delete a device group if any devices, keys or certificates are in that group. You also cannot delete a device family that IBM Security Guardium Key Lifecycle Manager provides.

System action

If you continue, the device group is deleted.

Administrator response

Determine whether the empty device group is a valid candidate to delete. Then continue.

CTGKM1082E Select a certificate from the list.

Explanation

The operation requires that you specify a certificate.

System action

The operation waits for your selection.

Administrator response

Select a certificate. Then continue.

CTGKM1087W Are you sure you would like to reject device ${0}?

Explanation

The device is in a pending device list. You must accept or reject the device request to be served keys. You can only reject devices for device groups that you have permissions to create. By repeating a request, the device might appear again in the pending list.

System action

Rejection removes the device from the pending list.

Administrator response

Ensure that you do not want keys served to the device. Then reject the request.

CTGKM1088W Creating more than 1000 keys may take a few minutes. Do you want to continue?

Explanation

Creating a large number of keys requires a significant time interval.

System action

If you continue, IBM Security Guardium Key Lifecycle Manager creates the keys.

Administrator response

Ensure that you have time for this operation to complete. Then continue.

CTGKM1089E Insufficient permission to accept this device.

Explanation

You can only accept devices for device groups that you have permissions to create.

System action

The operation fails. Acceptance enables serving keys to the device and removes the device from the pending list.

Administrator response

Obtain a user ID that enables you to accept devices from the pending list. Then try again.

CTGKM1091E Unknown device family id: ${0}

Explanation

The device family for the operation is unknown.

System action

The operation fails.

Administrator response

Collect any information that might be in the audit log. You might need to contact IBM Software Support.

CTGKM1092W Keystore file ${0} already exists. Would you like to use this existing keystore?

Explanation

The keystore name that you specified matches the name of an existing keystore.

System action

If you continue, the operation uses the existing keystore.

Administrator response

Determine whether the existing keystore is appropriate to use. Then continue.

CTGKM1093W No machines were found for the ${0} device family.

Explanation

Adding machines requires that you first specify whether device requests are automatically approved or held pending your approval.

System action

The operation cannot be done at this time.

Administrator response

To add machines, use the ${0} management panel to specify one of these choices:
  • Automatically accept all new device requests for communication.
  • Hold new device requests pending approval.

CTGKM1094W Do not use the setting of Automatically accept for the ${0} device family. This setting allows generation and serving of keys to ${0} storage servers before you can perform a backup.

Explanation

This setting is not appropriate for devices in this device family.

System action

The operation fails.

Administrator response

Select to manually add devices for communication, or to hold new device requests pending your approval. Then continue.

CTGKM1095W Changing the device group of a certificate from an ${0} causes the certificate to be unavailable to devices in other device groups that previously referenced the certificate. Are you sure you want to continue?

Explanation

This message occurs if you attempt to change (or update) an UNKNOWN certificate.

System action

If you continue, the assignment for this certificate is changed. This certificate will only be able to be used by devices in the selected device group or later modified to a different device group within the same device family.

Administrator response

If you are sure the certificate belongs to this device family, select OK to continue with the device group assignment.

CTGKN1003E File name entered for the certificate to be imported is not valid. Double-click on the ${0} column of the selected certificate entry to enter a valid path and file name.

Explanation

The file name that you entered is not a valid file name.

System action

The file name does not exist in the specified path.

Administrator response

Specify a correct, existing path and file name. Then try again.

CTGKN1005W This panel cannot be accessed before a master keystore has been created. Click on the master keystore link to create it now.

Explanation

First, you must create a master keystore.

System action

The content of the page is not displayed until a keystore is created.

Administrator response

Create the master keystore. Then try again.

CTGKN1006I Key name specified is not a known key.

Explanation

The key that you specified is unknown.

System action

The operation fails.

Administrator response

Obtain a valid key name. Then try again.

CTGKN1007E Insufficient permission to import the certificate.

Explanation

Your role must have the permissions to the create action and to the appropriate device group. Or, your role must have the permission to the configure action to import a TLS or KMIP, certificate.

System action

The import operation fails.

Administrator response

Obtain a user ID with the required permissions. Then try again.

CTGKN1008E Insufficient permission to add additional keys to the key group.

Explanation

Your role must have permissions to the modify action and to the appropriate device group.

System action

The operation fails.

Administrator response

Obtain a user ID with the permissions required to add keys to a key group. Then try again.

CTGKN1011W You cannot go to the Key and Device Management panel because the certificate belongs to an ${0} device group.

Explanation

Because the certificate belongs to an UNKNOWN or CONFLICTED device group, the system cannot display a specific key and device management panel for a device group.

System action

The system issues this warning.

Administrator response

Click on the Key and Device Management navigation link and select the panel for the device group that you want to use this certificate.

CTGKN1012W Are you sure you would like to reject the certificate with a subject distinguished name of ${0} and issuer distinguished name of ${1}?

Explanation

The message confirms that you want to reject the selected client device communication certificate that was pushed to the Guardium Key Lifecycle Manager server from a device.

System action

Confirming the message will remove the certificate from IBM Security Guardium Key Lifecycle Manager. The certificate will not be able to be used for secure communications between the device and the server. The certificate will not be added to the keystore.

Administrator response

Ensure that the subject distinguished name and issuer distinguished name correctly identify the client device communication certificate that you intend to reject. Then click OK to remove the certificate. For more information to identify the certificate before rejection, click Cancel and then select View for the certificate.

CTGKN1014E The selected certificate has expired and therefore cannot be accepted. Select Reject to remove it from the table.

Explanation

A client device communication certificate that was pushed to the Guardium Key Lifecycle Manager server from a device has expired before being accepted. Expired certificates cannot be accepted.

System action

The certificate is not added to the IBM Security Guardium Key Lifecycle Manager keystore.

Administrator response

Select Reject to remove the certificate from the list of pending client device communication certificates.

CTGKM0002E Operation fails because VALUE_0 is an invalid parameter. Specify a valid parameter, and retry the operation.

Explanation

The parameters specified with the operation are incorrect.

System action

The operation fails.

Administrator response

Examine the error message to identify the specification or parameter that caused the error, and retry the operation.

CTGKM0003E Operation failed because of an internal error. Refer to the logs for more information. Correct the problem and restart the server.

Explanation

Unhandled exception.

System action

The operation fails.

Administrator response

Examine the exception message and debug logs. Then, retry the operation.

CTGKM0082E TLS connection cannot be established because the server certificate with alias VALUE_0 has expired or is invalid. Configure a server certificate and retry the operation.

Explanation

The server certificate that is specified in the SKLMConfig.properties file has expired.

System action

TLS handshake fails and TLS connection cannot be established.

Administrator response

Configure a valid TLS server certificate in the database. Restart the server. Check logs for more information.

CTGKM0082E TLS connection cannot be established because the server certificate with alias VALUE_0 has expired or is invalid. Configure a server certificate and retry the operation.

Explanation

The server certificate that is specified in the SKLMConfig.properties file has expired.

System action

TLS handshake fails and TLS connection cannot be established.

Administrator response

Configure a valid TLS server certificate in the database. Restart the server. Check logs for more information.

CTGKM0100E Cannot obtain audit and key serving parameters information.

Explanation

An internal component of the IBM Security Guardium Key Lifecycle Manager server is not running, such as the key server.

System action

The internal component fails to obtain audit and debug information.

Administrator response

Contact IBM Support.

CTGKM0101E Cannot update audit information.

Explanation

A change was not written to the SKLMConfig.properties file.

System action

A property value is not updated.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. Then, try the operation again. If the problem persists, contact IBM Support.

CTGKM0102E Cannot update key serving parameter or port information.

Explanation

A change was not written to the SKLMConfig.properties file.

System action

A property value is not updated.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. Then, try the operation again. If the problem persists, contact IBM Support.

CTGKM0103E Cannot retrieve keystore information.

Explanation

The keystore information was not available from the database.

System action

The database is not available.

Administrator response

Ensure that the database is available. Correct any database server runtime errors that you identify. Then, try the operation again.

CTGKM0104E Cannot add keystore.

Explanation

The keystore information might not be available from the database. Alternatively, the directory for the keystore file cannot be found. You might not have access to the directory. There might be more information in the message that describes the problem.

System action

The keystore is not added.

Administrator response

Ensure that the database is available. Additionally, determine that the directory exists for the keystore file. Additional information in the message might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0110E Retrieval of TLS/KMIP certificates failed:

Explanation

The attempt to obtain a list of TLS/KMIP certificates was not successful. The database might not be available, or a connection to the IBM Security Guardium Key Lifecycle Manager server might not be available.

System action

A list of certificates is not retrieved.

Administrator response

Ensure that connections to the database and IBM Security Guardium Key Lifecycle Manager server are available. If a connection problem exists, make the appropriate corrections. Then, try the operation again.

CTGKM0111E Retrieval of IKEv2-SCSI certificates failed:

Explanation

The attempt to obtain a list of IKEv2-SCSI certificates was not successful. IBM Security Guardium Key Lifecycle Manager database might not be available, or a connection to the IBM Security Guardium Key Lifecycle Manager server might not be available.

System action

A list of certificates is not retrieved.

Administrator response

Ensure that connections to IBM Security Guardium Key Lifecycle Manager database and IBM Security Guardium Key Lifecycle Manager server are available. If a connection problem exists, make the appropriate corrections. Then, try the operation again.

CTGKM0112E TLS/KMIP certificate submit failed:

Explanation

You might not have permission to write to the certificate request file. Alternatively, there might not be sufficient free disk space, or the database might not be available.

System action

The certificate request is not created.

Administrator response

Ensure that your permissions are correct, that there is sufficient free disk space, and that the database connection is available. If not, make the appropriate corrections. Then, try the operation again.

CTGKM0113E IKEv2-SCSI certificate submit failed:

Explanation

You might not have permission to write to the certificate request file. Alternatively, there might not be sufficient free disk space, or the database might not be available.

System action

The certificate request is not created.

Administrator response

Ensure that your permissions are correct, that there is sufficient free disk space, and that the database connection is available. If not, make the appropriate corrections. Then, try the operation again.

CTGKM0114E Certificate label and description (common name) are required fields.

Explanation

An empty or null value was found for a certificate name, or the description (common name) for the certificate might be missing in the certificate request.

System action

The operation fails.

Administrator response

Specify a unique value for the certificate name and specify a common name for the certificate. Then, try the operation again.

CTGKM0115E Certificate was not selected.

Explanation

A certificate was not selected from the list of valid, active certificates for communication with the server.

System action

The operation fails.

Administrator response

Select a valid certificate, Then, try the operation again.

CTGKM0116E Selected certificate does not match any active certificates in the keystore.

Explanation

An exception occurred in internal processes.

System action

The selected certificate does not match any of the list of certificates in the keystore. The certificate might have been manually deleted from the keystore, but not from metadata in the database.

Administrator response

Select a different certificate. Then, try the operation again. You might need to ensure that your database metadata is a match to the contents of the keystore.

CTGKM0117E Cannot create directory DIRECTORY_NAME .

Explanation

You might not have the correct access to create the directory, or the specified path might have an error. The directory might already exist. There might be additional information.

System action

The create directory operation fails.

Administrator response

Ensure that your access allows you to create a directory and that the specified path is valid. Additional information might also guide your response. Make appropriate changes. Then try the operation again.

CTGKM0118E Directory with the name you specified already exists.

Explanation

The specified directory name already exists in the file system.

System action

The create directory operation fails.

Administrator response

Ensure that the specified directory does not already exist in the file system.

CTGKM0119E Cryptographic object not found: VALUE_0

Explanation

The cryptographic object for given unique identifier or name does not found.

System action

The PUSH operation fails.

Administrator response

Ensure that you have provided correct unique identifier or name for the cryptographic object to be pushed to client.

CTGKM0120E Either cryptographic object's unique identifier(uuid) or name is required. Please provide one.

Explanation

Either cryptographic object's unique identifier(uuid) or name is required. Please provide one.

System action

The PUSH operation fails.

Administrator response

Ensure that either cryptographic object's unique identifier(uuid) or name is provided for PUSH operation.

CTGKM0200E Cannot add device.

Explanation

The device might already exist, or the database might not be available. There might be additional information.

System action

The device add operation fails.

Administrator response

Determine whether you correctly specified the device. Alternatively, you might need to confirm that the database is available. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0201E Cannot modify device.

Explanation

The device might already exist, or the database might not be available. There might be additional information.

System action

The device modify operation fails.

Administrator response

Determine whether you correctly specified the device. Alternatively, you might need to confirm that the database is available. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0202E Cannot delete device.

Explanation

The device might not exist, or the database might not be available. There might be additional information.

System action

The device delete operation fails.

Administrator response

Determine whether you correctly specified the device. Alternatively, you might need to confirm that the database is available. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0205E Cannot retrieve template defaults.

Explanation

Internally-processed template default information was not available from the database.

System action

The operation fails.

Administrator response

Determine whether the database is available. Correct any database server runtime errors that you identify. Then, try the operation again. You might need to contact IBM Support.

CTGKM0206E Cannot retrieve certificates.

Explanation

A list of certificates was not available. The IBM Security Guardium Key Lifecycle Manager database might not be available. There might be additional information.

System action

Certificate retrieval fails.

Administrator response

Confirm that the database is available. You might need to restart the IBM Security Guardium Key Lifecycle Manager server. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0207E Certificate creation fails due to incorrect certificate information or a problem with the keystore. Refer to the logs for more information. Correct the errors and retry the operation.

Explanation

The certificate is not created in the keystore because of incorrect certificate information or a problem with the keystore. The error message might include additional information to help you identify the problem.

System action

The certificate create operation fails.

Administrator response

Ensure that the required certificate information is correct. Additional information in the error message might also guide your response. Correct the errors and retry the operation.

CTGKM0208E Cannot modify certificate.

Explanation

IBM Security Guardium Key Lifecycle Manager could not modify information for the specified certificate. If you specify that the certificate is a system default or partner certificate, the properties file might not be available. If you modify the Trust setting for a certificate, refer to additional information in this message.

System action

The certificate modify operation fails.

Administrator response

Ensure that the properties file is available, and that you have write access. Additional information in this message might guide your response. Correct errors. Then, try the operation again.

CTGKM0209E Cannot delete certificate.

Explanation

IBM Security Guardium Key Lifecycle Manager could not delete a certificate that is a system default or partner, or associated with a device. This message might have additional information.

System action

The certificate delete operation fails.

Administrator response

Ensure that the certificate is not a system default or partner certificate, and that the certificate has no associated devices. Additional information in this message might also guide your response. Then, try the operation again. If the delete operation is successful, ensure that you back up the keystore again to retain its current state.

CTGKM0210E Cannot update setting to accept requests from all drives.

Explanation

An attempt was made to change the drive.acceptUnknownDrives property in the SKLMConfig.properties file. The file might be write protected. Alternatively, an internal component such as the key server component returned an error or was not available. This message might provide additional information.

System action

The operation fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. Additional information in this message might guide your response.

CTGKM0211E Cannot retrieve IBM Security Guardium Key Lifecycle Manager status.

Explanation

An internal component such as the key server component returned an error or was not available. The SKLMConfig.properties file might be write protected. This message might provide additional information.

System action

Server status retrieval fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. You might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. Additional information in this message might guide your response.

CTGKM0214E Cannot retrieve key groups.

Explanation

IBM Security Guardium Key Lifecycle Manager database might not be available. Alternatively, an internal component such as the key server component returned an error or was not available. This message might provide additional information.

System action

The operation fails.

Administrator response

Confirm that the database is available. You might need to restart the IBM Security Guardium Key Lifecycle Manager server. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0215E Cannot create key group.

Explanation

You might have specified a value that is not valid for a key group. Alternatively, IBM Security Guardium Key Lifecycle Manager database might not be available or an internal component such as the key server component returned an error or was not available.

System action

The operation fails.

Administrator response

Ensure that your values for a key group are valid. Ensure that the database is available. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.

CTGKM0216E Cannot modify this key group.

Explanation

An attempt failed to modify this key group. There might be more information in the message that describes the problem.

System action

The modification requested for this key group does not occur. No keys are added to or deleted from the key group.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0217E Cannot delete key group that is a system default, or that is associated with a device or pending device.

Explanation

IBM Security Guardium Key Lifecycle Manager could not delete a key group that is a system default, or that is associated with a device. There might be additional information in this message.

System action

The key group is retained in the IBM Security Guardium Key Lifecycle Manager database.

Administrator response

Ensure that the key group is not the system default, and that the key group also has no associated devices. Additional information in this message might also guide your response. Then, try the operation again.

CTGKM0218E Cannot create the following keys in this key group.

Explanation

An attempt failed to create keys for this key group. There might be more information in the message that describes the problem.

System action

The keys are not created, or are not added as members of the key group.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0219E Because this certificate is currently expired and the validate certificates check is enabled, cannot make this certificate the System Default or System Partner.

Explanation

The certificate has expired and is no longer available for use.

System action

The operation fails.

Administrator response

Select another certificate. This certificate has expired.

CTGKM0220E Cannot retrieve available keys.

Explanation

An attempt failed to retrieve all available symmetric keys. There might be more information in the message that describes the problem.

System action

The keys are not found.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0221E Cannot retrieve keys from key group.

Explanation

An attempt failed to retrieve keys from a key group. There might be more information in the message that describes the problem.

System action

The keys are not found.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0222E Device serial number is not valid VALUE_0 , must be 12 characters for 3592 and DS8000 device families or 1-48 characters long for DS5000 device family, contain valid characters, and cannot have leading or trailing whitespace.

Explanation

The device serial number for a device be exactly 12 characters for 3592 and DS8000 device families or 1-48 characters for DS5000 family and follow a specific format.

System action

The operation fails.

Administrator response

Ensure that your specification is 12 valid characters in length and contains alphanumeric, period, dash, semicolon, and underscore characters, or a space that is not in the first or last position. Additional information in this message might also guide your response. Correct the problem and try the operation again.

CTGKM0223E Device already exists with device serial number VALUE_0 , Device group VALUE_1 VALUE_2 , World Wide Name

Explanation

You specified values for a device that already exists in the database.

System action

The device create operation fails.

Administrator response

Specify values for a device that does not currently exist in the database. Then, try the operation again.

CTGKM0224E World wide name is not valid VALUE_0

Explanation

IBM Security Guardium Key Lifecycle Manager requires that a worldwide name be 8 characters or less in length.

System action

The operation fails.

Administrator response

Specify a worldwide name that meets the length requirement of 8 characters or less. Then, try the operation again.

CTGKM0225E Cannot add device with device serial number VALUE_0 VALUE_1 VALUE_2 because the specified key VALUE_1 does not exist in keystore VALUE_2.

Explanation

You attempted to create a device and associate it with a key that was not found in the IBM Security Guardium Key Lifecycle Manager keystore.

System action

The device add operation fails.

Administrator response

Specify an alternate key. Then, try the operation again.

CTGKM0226E The certificate is not active and cannot be the System Default or System partner certificate.

Explanation

The validate certificates check is enabled. The process determined that this certificate is not active and cannot be the System Default or System Partner.

System action

The operation fails.

Administrator response

Select a certificate that is in active state and try the operation again.

CTGKM0227E Cannot retrieve available key groups.

Explanation

The key groups information was not available from the database.

System action

The key groups are not retrieved.

Administrator response

Ensure that the database is available. Then, try the operation again.

CTGKM0228E Cannot retrieve key information.

Explanation

An attempt failed to retrieve key information. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0229E Cannot retrieve keys.

Explanation

An error occurred while retrieving a list of keys. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0230E Cannot create keys.

Explanation

An attempt to create a key or keys did not complete. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0231E Cannot modify key membership.

Explanation

An attempt to modify key membership did not complete. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0232E Cannot delete key.

Explanation

The key that you intend to delete, might not be found, or there might be a database error. There might be more information in the message that describes the problem.

System action

The key is not deleted.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0233E Cannot list backup files.

Explanation

Cannot retrieve the data for the backup files.

System action

The list backup files operation fails.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0234E Cannot locate default backup directory.

Explanation

Cannot read the property value for the backup directory.

System action

Failed to read backup directory.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0235E Cannot obtain the progress of the running process.

Explanation

Cannot obtain the progress of the running backup or restore process.

System action

Failed to get the progress of the running process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0236E Cannot obtain the progress state of the running process.

Explanation

Cannot obtain the progress state of the running backup or restore process.

System action

Failed to get the progress state of the running process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0237E Cannot obtain the process result of the completed process.

Explanation

Cannot obtain the process result of the completed backup or restore process.

System action

Failed to get the process result of the completed process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0238E Cannot create backup.

Explanation

Cannot initiate the backup process.

System action

Failed to initiate the backup process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0239E Cannot restore from backup.

Explanation

Cannot initiate the restore from backup process.

System action

Failed to initiate the restore from backup process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0240E Cannot delete backup.

Explanation

Cannot delete the backup process.

System action

Failed to delete the backup process.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0242E Failed to create backup to backup_file .

Explanation

Cannot back up the IBM Security Guardium Key Lifecycle Manager system.

System action

Backup operation failed to back up the IBM Security Guardium Key Lifecycle Manager system.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM0244E Failed to restore from backup_file .

Explanation

Cannot restore the IBM Security Guardium Key Lifecycle Manager system.

System action

Restore operation failed to restore the IBM Security Guardium Key Lifecycle Manager system.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM2912W Import failed due to conflict arose because of <Variable_IDs/Aliases>.

Explanation

For a successful import, follow the resolution process.

CTGKM0245E The key name specified is not known.

Explanation

You might have incorrectly specified the key name value. Alternatively, IBM Security Guardium Key Lifecycle Manager database might not be available or an internal component such as the key server component returned an error or was not available.

System action

The operation fails.

Administrator response

Ensure that your value for a key name is valid and is in the keystore. Ensure that the database is available. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.

CTGKM0246E Cannot identify the next key to be used from this key group.

Explanation

An attempt failed to determine the next key to be used from this key group. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then try the operation again.

CTGKM0247E Cannot retrieve future write defaults.

Explanation

An error occurred while retrieving a list of future write defaults. There might be more information in the message that describes the problem.

System action

The operation fails.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0248E Cannot retrieve current system default.

Explanation

An internal component such as the key server component returned an error or was not available. The SKLMConfig.properties file might be write protected. This message might provide additional information.

System action

System default retrieval fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. You might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. Additional information in this message might guide your response.

CTGKM0249E Cannot add future write default.

Explanation

You might have specified a value that is not valid for a future write default. Alternatively, IBM Security Guardium Key Lifecycle Manager database might not be available or an internal component such as the key server component returned an error or was not available.

System action

The operation fails.

Administrator response

Ensure that your values for a future write default are valid. Ensure that the database is available. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.

CTGKM0250E Cannot delete future write default.

Explanation

IBM Security Guardium Key Lifecycle Manager could not delete a future write default. There might be additional information in this message.

System action

The future write default is retained in the IBM Security Guardium Key Lifecycle Manager database.

Administrator response

Additional information in this message might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0251E Future write default's effective date cannot be later than the certificate expiration date.

Explanation

If the certificate expires before the future write default's effective date, then this future write default will not be effective.

System action

Adjust the future write default's effective date.

Administrator response

Extend the certificate expiration date if necessary.

CTGKM0252E Algorithm type for backup_file application is not valid.

Explanation

This is not a valid algorithm type for the intended application. For IKEV2SERVER and IKVE2CLIENT, the only algorithm type supported is ECDSA. Cannot import this key or certificate for this application.

System action

Import operation fails.

Administrator response

Generate an ECDSA type of certificate or key for IKVE2SERVER or IKEV2CLIENT and then try the import operation.

CTGKM0253E Device serial number for LTO base device VALUE_0 must be either 10, 12 or 24 characters long, contain valid characters, and cannot have leading or trailing whitespace.

Explanation

The device serial number for a device must be either 10, 12 or 24 characters in length and contain only allowed characters.

System action

The operation fails.

Administrator response

Ensure that the device serial number you enter is 10, 12 or 24 valid characters in length and contains alphanumeric, period, dash, semicolon, and underscore characters, or a space that is not in the first or last position. Additional information in this message might also guide your response. Correct the problem and try the operation again.

CTGKM0255E Cannot delete key. Key is the last active member of a device.

Explanation

The current active member key of a device or group cannot be deleted.

System action

The key is not deleted.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM0256E Incorrect key size VALUE_0.

Explanation

This is not a valid key size type for the intended application. For IKEV2SERVER and IKVE2CLIENT, the only key size supported is 521 bits. Cannot import this key or certificate for this application.

System action

Import operation fails.

Administrator response

Generate correct size of ECDSA type of certificate or key for IKVE2SERVER or IKEV2CLIENT and then try the import operation.

CTGKM0257E Unable to accept the Pending Client Device Communication Certificate.

Explanation

The certificate name might already exist, the certificate material might already exist under a different name, or the IBM Security Guardium Key Lifecycle Manager database might not be available. There might be additional information.

System action

Accept operation fails.

Administrator response

Determine if you specified a unique certificate name. Alternatively, you might need to confirm that the database is available. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0258E Unable to reject the Pending Client Device Communication Certificate.

Explanation

The certificate might not exist, or the IBM Security Guardium Key Lifecycle Manager database might not be available. There might be additional information.

System action

Reject operation fails.

Administrator response

Refresh the page to determine if the certificate still exists in the pending list. Alternatively, you might need to confirm that the database is available. Additional information in this message might also guide your response. Make corrections. Then, try the operation again.

CTGKM0259E Unable to gather additional information on the selected Pending Client Device Communication Certificate.

Explanation

The certificate information was not available from the database.

System action

View operation fails.

Administrator response

Ensure that the IBM Security Guardium Key Lifecycle Manager database is available. Correct any database server runtime errors that you identify. Then, try the operation again.

CTGKM0260E Keystore internal error occurred.

Explanation

An internal error occurred while creating or loading the keystore.

System action

Keystore operation fails.

Administrator response

Verify that IBM Security Guardium Key Lifecycle Manager is initialized correctly.

CTGKM0261E Alias {0} already exists.

Explanation

System action

Keystore operation fails.

Administrator response

Specify a different alias.

CTGKM0262E The certificate expiration period cannot be later than VALUE_0 years. This value can be changed by use of the configuration parameter called maximum.keycert.expiration.period.in.years.

Explanation

The certificate expiration period cannot be later than the configured years. This value can be changed by use of the configuration parameter called maximum.keycert.expiration.period.in.years.

System action

Adjust the maximum.keycert.expiration.period.in.years if necessary.

Administrator response

Adjust the maximum.keycert.expiration.period.in.years if necessary.

CTGKM0263E You have successfully restored your system from backup_file You will be required to manually restart the server as automatic restart failed. Please refer to the Backup and restore section of IBM Security Guardium Key Lifecycle Manager documentation, on how to start and stop the server on distributed systems.

Explanation

Backup was successfully restored but restart failed.

System action

Administrator response

CTGKM0400E You must specify a value for: VALUE_0

Explanation

You attempted to update a key value, but you specified a null parameter.

System action

The key is not updated.

Administrator response

Enter a valid parameter value and try the update operation again.

CTGKM0401E The alias name prefix (3 characters) is not alphabetic: VALUE_0

Explanation

An alias prefix for a key must be three characters in length, and the characters must be alphabetic, which are the characters A-Z case insensitive.

System action

The key or keys are not created.

Administrator response

Specify a three character value for the key alias using the alphabetic characters A-Z, which are case insensitive.

CTGKM0402E The alias range ( VALUE_0 , VALUE_1 ) is not valid.

Explanation

The first hexadecimal number in an alias range must smaller than the last hexadecimal number that you specify.

System action

The keys are not created in the specified range.

Administrator response

Ensure that the values that you specified for the alias range are valid hexadecimal numbers, and that the initial number is less than the final number in the range. For example, specify a range such as xyz01-fff. Then, try the operation again.

CTGKM0403E The alias does not contain all alphabetic characters: VALUE_0

Explanation

The alias value must contain only alphabetic characters.

System action

The key or keys are not created.

Administrator response

Ensure that the value that you specified for the key alias contains only alphabetic characters. Then, try the operation again.

CTGKM0404E The alias range length is too large.

Explanation

The alias range that you specified exceeds a IBM Security Guardium Key Lifecycle Manager limit.

System action

The key or keys are not created.

Administrator response

Specify a smaller alias range. Then, try the operation again.

CTGKM0405E The alias range end value must be greater than or equal to the alias range start value.

Explanation

The last hexadecimal number in an alias range must greater than or equal to the first hexadecimal number that you specify.

System action

The keys are not created in the specified range.

Administrator response

Ensure that the values that you specified for the alias range are valid hexadecimal numbers, and that the final number is greater than or equal to the initial number in the range. For example, specify a range such as xyz01-fff. Then, try the operation again.

CTGKM0406E The alias range is too large.

Explanation

The alias range that you specified exceeds a IBM Security Guardium Key Lifecycle Manager limit.

System action

The keys are not created in the specified range.

Administrator response

Specify a smaller alias range. Then, try the operation again.

CTGKM0407E The alias range string contains a non-hexadecimal value.

Explanation

The numbers that specify an alias range must be hexadecimal numbers.

System action

The keys are not created in the specified range.

Administrator response

Specify an alias range using only hexadecimal values. Then, try the operation again.

CTGKM0408E Cannot locate certificate chain with alias VALUE_0

Explanation

The alias that you specified for a certificate does not contain a certificate chain.

System action

The operation fails.

Administrator response

Ensure that the alias that you specified contains a certificate chain. Then, try the operation again.

CTGKM0409E Check the file name. Cannot export the key to VALUE_0 .

Explanation

There is a write error to the file on which an export operation was attempted. There is possibly an error in the relative or full path, or the name of the file that IBM Security Guardium Key Lifecycle Manager creates to store private keys.

System action

The key is not exported.

Administrator response

Ensure that you correctly specified the relative or full path, and the name of the file to store the exported keys. If you do not specify a path name, the value of the SKLM_HOME directory is used. Then, try the operation again.

CTGKM0410E Error occurred while exporting the key to output stream.

Explanation

The certificate export operation did not write to the file on which an export operation was attempted. There is possibly an error in the relative or full path, or the name of the file that IBM Security Guardium Key Lifecycle Manager creates to store the certificate.

System action

The certificate is not exported.

Administrator response

Ensure that the path and file name are correct. Then, try the operation again.

CTGKM0411E Operation fails because VALUE_0 is not a secret key entry in the keystore. Specify a valid secret key, and retry the operation.

Explanation

The specified secret key is not in the keystore.

System action

A secret key operation fails, such as exporting a secret key.

Administrator response

Specify a valid secret key and retry the operation. Use the List Key REST Service to view the keys contained in the keystore.

CTGKM0412E Operation fails because VALUE_0 is not a private key entry in the keystore. Specify a valid private key, and retry the operation.

Explanation

The specified private key is not in the keystore.

System action

A private key operation fails, such as exporting a private key to a PKCS12.

Administrator response

Specify a valid private key and retry the operation. Use the List Key REST Service to view the private keys stored in the keystore.

CTGKM0413E Unsupported private key algorithm: VALUE_0

Explanation

This is not one of the key algorithms that IBM Security Guardium Key Lifecycle Manager supports.

System action

The key operation fails. For example, you might be trying to import a private key that does not match a supported RSA or DSA algorithm.

Administrator response

Use a different key that complies with an asymmetric key algorithm that IBM Security Guardium Key Lifecycle Manager supports.

CTGKM0414E File size is zero.

Explanation

The specified key file is empty, from which you are attempting to import a key. There is no data in the file.

System action

The operation fails.

Administrator response

Ensure that the key file is correctly populated, and that you have a valid key file from a trusted source. Then, try the operation again.

CTGKM0415E Cannot find the file VALUE_0

Explanation

The key file was not found during a key import operation.

System action

The key import operation fails.

Administrator response

Ensure that you specified the correct path and filename. Then, try the operation again.

CTGKM0416E Cannot find the VALUE_0 in the specified group.

Explanation

The group member that you specified is not in the target group.

System action

The operation fails.

Administrator response

Ensure that your specifications of both the group member and the group are correct. You might first need to add the member to the group. Then, try the operation again.

CTGKM0417E Cannot delete a key from a device group.

Explanation

The database stores group entries for keys in a key group type of group.

System action

The group entry delete operation fails.

Administrator response

Change your specification of the group type to a value of key group. Then, try the operation again.

CTGKM0419E Entry VALUE_0 does not belong to any group.

Explanation

The database stores entries in a group with a type of key group. The entry that you are attempting to delete was not found in any type of group.

System action

The operation fails.

Administrator response

Ensure that your specification of the entry uuid and the group name are correct. Then, try the operation again.

CTGKM0420E Key group is empty.

Explanation

There are no keys in the group. This is an internal message that the key server might issue to a log.

System action

The key operation fails.

Administrator response

You might need to add keys to the key group. The change is effective immediately. However, you might need to restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again.

CTGKM0421E Error occurred while encrypting the key.

Explanation

Encryption failed during a secret key export operation to a file. There might be a problem with the encryption provider.

System action

The export operation fails.

Administrator response

Collect any information that might be in the audit log. You might need to contact IBM Support.

CTGKM0422E Error occurred while encoding data in PKCS12 format.

Explanation

An exception occurred in internal processes.

System action

The private key and certificate are not encoded.

Administrator response

Collect any information that might be in the audit log and contact IBM Support.

CTGKM0423E Error occurred while verifying the key and certificate.

Explanation

An exception occurred in internal processes.

System action

The certificate request that you submitted to a CA and the certificate that returned, do not match. This might be an internal processing error.

Administrator response

Collect any information that might be in the audit log and contact IBM Support.

CTGKM0424E Error occurred while decrypting the secret key.

Explanation

An exception occurred in internal processes.

System action

The secret key was not decrypted. This might be an internal processing error.

Administrator response

Collect any information that might be in the audit log and contact IBM Support.

CTGKM0425E The alias prefix does not have 3 characters.

Explanation

An alias prefix for a key must be 3 characters in length, and the characters must be alphabetic.

System action

The key or keys are not created.

Administrator response

Ensure that the value that you specified for the key alias contains 3 alphabetic characters. Then, try the operation again.

CTGKM0426E Cannot delete the certificate as it is associated with a private key entry.

Explanation

You used the tklmCertDelete command to delete a certificate that has a private key associated with the certificate.

System action

The certificate was not deleted.

Administrator response

Use the tklmKeyDelete command to delete the key. The alias for the certificate and the key are the same, and are stored internally as a single entry.

CTGKM0427E Group name is longer than 64 characters: VALUE_0

Explanation

The limit for a group name is 64 characters.

System action

The operation fails.

Administrator response

Specify a shorter group name that meets the character limit. Then, try the operation again.

CTGKM0428E Default key group cannot be deleted.

Explanation

One or more devices use this key group as the default from which to obtain keys.

System action

The key group delete operation fails.

Administrator response

Ensure that no device uses this key group as the default from which to obtain keys. You might select another key group as the default. Then, try the operation again.

CTGKM0429E Alias range does not start with 3-letter prefix.

Explanation

The alias range prefix must be 3 characters in length.

System action

The operation fails.

Administrator response

Specify a prefix that contains 3 characters for the alias range. Then, try the operation again.

CTGKM0430E Alias range does not have a hexdecimal range separated by dash.

Explanation

A dash is the required separator between hexadecimal numbers in an alias range.

System action

The range of keys is not created.

Administrator response

Specify the alias range using a dash as the separator. Then, try the operation again.

CTGKM0431E Starting with version 2, this message is deprecated. aliasOne attribute must be specified for DS8000® device.

Explanation

Starting with version 2, this message is deprecated. aliasOne is the required attribute for DS8000 device.

System action

The device is not created.

Administrator response

Specify the aliasOne attribute. Then, try the operation again.

CTGKM0432E Rollover task for type VALUE_0 is already scheduled on effective date: VALUE_1

Explanation

Effective date is unique for each rollover type

System action

The rollover is not created.

Administrator response

Specify different rollover date and type. Then, try the operation again.

CTGKM0433E Operation fails because the country code: VALUE_0 is invalid. Specify a valid two-letters country code, and retry the operation.

Explanation

The specified country code is invalid as it does not have two letters.

System action

The certificate or certificate request operation fails.

Administrator response

Specify a valid country code and retry the operation.

CTGKM0434E Cannot delete the key because it is the default symmetric key: VALUE_0

Explanation

The specified key is a default symmetric key.

System action

The delete operation failed.

Administrator response

Specify a different key and try the delete operation again.

CTGKM0435E All keys in the key group are used. There is no key available to use.

Explanation

All keys in the key group are used. There is no key available to use.

System action

The operation to get the next key failed

Administrator response

Add a new key to the key group and try to get a key again.

CTGKM0436E The key group cannot be deleted, but the key group members are deleted successfully.

Explanation

The key group is not deleted.

System action

The key group delete operation failed.

Administrator response

Examine the logs for information about the error. Make necessary corrections. Then, try the operation again. If the problem still exists, you might need to contact IBM Support.

CTGKM0437E The key group cannot be deleted, but some members may have been deleted.

Explanation

The key group is not deleted.

System action

The key group delete operation failed.

Administrator response

Examine the logs for information about the error. Make necessary corrections. Then, try the operation again. If the problem still exists, you might need to contact IBM Support.

CTGKM0438E The last key in the default key group cannot be deleted.

Explanation

The key is not deleted.

System action

The key delete operation fails.

Administrator response

The default key group needs to include at least one key.

CTGKM0439E Cannot delete the last key in the key group that is associated with a device.

Explanation

The key is not deleted.

System action

The key delete operation fails.

Administrator response

The key group associated with a device needs to include at least one key.

CTGKM0440E Cannot delete the last key in the key group VALUE_0 that is associated with a scheduled rollover.

Explanation

The key is not deleted.

System action

The key delete operation fails.

Administrator response

The key group associated with a rollover need to have at least one key.

CTGKM0441E Key Export only supports IBMJCEPlus and IBMJCEPlusFIPS providers.

Explanation

System action

Administrator response

CTGKM0500E A keystore already exists in IBM Security Guardium Key Lifecycle Manager.

Explanation

Only one IBM Security Guardium Key Lifecycle Manager keystore can exist.

System action

The keystore add operation fails.

Administrator response

Use the existing IBM Security Guardium Key Lifecycle Manager keystore. You cannot add an additional keystore. If you must use a new keystore, you must first remove the existing keystore and add a new one. In a running production environment, do not modify the keystore name. If you must modify the keystore name prior to production, ensure that you have a complete, current backup of your IBM Security Guardium Key Lifecycle Manager configuration.

CTGKM0501E No password.

Explanation

You must specify a password for a IBM Security Guardium Key Lifecycle Manager keystore. The password must at least 6 characters in length.

System action

The keystore operation fails.

Administrator response

Specify a password for the IBM Security Guardium Key Lifecycle Manager keystore. For example, type a value such as my6pwd.

CTGKM0502E Keystore name must be specified.

Explanation

You must specify a name for a IBM Security Guardium Key Lifecycle Manager keystore. IBM Security Guardium Key Lifecycle Manager uses this name in the database as a descriptive alias to identify the keystore.

System action

The keystore operation fails.

Administrator response

Specify a name as a descriptive alias for the IBM Security Guardium Key Lifecycle Manager keystore. For example, type mySKLMKeystore.

CTGKM0503E Duplicate keystore name.

Explanation

A duplicate name exists in the database for the value that you specified as a descriptive alias for an IBM Security Guardium Key Lifecycle Manager keystore.

System action

The keystore operation fails.

Administrator response

Type a unique value for the name of the IBM Security Guardium Key Lifecycle Manager keystore. For example, type mySKLMKeystore.

CTGKM0504E Error occurred while creating the keystore:

Explanation

You might not have correctly specified the values needed to add a file-based keystore.

System action

The keystore operation fails.

Administrator response

Ensure that you specified a unique value for the descriptive alias, the path and file name of the keystore, or the keystore type. For a RACF® keystore, you might have to specify the user ID or password differently. After modifying your entries, try the operation again.

CTGKM0505E Error occurred while loading the keystore:

Explanation

This error occurs when you attempt to read data from an existing keystore.

System action

The keystore operation fails.

Administrator response

The data in the keystore might be corrupt, or the path specification or password value might be incorrect. If the keystore is corrupt, use a backup copy. Otherwise, respecify the path or password values, and try the operation again.

CTGKM0506E Internal database operation error.

Explanation

An unexpected database error occurred.

System action

The database operation did not complete as expected.

Administrator response

Collect any information that might be in the audit log and contact IBM Support.

CTGKM0507E Validation error on input:

Explanation

The value that you provided did not match an expected value.

System action

The value was not written or retained.

Administrator response

Ensure that the value you provided is valid. Then, try the operation again.

CTGKM0508E Failed to execute the command:

Explanation

There is an error in the values provided for the tklmKeyStoreList command.

System action

The command operation fails.

Administrator response

Ensure that the command syntax and values are correct. Then, try the command again.

CTGKM0509E Password cannot be shorter than 6 characters.

Explanation

The password strength rule requires a length of six or more characters.

System action

The keystore operation fails.

Administrator response

Specify a password that is at least six characters in length, and then try the operation again.

CTGKM0510E Keystore file path name is not specified.

Explanation

You must specify a complete path to the keystore file.

System action

The keystore operation fails.

Administrator response

Specify a complete path to the keystore file, either as an absolute or relative path. Then, try the operation again. As a relative path, for example, you might specify a file name in an existing directory. IBM Security Guardium Key Lifecycle Manager appends the value of SKLM_HOME as the relative path.

CTGKM0512E Keystore type is not valid KEYSTORE_TYPE

Explanation

You must specify a keystore type that IBM Security Guardium Key Lifecycle Manager supports.

System action

The keystore operation fails.

Administrator response

Specify a supported keystore type. Then, try the operation again.

CTGKM0513E Cannot find MBean:

Explanation

This error might occur if you install IBM Security Guardium Key Lifecycle Manager and then move or delete some of its files.

System action

Internal descriptive files are not found.

Administrator response

Do not move or delete files from their installed locations without explicit, authorized instructions. You might need to contact IBM Support.

CTGKM0514E Target application usage must be specified.

Explanation

Usage specifies how the certificate is used with a target application, either for secure communication using a TLS server protocol, or for communication with a device.

System action

The certificate operation fails.

Administrator response

Specify a valid value for the certificate usage. Then, try the operation again.

CTGKM0515E Certificate name must be specified.

Explanation

The name uniquely identifies the certificate within the keystore.

System action

The certificate operation fails.

Administrator response

Specify the name for the certificate. Then, try the operation again.

CTGKM0516E Common name must be specified.

Explanation

The common name (cn) is part of the unique identification for the certificate. For example, the value of cn is used in the subject name for a certificate, which can identify whether a certificate that is being imported matches an original certificate request.

System action

The operation fails.

Administrator response

Specify the common name for the certificate. Then, try the operation again.

CTGKM0517E Cannot form a valid X.500 name.

Explanation

One or more of the values for the subject fields is not valid to generate a valid X.500 directory name, which must be unique to identify a self-signed certificate as an entry for a global directory service.

System action

The X.500 name is not created.

Administrator response

Ensure that you provided correct values for the subject fields that comprise an X.500 name, such that a certificate can be unambiguously identified. For example, ensure that the value for the cn field is unique, and that values are also complete in other fields.

CTGKM0518E Keystore does not exist.

Explanation

A keystore must exist to contain the certificate. You might have entered an incorrect keystore name, or used a command that requires a value for the keystore, before creating the keystore.

System action

The certificate operation fails.

Administrator response

Specify a valid, existing keystore. You might need to create a keystore using either the tklmKeystoreAdd command, or the graphical user interface. Then, try the operation again.

CTGKM0520E Not the supported usage: VALUE_0

Explanation

You specified an unsupported value for the target usage. The target application specifies how the certificate is used, either for secure communication using a TLS protocol, or for communication with a device such as a tape drive.

System action

The certificate operation fails.

Administrator response

Specify a valid target application for which the certificate is used. Then, try the operation again.

CTGKM0521E Unsupported certificate format: VALUE_0

Explanation

You specified an value that is not valid for the certificate format. IBM Security Guardium Key Lifecycle Manager supports either a base64 and DER format for certificates.

System action

The certificate operation fails.

Administrator response

Specify either base64 or DER as the certificate format. Then, try the operation again.

CTGKM0522E Operation fails because the certificate information is missing. Specify a valid certificate name, and retry the operation.

Explanation

The certificate operation fails because the certificate information is missing or null.

System action

The certificate import operation fails.

Administrator response

Specify a valid certificate name and retry the operation. Use the Certificate List REST Service to find or verify the certificate name.

CTGKM0523E Operation fails because the keystore information is invalid or missing. Specify a valid keystore name, and retry the operation.

Explanation

The certificate import or keystore delete operation fails because the value of the keystore parameter is invalid or missing.

System action

The certificate operation fails.

Administrator response

Specify a valid keystore name and retry the operation. Use the Config Properties List REST Service to verify the keystore name.

CTGKM0524E Operation fails because the keystore name or UUID is invalid or missing. Specify a valid keystore name or UUID, and retry the operation.

Explanation

The certificate import or keystore delete operation fails because the value of the keystore parameter is invalid or missing.

System action

The certificate operation fails.

Administrator response

Specify a valid keystore name or UUID and retry the operation. Use the Config Properties List REST Service to verify the keystore name.

CTGKM0525E Operation fails because the parameter values are incorrect or missing. Specify valid parameter values, and retry the operation.

Explanation

During general validation, at least one value for a required parameter cannot be found for the Create Certificate REST Service or Certificate Update REST Service.

System action

The certificate operation fails.

Administrator response

Specify the missing value or values and retry the operation.

CTGKM0526E Certificate operation fails because the certificate file name is missing. Specify the certificate file name, and retry the operation.

Explanation

The certificate file name must be specified for the Certificate Export REST Service or Certificate Import REST Service.

System action

The certificate operation fails.

Administrator response

Specify a valid certificate file name and retry the operation.

CTGKM0527E Certificate validity value VALUE_0 is not valid

Explanation

The length of time in days that you specified for the certificate does not fall within the expected range. The value must be 1 or greater.

System action

The certificate operation fails.

Administrator response

Specify a valid length of time in days during which the certificate can be used. Then, try the operation again.

CTGKM0528E Keystore name cannot exceed 64 characters.

Explanation

For the tklmKeystoreAdd command, you specified a keystore name that exceeds a limit of 64 characters.

System action

The certificate operation fails.

Administrator response

Specify a keystore name that is 64 characters or less in length. Then, try the operation again.

CTGKM0529E An error occurred generating certificate request.

Explanation

An exception occurred in internal processes.

System action

The certificate request is not created.

Administrator response

Verify the parameter values for the certificate request. Then, try the operation again.

CTGKM0530E Cannot find the certificate.

Explanation

The value of the alias or uuid was not found when you attempted an operation such as deleting, exporting, or updating a certificate.

System action

The certificate operation fails.

Administrator response

Specify a valid alias or uuid for the target certificate. Then, try the operation again.

CTGKM0531E Group delete operation fails because the group UUID value is missing. Specify a valid UUID, and retry the operation.

Explanation

The group delete operation requires a valid value for the UUID parameter.

System action

The group delete operation fails.

Administrator response

Specify a valid group UUID value and retry the operation. Use the Group List REST Service to view or verify the group UUID.

CTGKM0532E Compromise date cannot be later than today.

Explanation

The date on which you specify that a key or a certificate is compromised cannot be a future date.

System action

The operation fails.

Administrator response

Specify a date that is not in the future, and then try the operation again.

CTGKM0533E Activation date, retirement date, expiration date and destroy date are not synchronized.

Explanation

There is a mismatch in dates between several parameters, which must follow each other in time. A destroy date value must occur after an expiration date value, for example.

System action

The update certificate operation fails.

Administrator response

Enter values for dates that do not conflict in their sequence on the calendar. Then, try the operation again.

CTGKM0534E Cannot reset activation date, old activation date has passed:

Explanation

If the date of activation is older than the current date, you cannot reset a new value for activation.

System action

The operation fails.

Administrator response

Use a different certificate. The activation date of this certificate cannot be reset.

CTGKM0535E Cannot reset retirement date, old retirement date has passed:

Explanation

If the date of retirement is older than the current date, you cannot reset a new value for retirement.

System action

The operation fails.

Administrator response

Use a different certificate. This certificate is retired, and the retirement date cannot be reset.

CTGKM0536E Cannot reset destroy date, old destroy date has passed:

Explanation

If the destroy date is older than the current date, you cannot reset a new value for the destroy date.

System action

The operation fails.

Administrator response

Use a different certificate. The destroy date of this certificate cannot be reset.

CTGKM0537E Cannot set state to be VALUE_0 , current state is VALUE_1 .

Explanation

The current state of the certificate cannot be reset to the state that you specified. For example, you cannot set the state of an active certificate to a pre-active state.

System action

The operation fails.

Administrator response

Specify a different state for the certificate. Then, try the operation again.

CTGKM0538E Error setting new state: VALUE_0 , certificate is already compromised.

Explanation

A certificate that is in a compromised state cannot be set to an earlier state.

System action

The operation fails.

Administrator response

Specify a subsequent state. Then, try the operation again. Alternatively, you might need to use an uncompromised certificate.

CTGKM0539E Error setting new state: VALUE_0 , certificate is not compromised.

Explanation

A certificate must be in a compromised state before a subsequent state can be set.

System action

The operation fails.

Administrator response

First, change the state of the certificate to compromised. Then, try the operation again.

CTGKM0540E Certificate with alias VALUE_0 already exists in keystore.

Explanation

There is already a certificate in the keystore with the same alias as the one you are attempting to import.

System action

The operation fails.

Administrator response

Specify a different alias. Then, try the operation again.

CTGKM0541E uuid and certificate attributes must be specified.

Explanation

There might be an error in the uuid value for a certificate.

System action

The operation fails.

Administrator response

Ensure that the uuid value of the certificate is valid. Then, try the operation again.

CTGKM0542E Not a valid encoded certificate file. Make sure to use the right file and it is not tampered or corrupted.

Explanation

The import operation determined that the certificate file is not correctly encoded. It must be DER or base64 format.

System action

The operation fails.

Administrator response

Specify a certificate that has a DER or base64 format. Then, try the operation again.

CTGKM0543E An error occurred importing certificate: {0}

Explanation

The certificate file might not exist, or you might have made an error in specifying the file name of the certificate.

System action

The operation fails.

Administrator response

Determine whether the certificate path and file name are correct, and whether the file is corrupt. Correct the problems. Then, try the operation again.

CTGKM0544E The certificate cannot be retrieved from the keystore. Specify a valid certificate alias, and retry the operation.

Explanation

The certificate alias is invalid or the keystore does not contain the target certificate.

System action

The operation fails.

Administrator response

Ensure that the certificate alias is valid or the certificate is present in the keystore. Then, retry the operation.

CTGKM0545E An error occurred exporting certificate.

Explanation

The file that you specified might be read-only, or you do not have permission to write the file to a specific location.

System action

The export operation fails.

Administrator response

Ensure that the file is write enabled, and that your permissions are valid. Then, try the export operation again.

CTGKM0546E Expiration date cannot be early than activation date: VALUE_0

Explanation

The expiration date of a certificate must occur later in time than the activation date.

System action

The operation fails.

Administrator response

Specify an expiration date that is later than the activation date. Then, try the operation again.

CTGKM0547E Expiration date cannot be later than retirement date: VALUE_0

Explanation

The expiration date of a certificate must occur earlier in time than the retirement date.

System action

The operation fails.

Administrator response

Specify an expiration date that is earlier than the retirement date. Then, try the operation again.

CTGKM0548E Expiration date cannot be later than destroy date: VALUE_0

Explanation

The expiration date of a certificate must occur earlier in time than the destroy date.

System action

The operation fails.

Administrator response

Specify an expiration date that is earlier than the destroy date. Then, try the operation again.

CTGKM0549E Subject name of the certificate does not match subject name in certificate request.

Explanation

The subject name of the certificate that returned from a Certificate Authority does not match the subject name in the original certificate request.

System action

The import operation fails.

Administrator response

Correct the file name or alias specification. Then, try the operation again.

CTGKM0550E Input value cannot be an empty string for parameter VALUE_0 .

Explanation

The entry for the attribute name must not be blank or a space.

System action

The operation fails.

Administrator response

Specify one or more valid characters for this entry. Then, try the operation again.

CTGKM0551E Cannot find keystore provider for keystore type VALUE_0

Explanation

The keystore type does not match the set of supported providers.

System action

The operation fails.

Administrator response

Specify a supported keystore type. Then, try the operation again.

CTGKM0552E VALUE_0 type keystore is not supported.

Explanation

The keystore type is not in the set of supported providers.

System action

The operation fails.

Administrator response

Specify a supported keystore type. Then, try the operation again.

CTGKM0555E Default property cannot be deleted: VALUE_0

Explanation

You attempted to delete a property from the SKLMConfig.properties file that IBM Security Guardium Key Lifecycle Manager uses as a default property.

System action

The configuration operation fails.

Administrator response

Ensure that the property you intend to delete is a customized property, or a property other than a default property. Then, try the delete operation again.

CTGKM0556E The property cannot be found in the configuration properties file: VALUE_0. Specify a valid property, and retry the operation.

Explanation

The Delete Config Property REST Service cannot delete the property because the property does not exist in the properties file.

System action

The configuration operation fails.

Administrator response

Ensure that the property exists in the properties file. You might use the Multiple Config Properties REST Service to list the contents of the properties file. Specify a valid target property and retry the delete operation.

CTGKM0557E Cannot delete config.keystore.name property in configuration file

Explanation

You attempted to delete the config.keystore.name property from the SKLMConfig.properties file. IBM Security Guardium Key Lifecycle Manager must use this property to identify the keystore.

System action

The configuration operation fails.

Administrator response

You might change the value of the config.keystore.name property, but you cannot delete the property itself. In a running production environment, do not modify the keystore name. If you must modify the keystore name prior to production, ensure that you have a complete, current backup of your IBM Security Guardium Key Lifecycle Manager configuration.

CTGKM0559E Group name and type must be specified.

Explanation

The group name is missing, or the group type is not valid.

System action

The operation fails.

Administrator response

Specify a value for the group name and a valid group type. Then, try the operation again.

CTGKM0560E VALUE_0 cannot be null.

Explanation

A value other than a space or blank is required.

System action

The operation fails.

Administrator response

Specify a supported value that is not a blank or a space. Then, try the operation again.

CTGKM0561E Unsupported group type: VALUE_0

Explanation

The value that you specified for the group type is not supported.

System action

The operation fails.

Administrator response

Specify a supported value for a group type, such as keygroup. Then, try the operation again.

CTGKM0562E The group cannot be found: VALUE_0. Specify a valid group name, and retry the operation.

Explanation

The specified value of the group name does not match an existing group. The group name is either incorrect or does not exist in the specified group type.

System action

The operation fails.

Administrator response

Specify a group that exists in the group type that you intend to use and retry the operation. Use the Group List REST Service to verify that the group exists in the group type.

CTGKM0563E Cannot add a key to a device group.

Explanation

The value of the group type is incorrect.

System action

The operation fails.

Administrator response

Specify keygroup as the group type. Then, try the operation again.

CTGKM0564E The entry cannot be identified: VALUE_0. Specify a valid entry, and retry the operation.

Explanation

The specified value of the entry does not match an existing certificate, key, or device. The specified certificate, key, or device identifier is either incorrect or does not exist in the entry type.

System action

The operation fails.

Administrator response

Specify an entry that exists in the entry type that you intend to use. If you are deleting an entry from a group, use the Key List REST Service to verify that the entry exists in the group. Then, retry the operation.

CTGKM0565E The key cannot be found: VALUE_0. Specify a valid key, and retry the operation.

Explanation

The specified key value does not match an existing key.

System action

The operation fails.

Administrator response

Specify a key that exists in the type that you intend to use. If you are deleting a key from a group, use the Group List REST Service or Key List REST Service to verify that the key exists. Then, retry the operation.

CTGKM0566E Cannot add a certificate to a device group.

Explanation

The value of the group type is incorrect.

System action

The operation fails.

Administrator response

Specify keygroup as the group type. Then, try the operation again.

CTGKM0567E The certificate cannot be found: VALUE_0. Specify a valid certificate value, and retry the operation.

Explanation

The specified certificate value does not match an existing certificate.

System action

The operation fails.

Administrator response

Specify a valid certificate value and retry the operation. Use the Certificate List REST Service to verify that the certificate exists.

CTGKM0569E The device cannot be found: VALUE_0. Specify a valid device value, and retry the operation.

Explanation

The specified device value does not match an existing device.

System action

The operation fails.

Administrator response

Specify a valid device value and retry the operation. Use the Device List REST Service to verify that the device exists.

CTGKM0570E Failed to add group entry.

Explanation

The entry was not added to the group. This might be an internal error.

System action

The operation fails.

Administrator response

The audit log might contain information about the error. Collect the information and contact IBM Support.

CTGKM0571E File already exists: VALUE_0

Explanation

The file that you are attempting to export matches the name of an existing file.

System action

The operation fails.

Administrator response

Specify a different path and file name. Then, try the operation again.

CTGKM0580E Operation fails because the keystore name or certificate alias is missing. Specify a valid keystore name or certificate alias, and retry the operation.

Explanation

The keystore name or the certificate alias is not specified.

System action

The operation fails.

Administrator response

Specify a valid keystore name and certificate alias and retry the operation.

CTGKM0581E Internal key server exception.

Explanation

The IBM Security Guardium Key Lifecycle Manager data store returned an error when attempting to delete a certificate.

System action

The operation fails.

Administrator response

The audit log might contain information about the error. Collect the information and contact IBM Support.

CTGKM0582E Wrong password.

Explanation

The existing keystore password that you provided did not match the actual password.

System action

The operation fails.

Administrator response

Specify the correct password value for the keystore. Then, try the operation again.

CTGKM0583E Group already exists: VALUE_0

Explanation

The group that you are attempting to create already exists.

System action

The operation fails.

Administrator response

Specify an alternative name for the group. Then, try the operation again.

CTGKM0584E The key in the certificate to be imported does not match the key in the original certificate request.

Explanation

The key of the certificate that returned from a Certificate Authority does not match the key in the original certificate request.

System action

The operation fails.

Administrator response

Import the certificate response using an alias that corresponds to this response. Then, try the operation again.

CTGKM0585E Error occurred while verifying the key and certificate.

Explanation

This is an internal database error.

System action

The operation fails.

Administrator response

The audit log might contain information about the error. Collect the information and contact IBM Support.

CTGKM0586E Operation fails because the keystore name or key alias is incorrect or missing. Specify a valid keystore name or key alias, and retry the operation.

Explanation

The keystore name or the key alias value is incorrect or missing. To list or delete a key, all required values, such as the keystore name must be correctly specified.

System action

The operation fails.

Administrator response

Specify a valid keystore name and key alias, and retry the operation. Use the Key List REST Service to view the keys that are currently in the keystore.

CTGKM0587E Alias VALUE_0 does not exist in the keystore VALUE_1

Explanation

The key alias is incorrectly specified. The alias does not exist in the specified keystore.

System action

The operation fails.

Administrator response

Ensure that the alias value is correct. Then, try the operation again.

CTGKM0588E Error occurred while loading data from the file VALUE_0

Explanation

This is an error in reading data from a key or certificate file.

System action

The operation fails.

Administrator response

Ensure that the path and filename are correct. Then, try the operation again.

CTGKM0589E Error occurred while retrieving the entry VALUE_0 from the keystore VALUE_1

Explanation

Both the path name and the keystore password must be correctly specified.

System action

The operation fails.

Administrator response

Ensure that the keystore path name and password are valid. Then, try the operation again.

CTGKM0590E The file does not have any data.

Explanation

An attempt was made to import a private key from a private key file. The private key file is empty.

System action

The operation fails.

Administrator response

Ensure that you specified a file that contains the desired private key. Then, try the operation again.

CTGKM0591E Import operation fails because VALUE_0 has more than one key entry. Only one key can be imported at a time.

Explanation

The Key Import REST Service is used to import a PKCS12 file that contains more private key entries than supported. Only one private key can be imported using this operation.

System action

The import key operation fails.

Administrator response

Import the key from a file that contains only one private key, and retry the operation.

CTGKM0592E Import operation fails because the key alias already exists: VALUE_0. Specify a different alias, and retry the operation.

Explanation

The specified key alias already exists in the keystore.

System action

The import key operation fails.

Administrator response

Specify a different key alias and retry the operation. Use the Key List REST Service to view the keys that are currently in the keystore.

CTGKM0593E Entry in VALUE_0 is not the private key entry.

Explanation

You attempted to import a private key. However, the entry in the PKCS12 file is not a private key entry. It might be a certificate entry.

System action

The operation fails.

Administrator response

You might need to obtain a different file, and validate that the file has a private key. Then, try the operation again.

CTGKM0594E No private key entry in the file VALUE_0

Explanation

You attempted to import a private key. However, there is no private key entry in the PKCS12 file.

System action

The operation fails.

Administrator response

You might need to obtain a different file, and validate that the file has a private key. Then, try the operation again.

CTGKM0595E Key alias cannot exceed 12 characters in length.

Explanation

A key alias for a set of multiple keys has a prefix that must be 3 characters long. If you create only one key, the value for the alias cannot exceed 12 characters.

System action

The secret key or keys are not created.

Administrator response

Specify an alias that does not exceed the character limit. Then, try the operation again.

CTGKM0596E Alias VALUE_0 already exists in the keystore VALUE_1

Explanation

You attempted to generate a key, but the key alias already exists in the keystore. A different alias is required.

System action

The secret key or keys are not created.

Administrator response

Specify a different alias. Then, try the operation again.

CTGKM0597E Error occurred while generating the secret key.

Explanation

The Java™ Cryptography Extension attempted to generate a secret key, but the process failed.

System action

The secret key or keys are not created.

Administrator response

Try the operation again. If the problem continues, collect any information that might be in the audit log and then contact IBM Support.

CTGKM0598E Operation fails because the number of keys is invalid. Ensure that the number of keys is not smaller than 1 or greater than 9999, and retry the operation.

Explanation

For the Secret Key Create REST Service, the value for the numOfKeys parameter must be a positive integer. It cannot be smaller than 1 or greater than 9999.

System action

The secret keys are not created.

Administrator response

Specify a value for the number of keys that is not smaller than 1 or greater than 9999, and retry the operation.

CTGKM0599E Unable to add the key to the keystore because of an internal error. Refer to the logs for more information. Correct the errors, and retry the operation.

Explanation

The Secret Key Create REST Service or Key Import REST Service failed to add a key to the keystore.

System action

The secret key or keys are not added to the keystore.

Administrator response

Refer to the logs for more information. Correct the errors, and retry the operation.

CTGKM0600E Method Not Implemented: VALUE_0

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates when a method call encounters an error condition.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the method call. You might need to contact IBM Support.

CTGKM0601E An error occurred adding/updating value for attribute VALUE_0

Explanation

An attempt was made to write a null value to the SKLMConfig.properties file. The file might be write protected. Alternatively, an internal component such as the key server component returned an error or was not available.

System action

The operation fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. If the problem continues, examine the audit log for exception information about the update to the attribute. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.

CTGKM0602E An error occurred getting the value for attribute VALUE_0

Explanation

An attempt was made to read a value from the SKLMConfig.properties file. You might not be authorized to read the SKLMConfig.properties file.

System action

The operation fails.

Administrator response

Ensure that you have the correct authorization. If the problem continues, examine the audit log for exception information about the error. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.

CTGKM0603E An error occurred deleting attribute VALUE_0

Explanation

An attempt was made to delete an attribute value from the SKLMConfig.properties file. The file might be write protected. Alternatively, an internal component such as the key server component returned an error or was not available.

System action

The operation fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. If the problem continues, examine the audit log for exception information about the update to the attribute. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.

CTGKM0604E An error occurred merging configuration with file VALUE_0

Explanation

Merging in this context means that a problem occurred in merging two configuration files. This might occur during migration of configuration data from an existing Encryption Key Manager server. Data was not written from an existing configuration file into a new SKLMConfig.properties file. The new file might write protected, or you might not have sufficient authority.

System action

The operation fails.

Administrator response

Ensure that the SKLMConfig.properties file is write enabled and that you have appropriate access to the file. You might also examine the audit log for exception information. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.

CTGKM0605E An error occurred replacing configuration file with file VALUE_0

Explanation

Configuration file replacement might occur during migration of configuration data from an existing Encryption Key Manager server. You might not have sufficient authority to replace the configuration file.

System action

The operation fails.

Administrator response

Ensure that you have appropriate access to the file. You might also examine the audit log for exception information. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.

CTGKM0615E Keystore password cannot exceed 175 single-byte or 87 double-byte characters.

Explanation

Keystore password cannot exceed 175 single-byte or 87 double-byte characters.

System action

Keystore password update fails.

Administrator response

Enter a password not greater than 175 single-byte or 87 double-byte characters.

CTGKM0616E Device with UUID VALUE_0 does not belong to the device group VALUE_1.

Explanation

The device with the specified UUID does not belong to the specified device group.

System action

Device list fails.

Administrator response

Enter the correct device group, or leave it blank.

CTGKM0617E authorization.provider.class cannot be a numeric string.

Explanation

authorization.provider.class cannot be a numeric string.

System action

The operation fails.

Administrator response

Specify a non-numeric value.

CTGKM0618E VALUE_0 can only be positive integer.

Explanation

The value must be an integer greater than zero.

System action

The operation fails.

Administrator response

Specify a positive integer.

CTGKM0620E Error parsing XML template.

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates after problems occur reading an XML template file that has syntax errors.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the XML parsing error. You might need to contact IBM Support.

CTGKM0621E Error in XML element VALUE_0 , expecting VALUE_1

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates after problems occur reading an XML template file that has errors.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the error. You might need to contact IBM Support.

CTGKM0622E XML attribute VALUE_0 missing for element VALUE_1

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates after problems occur reading an XML template file that has errors.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the error. You might need to contact IBM Support.

CTGKM0623E Error in XML template attribute value VALUE_0 for attribute VALUE_1

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates after problems occur reading an XML template file that has errors.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the error. You might need to contact IBM Support.

CTGKM0624E Template VALUE_0 not found.

Explanation

This is an internal message that IBM Security Guardium Key Lifecycle Manager generates after problems occur attempting to read an XML template file.

System action

The operation fails.

Administrator response

This error should not occur in your environment. First, examine the audit log for exception information about the error. You might need to contact IBM Support.

CTGKM0630E Validation error: VALUE_1 for parameter VALUE_0. Specify a valid value for the parameter and retry the operation.

Explanation

The validation error occurs if the specified parameter value is invalid.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter and retry the operation.

CTGKM0631E Missing required parameter VALUE_0 .

Explanation

The value that you specified for the required parameter is blank or missing.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM0632E Missing required VALUE_0 parameter VALUE_1

Explanation

The required parameter value is blank or missing.

System action

The operation fails.

Administrator response

Specify a valid value for the required parameter. Then, try the operation again.

CTGKM0633E Validation error: VALUE_1 is invalid for parameter VALUE_0 VALUE_2 . Specify one of these valid values:

Explanation

The value that you specified for the parameter is not valid.

System action

The operation fails.

Administrator response

Ensure that the value that you specified is valid. Then, try the operation again.

CTGKM0634E Validation Error: VALUE_1 for parameter VALUE_0 must be 16 characters long and contain valid characters. Specify a valid value for the parameter and retry the operation.

Explanation

The validation error occurs when the parameter value is invalid.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter and retry the operation.

CTGKM0635E Incorrect syntax for required parameter attribute. Syntax is {attribute1}{attribute2}..{attributeN}.

Explanation

The syntax for the parameter 'attribute' was incorrect.

System action

The operation fails.

Administrator response

Correct the syntax, and try again.

CTGKM0640E Certificate Request file already exists: VALUE_0

Explanation

The file name that you specified in the certificate request matches a certificate request file name that currently exists.

System action

The operation fails.

Administrator response

Specify a different file name for the certificate request. For example, specify myUniqueRequest.crt. Then, try the operation again.

CTGKM0641E Error in writing file VALUE_0 : VALUE_1

Explanation

You might not have authorization to write a certificate request file, or the path name that you specified is incorrect.

System action

The operation fails.

Administrator response

Ensure that you have appropriate access to the file, and that the path and file names are correctly specified. Then, try the operation again. You might also examine the audit log for exception information about the file operation. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.

CTGKM0645E The device VALUE_0 cannot be found. Specify a valid device value, and retry the operation.

Explanation

The operations fails to read the device information because the identifier for the device does not match an existing device serial number. This is an internal error.

System action

The operation fails.

Administrator response

Ensure that the device value matches an existing device. Also, ensure that the specified type matches the device group. Use the Device List REST Service to identify existing devices in a group. Then, retry the operation.

CTGKM0650E Error while attempting to encrypt a file using algorithm: error_msg

Explanation

Error occurred while attempting to encrypt a file using algorithm

System action

Operation invoking the encryption fails.

Administrator response

Error can occur for a number of reasons: missing algorithm, incorrect algorithm parameter, incorrect encryption key or key specification (password), incorrect padding mechanism. This error is not expected to occur. If it does, the IBM Security Guardium Key Lifecycle Manager administrator should investigate the cause.

CTGKM0651E Error while attempting to decrypt a file using algorithm: error_msg

Explanation

This error occurred while attempting to decrypt a file using the algorithm.

System action

The operation fails.

Administrator response

This error can occur for a number of reasons: missing algorithm, incorrect algorithm parameter, incorrect encryption key or key specification (password), or an incorrect padding mechanism. This error is not expected to occur. If it does, the IBM Security Guardium Key Lifecycle Manager administrator should investigate the cause.

CTGKM0660E tklmCertList supports the optional parameters -usage and -v, and these parameter combinations: No parameters; or -uuid; or -alias and -keystoreName; or -attributes.

Explanation

The command failed because the combination of parameter values that you specified is not valid.

System action

The operation fails.

Administrator response

Specify no parameter, or specify a value for alias, or specify an attribute, or specify both a uuid and keystoreName. Then, try the operation again.

CTGKM0704E Group name cannot contain \' \\ \'.

Explanation

The group name must not contain the characters \' \\ \' in the name.

System action

The operation fails.

Administrator response

Specify a group name that does not contain \' \\ \'. Then, try the operation again.

CTGKM0705E Operation fails because either the group name or group UUID is missing. Specify either group name or group UUID, and retry the operation.

Explanation

The operation requires either the group name or the group UUID.

System action

The operation fails.

Administrator response

Specify either a group name or group UUID and retry the operation.

CTGKM0706E The key group with the name VALUE_0 does not have the UUID VALUE_1.

Explanation

The specified group name and group UUID do not match.

System action

The operation fails.

Administrator response

Correct the group name or UUID, or specify only one of the two. Then, try the operation again.

CTGKM0742E Key type not valid: VALUE_0.

Explanation

Key type entered is not valid.

System action

Key operation fails.

Administrator response

Check the logs for more information.

CTGKM0750E Validation Error: VALUE_0 for compromised. Specify a value of y for the compromised attribute, and retry the operation.

Explanation

When using the Certificate Update REST Service to specify that a certificate is compromised, the only valid value is y (compromised). A compromised certificate cannot be changed to an uncompromised state.

System action

The certificate state is not changed.

Administrator response

Specify a value of y for the compromised attribute and retry the operation.

CTGKM0751E Failed to update the state of the certificate because of conflicting parameter values. Specify a value of y for the trusted attribute only if the certificate is not marked as compromised.

Explanation

When using the Certificate Update REST Service to specify that a certificate is compromised, the certificate cannot be marked as trusted. A certificate can only be marked as trusted if it is not in the expired, retired, or compromised state.

System action

The operation to change the certificate state fails.

Administrator response

Do not specify a value of y for the trusted attribute if the certificate needs to be marked as compromised.

CTGKM0752E Validation Error: VALUE_0 for trusted. Specify a value of y or n for the trusted attribute, and retry the operation.

Explanation

To specify if a certificate is trusted or not, the Certificate Update REST Service supports only two valid values: y (trusted) or n (not trusted).

System action

The certificate attribute is not changed.

Administrator response

Specify a value of y or n for the trusted attribute and retry the operation.

CTGKM0753E Operation failed because the certificate is not in a valid state to be marked as trusted. Check the state of the certificate and mark it as trusted if the certificate state is not compromised, destroyed, expired or retired.

Explanation

If the certificate is in a compromised, destroyed, expired or retired state, then it cannot be marked as trusted. Only certificates that are in an active or pre-active state can be marked as trusted.

System action

The certificate attribute is not changed.

Administrator response

Check the state of the certificate using the Certificate List REST Service. Mark the certificate as trusted if the certificate state is not compromised, destroyed, expired or retired.

CTGKM0758E Certificate with alias VALUE_0 cannot be deleted because this certificate is specified as an TLS/KMIP or IKEv2-SCSI certificate and is in use.

Explanation

Using the tklmCertDelete command, you cannot delete a certificate that is specified as the TLS/KMIP or IKEv2-SCSI certificate.

System action

The certificate delete operation fails.

Administrator response

Specify a different certificate as the TLS/KMIP or IKEv2-SCSI certificate. Ensure that the certificate that you intend to delete no longer has the specification. Then, try the operation again.

CTGKM0759E Key with alias VALUE_0 cannot be deleted because the certificate associated with this key is specified as an TLS/KMIP or IKEv2-SCSI certificate and is in use.

Explanation

Using the tklmKeyDelete command, you cannot delete a key for which certificate is specified as the TLS/KMIP or IKEv2-SCSI certificate.

System action

The key delete operation fails.

Administrator response

Specify a different certificate as the TLS/KMIP or IKEv2-SCSI certificate. Ensure that the key that you intend to delete no longer has the specification. Then, try the operation again.

CTGKM0760E Certificate with alias = VALUE_0 cannot be deleted because this certificate is specified as a default or partner certificate. Specify a different certificate as default or partner, and retry the operation.

Explanation

The certificate is specified as the system default or partner certificate and hence, cannot be deleted.

System action

The certificate delete operation fails.

Administrator response

Specify a different certificate as the system default or partner certificate. Ensure that the certificate that you intend to delete is not a default or partner certificate. Then, retry the operation.

CTGKM0761E The key with alias = VALUE_0 cannot be deleted because the certificate associated with this key is specified as a default or partner certificate. Ensure that the key is not associated with a system default or partner certificate, and retry the operation.

Explanation

The specified key is associated with a system default or partner certificate and hence, the key cannot be deleted.

System action

The key delete operation fails.

Administrator response

Specify a different certificate as the system default or partner. Ensure that the key that you intend to delete is not associated with a system default or partner certificate, and retry the operation.

CTGKM0775E Operation failed because it is not supported in FIPS mode. Change the value of the FIPS property to off and restart the server before using this operation.

Explanation

Algorithms used by this operation are not supported in a FIPS mode environment.

System action

The operation fails.

Administrator response

Change the value of the FIPS property to off and restart the server before using this operation.

CTGKM0776W The number of device audit entries returned reaches the limit of 2000 records. Only the first 2000 entries are displayed. You might need to specify a different filter for your search.

Explanation

The list operation only fetches the first 2000 rows.

System action

The first 2000 entries are displayed.

Administrator response

The result set reached the 2000 entries limit. Specify a different filter, and try the operation again.

CTGKM0800E Unable to add device because a device with the same primary key exists in the table VALUE_0. Specify a different primary key, and retry the operation.

Explanation

With the Device Add REST Service, you can add a primary key to the database that uniquely represents a device with a combination of several parameters (serialNumber, type, and worldwideName). The add operation fails because the primary key and device already exist in the database.

System action

The device add operation fails.

Administrator response

Specify a different primary key for the device that you intend to add and retry the operation.

CTGKM0801E A key group name and a key alias cannot be same in the IBM Security Guardium Key Lifecycle Manager database. Specify a unique key group name and try again.

Explanation

Before creating metadata for a key, IBM Security Guardium Key Lifecycle Manager verifies that a key group does not already exist with the same name as the alias. Similarly, before creating a key group, the IBM Security Guardium Key Lifecycle Manager verifies that a key does not exist with the same alias as the group name.

System action

The create operation fails.

Administrator response

If you are creating a key, specify a different alias name. If you are creating a key group, specify a different key group name.

CTGKM0802E The backup program could not determine the database name from the data source URL: VALUE_0

Explanation

The IBM Security Guardium Key Lifecycle Manager determines the name of database to backup by parsing the data source URL that was specified during the installation of the database. The backup program failed because the database name could not be determined.

System action

The database backup operation fails.

Administrator response

Verify that the data source URL is correctly specified. Then, try the operation again.

CTGKM0803E The backup program could not determine the directory to which database files will be saved.

Explanation

IBM Security Guardium Key Lifecycle Manager determines the directory to save the files by using the datastore.properties file. The backup program failed because the directory could not be determined.

System action

The database backup operation fails.

Administrator response

Verify that the IBM Security Guardium Key Lifecycle Manager has been configured correctly and the correct value for the tklm.backup.db2.dir property exists in the properties file.

CTGKM0804E The backup program failed because archival logging has not been enabled.

Explanation

The IBM Security Guardium Key Lifecycle Manager requires that archival logging is enabled for the IBM Security Guardium Key Lifecycle Manager in order to perform an online backup. The installation program enables the archival logging.

System action

The database backup operation fails.

Administrator response

Verify that the IBM Security Guardium Key Lifecycle Manager has been configured correctly and that archival logging is enabled. To determine the logging method that Db2® currently uses, run this command: db2 get db cfg for sklmdb

CTGKM0805E The backup program failed because the backup program could not write to the directory that was specified for the database files.

Explanation

IBM Security Guardium Key Lifecycle Manager

Explanation

requires that directory that is specified in the datastore.properties file exists for the property tklm.backup.db2.dir and is writeable. The Db2 backup utility found an error in the specified directory.

System action

The database backup operation fails.

Administrator response

Verify that the directory specified in the properties file exists and is writeable.

CTGKM0806E An error occurred reading the sklm.properties file.

Explanation

IBM Security Guardium Key Lifecycle Manager reads the sklm.properties file to determine appropriate parameters to perform a database restore operation. An error occurred while reading this file.

System action

The database restore operation fails.

Administrator response

Ensure that the sklm.properties file is read enabled. If an internal component failed, you might restart the IBM Security Guardium Key Lifecycle Manager server. Then, try the operation again. If the problem continues, examine the audit log for exception information. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.

CTGKM0807E An error occurred getting the value for attribute VALUE_0

Explanation

An attempt was made to read a value from the sklm.properties file. You might not be authorized to read the sklm.properties file.

System action

The database restore operation fails.

Administrator response

Ensure that you have the correct authorization. If the problem continues, examine the audit log for exception information about the error. Make necessary corrections. Then, try the operation again. You might need to call IBM Support.

CTGKM0808E The restore program could not determine the directory from which to restore database files.

Explanation

IBM Security Guardium Key Lifecycle Manager determines the directory to restore the file from arguments specified to the restore program. If the arguments are not specified, it determines the directory from the datastore.properties file. The restore program failed because the directory could not be determined.

System action

The database restore operation fails.

Administrator response

Verify that IBM Security Guardium Key Lifecycle Manager has been configured correctly and a valid tklm.backup.db2.dir value exists in the datastore.properties file.

CTGKM0809E A null value was specified for the timestamp associated with the previously saved database files.

Explanation

IBM Security Guardium Key Lifecycle Manager determines the timestamp to restore the file from arguments specified to the restore program. The restore program failed because the timestamp could not be determined.

System action

The database restore operation fails.

Administrator response

Verify that IBM Security Guardium Key Lifecycle Manager has been configured correctly.

CTGKM0850E An exception occurred during the restore operation. Examine the db2restore.log for exception information. Complete the restore operation before attempting any other IBM Security Guardium Key Lifecycle Manager tasks.

Explanation

IBM Security Guardium Key Lifecycle Manager encountered an exception.

System action

The database restore operation fails.

Administrator response

Ensure that you have configured IBM Security Guardium Key Lifecycle Manager correctly. If the problem continues, examine the db2tklmrestore log for exception information about the error. Make necessary corrections. Then, try the operation again. You might need to contact IBM Support.

CTGKM0851E The group cannot be created because an entity (key) cannot be in multiple key groups. The entity VALUE_0 is already a member of the group VALUE_1.

Explanation

While creating a group, you specified an entity that already exists in another group. The entity cannot not be in multiple groups.

System action

The group creation operation fails.

Administrator response

Specify an entity (key) that does not exist in another group. Then, try the operation again.

CTGKM0852E The specified entity (key) VALUE_0 cannot be added to the group because the entity cannot be in multiple groups. The entity is already a member of the group VALUE_1.

Explanation

While adding an entity to a group, you specified an entity that already exists in another group. The entity cannot not be in multiple groups.

System action

The group creation operation fails.

Administrator response

Specify an entity (key) that does not exist in another group. Then, try the operation again.

CTGKM0900E Database connection failed on data source VALUE_0 . Check to see if database server needs to be restarted or if database user's password needs to be updated.

Explanation

The database may be down or the database user's password for accessing the IBM Security Guardium Key Lifecycle Manager database might need to be updated.

System action

The database operation fails.

Administrator response

Verify that the database is up or check if the database user's password for accessing the IBM Security Guardium Key Lifecycle Manager database might need to be updated, for example, after a mandated password change on the corresponding operating system account.

CTGKM0901E Backup operation fails because the backup directory cannot be resolved. Specify a valid backup directory name and path, and retry the operation.

Explanation

The name or path of the backup directory is invalid, and hence could not be resolved.

System action

The backup operation fails.

Administrator response

Specify a valid backup directory and retry the operation.

CTGKM0902E Default backup directory cannot be determined: VALUE_0 .

Explanation

The configuration property tklm.backup.dir cannot be found.

System action

The IBM Security Guardium Key Lifecycle Manager backup operation fails.

Administrator response

Ensure that the tklm.backup.dir parameter is set in the configuration file or provide the backupDirectory parameter to the backup operation.

CTGKM0903W IBM Security Guardium Key Lifecycle Manager restore is already in progress.

Explanation

Only one restore/backup operation is allowed at any given time.

System action

The requested operation will not be performed.

Administrator response

Wait until the operation completes.

CTGKM0904W IBM Security Guardium Key Lifecycle Manager backup is already in progress.

Explanation

Only one restore/backup operation is allowed at any given time.

System action

The requested operation will not be performed.

Administrator response

Wait until the operation completes.

CTGKM0905E Backup of VALUE_0 failed: VALUE_1 .

Explanation

Backup failed unexpectedly.

System action

Backup fails.

Administrator response

Check the log entries to find out the reason for backup failure.

CTGKM0906E Specified backup file does not exist: VALUE_0 .

Explanation

The backup file does not exist.

System action

The IBM Security Guardium Key Lifecycle Manager restore operation fails.

Administrator response

Make sure that the backup file path provided to the restore operation is valid.

CTGKM0907E Restore of VALUE_0 failed: VALUE_1 .

Explanation

Restore failed unexpectedly.

System action

Restore fails.

Administrator response

Check the log entries to find out the reason for restore failure.

CTGKM0908E Error reading manifest from the backup jar file: VALUE_0 .

Explanation

Backup manifest could be corrupted or incorrect for unknown reasons.

System action

Restore fails.

Administrator response

Check the log entries to find out the reason for restore failure.

CTGKM0909E Error making a backup copy of existing configuration file: VALUE_0 .

Explanation

Backup copy of a configuration file could not be made.

System action

Restore fails.

Administrator response

Check the log entries to find out the reason for restore failure.

CTGKM0910E I/O error while creating backup jar file jar_file_name \nError message: error_msg .

Explanation

Input/Output file error occurred while creating the backup jar file.

System action

Backup fails.

Administrator response

Check the log entries to find out the reason for backup failure.

CTGKM0911E Entry in the jar has been modified since the backup file was created: \nJar file: jar_file_name \nJar entry name: jar_entry_name \nDestination: destination

Explanation

An entry in the backup jar file has been changed since the jar file was created. This may indicate a corrupt file or a backup jar which has been tampered with in some way.

System action

Restore fails.

Administrator response

Check the integrity of the backup file in question. Use another backup jar file if available.

CTGKM0912E I/O error, missing or corrupt data detected while extracting jar file entry.\nJar file name: jar_file_name \nJar entry name: jar_entry_name \nDestination: destination

Explanation

Backup jar file or an entry in the backup jar file is missing, corrupt or has been tampered with.

System action

Restore fails.

Administrator response

Check the integrity of the backup file in question. Use another backup jar file if available.

CTGKM0913E I/O error while decrypting and/or extracting jar file. \nPossible cause: Incorrect password may have been provided, which results in the jar entry being decrypted incorrectly.

Explanation

I/O error occurred while decrypting and/or extracting a jar file entry. A common reason for this error is that a file was encrypted using one password and an incorrect or null password was provided to decrypt the file. Decryption will still take place, but the decrypted file is not valid and cannot be used in later stages of the restore.

System action

Restore fails.

Administrator response

Check the password provided for decryption. Check if the destination location contains sufficient disk space to hold the decrypted/extracted file. Check the log files for additional clues if necessary. Retry the operation.

CTGKM0914W IBM Security Guardium Key Lifecycle Manager backup or restore operation is in progress. Database connections cannot be obtained at this moment. Try again later.

Explanation

To minimize the risk of data inconsistency, a IBM Security Guardium Key Lifecycle Manager backup or restore operation needs to be done while the database is not used by the IBM Security Guardium Key Lifecycle Manager server. This warning message will be displayed in the graphical user interface and/or log file.

System action

Database connection is not possible and the IBM Security Guardium Key Lifecycle Manager operation requesting it fails.

Administrator response

Retry your operation after the backup or restore is done.

CTGKM0915E IBM Security Guardium Key Lifecycle Manager backup failed due to low disk space on the file system containing the backup directory VALUE_0 .

Explanation

The database backup failed due to low disk space on the file system containing the backup directory.

System action

The backup operation fails.

Administrator response

Increase the available disk space on the file system containing the database backup directory. Then try the operation again.

CTGKM0916W Warning: Information about this backup was not saved. However, the IBM Security Guardium Key Lifecycle Manager backup operation saved all the necessary files, which could be used for a restore operation in the future.

Explanation

A successful backup operation saves information about the backup in a file named SKLM_HOME/config/lastbackupinfo. However, the step to save this information failed, or the information is incorrect. You can still use the backup file for a restore operation. Possible reasons for failure: Another process was using the lastbackupinfo file, or permissions for the SKLM_HOME/config directory are incorrect.

System action

The backup operation succeeded but the information about the most recent backup could not be saved.

Administrator response

Verify that no other process is using the lastbackupinfo file and the SKLM_HOME/config directory has the correct read and write permissions. Then try the backup operation again if you want this information to be accurate.

CTGKM0917E IBM Security Guardium Key Lifecycle Manager failed to determine the information about the last successful backup. Possible reasons: A backup was never done on this system, the file permissions are incorrect, or the file was deleted.

Explanation

After a successful backup, IBM Security Guardium Key Lifecycle Manager saves the information about the backup in a file named SKLM_HOME/config/lastbackupinfo. This file could not be read.

System action

The IBM Security Guardium Key Lifecycle Manager fails to determine the information about the last successful backup.

Administrator response

If you restored a backup from another system, this file may not be available. Verify that the SKLM_HOME/config/lastbackupinfo file exists and that the file has read permission. Run the operation again.

CTGKM0918E Cannot add a value to a single-valued KMIP attribute when a value already exists. Object uuid: VALUE_0, Object name: VALUE_1, Attribute name: VALUE_2.

Explanation

Cannot add a value to a single-valued KMIP attribute when value already exists. Existing value can be modified or deleted.

System action

The operation fails.

Administrator response

Modify or delete the value. Then, try the operation again.

CTGKM0919E Cannot modify attribute value. Current value is not defined at index VALUE_0. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.

Explanation

Cannot modify a value on a multi-valued KMIP attribute because the value does not exist at the specified index.

System action

The operation fails.

Administrator response

Modify or delete the value. Then, try the operation again.

CTGKM0920E Cannot delete attribute value. Incorrect attribute value index was specified: VALUE_0. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.

Explanation

Cannot delete a value because the value does not exist at the specified index.

System action

The operation fails.

Administrator response

Provide a valid index.

CTGKM0921E Cannot modify attribute value. New value is not provided. Object uuid: VALUE_0, Object name: VALUE_1, Attribute name: VALUE_2.

Explanation

Cannot modify a value because a new value was not provided.

System action

The operation fails.

Administrator response

Provide a valid new value or delete the existing value.

CTGKM0922E Range Specification is not valid: VALUE_0

Explanation

One or two range-capable values of the same range-capable attribute type are expected.

System action

The operation fails.

Administrator response

Provide a valid range. Then, try the operation again.

CTGKM0923E Unsupported parameter type detected: VALUE_0

Explanation

Unsupported parameter type was specified.

System action

The operation fails.

Administrator response

Provide a valid parameter. Then, try the operation again.

CTGKM0924E Unsupported usage mask ' VALUE_0 ' on object with uuid VALUE_1

Explanation

Unsupported KMIP usage mask was detected in the data store.

System action

The IBM Security Guardium Key Lifecycle Manager cannot retrieve object's data.

Administrator response

Investigate the source of incorrect data and correct or delete it before trying again.

CTGKM0925E Cannot VALUE_0 a value when no attribute value was supplied. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.

Explanation

Cannot perform the operation when no attribute value is passed.

System action

The operation fails.

Administrator response

Supply the value. Then, try the operation again.

CTGKM0926E Cannot VALUE_0 a value when no attribute value currently exists. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3.

Explanation

Cannot perform the operation when that attribute does not exist on that object.

System action

The operation fails.

Administrator response

Add the attribute with its value.

CTGKM0927E Cannot VALUE_0 a value when no attribute value currently exists at that index. Object uuid: VALUE_1, Object name: VALUE_2, Attribute name: VALUE_3. Index: VALUE_4.

Explanation

Cannot perform the operation when that attribute does not exist on that object.

System action

The operation fails.

Administrator response

Add the attribute with its value.

CTGKM0928E Certificate alias cannot contain \' \\ \' or \' / \' or \' .

Explanation

You cannot create a certificate with \' \\ \' or \' / \' or \' in the alias.

System action

The operation fails.

Administrator response

Specify an alias that does not contain \' \\ \' or \' / \' or \' . Then, try the operation again.

CTGKM0929E Error occurred while looking up version numbers.

Explanation

Command could not be executed. On Windows systems, ensure that the environment variable ProgramFiles is set correctly. If you are running 64-bit Windows, ensure that the environment variable ProgramFiles(x86) is also correctly set.

System action

The operation fails.

Administrator response

Ensure that the required environment variables are correctly set.

CTGKM0930E Because this certificate is outside of its validity period and the validate certificates check is enabled, cannot assign this certificate to the device.

Explanation

The certificate is outside of its validity period and not available for use.

System action

The operation fails.

Administrator response

Select another certificate.

CTGKM0931E Not all version numbers were successfully retrieved.

Explanation

Some version numbers could not be retrieved. Ensure that the 'IBM ADE Service' service is running.

System action

The operation fails.

Administrator response

Ensure that the service 'IBM ADE Service' is running. To start the service in Windows, go to the Control Panel > Services. To start the service in Linux®, run the /usr/ibm/common/acsi/bin/acsisrv.sh command. Then, try the operation again.

CTGKM0932E The value of newAlias cannot be an empty string.

Explanation

You must provide a value for newAlias.

System action

The operation fails.

Administrator response

Specify a value for newAlias. Then, try the operation again.

CTGKM0933E Certificate with alias VALUE_0 is compromised and cannot be set as a system, partner, or device default.

Explanation

A compromised certificate cannot be set as a system, partner, or device default.

System action

The operation fails.

Administrator response

Select another certificate to use as a default.

CTGKM0934E Key with alias VALUE_0 is compromised and cannot be set as a device default.

Explanation

A compromised key cannot be set as a device default.

System action

The operation fails.

Administrator response

Select another key to use as a default.

CTGKM0935E alias is required if newAlias is specified.

Explanation

The alias parameter is required if newAlias is specified.

System action

The operation fails.

Administrator response

Specify an alias and try the operation again.

CTGKM0937E Target uuid is not valid for the rollover object to be deleted: VALUE_0

Explanation

The target uuid is not valid for the rollover object.

System action

The operation fails.

Administrator response

Ensure that the target uuid is valid and try the operation again.

CTGKM0938E Device group of the target is not valid for the rollover object to be deleted: VALUE_0

Explanation

The target device group is not valid for the rollover object.

System action

The operation fails.

Administrator response

Ensure that the target device group is valid and try the operation again.

CTGKM0940E Common name cannot exceed 256 characters.

Explanation

Common name is too long. The maximum length allowed is 256 characters.

System action

Certificate creation fails.

Administrator response

Specify a common name not exceeding 256 characters, then try the operation again.

CTGKM0942E Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files are required. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.

Explanation

For Stronger encryption we require Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.

System action

Administrator response

Install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files.

CTGKM0944E Password must be specified.

Explanation

Password must be specified.

System action

Administrator response

Specify a password and try again.

CTGKM0945E Backup Identifier is missing.

Explanation

Backup Identifier must be present.

System action

Restore operation fails.

Administrator response

Ensure that the backup identifier is present and retry the operation.

CTGKM0946E The system is not configured to use HSM. But, the backup you are trying to restore is protected by HSM-based encryption.

System action

The restore operation fails.

Administrator response

Configure the system with HSM-based configuration settings.

CTGKM0947E Backup system version below 4.1 is not supported with restore container system version. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.

Explanation

For restore on container system we require mimimum version 4.1. For more information, see the Backup and restore section of the product documentation in the IBM Knowledge Center.

System action

Administrator response

Upgrade to version 4.1. Create the backup and then try restore again.

CTGKM1000E Error while invoking scheduled task handler:\n \tTask Id: task_id\n \tTask Type: task_type\n \tTask Name: task_name\n \tOriginal error message: error_message

Explanation

Error occurred while instantiating a scheduled task handler class.

System action

Task will not be executed. Audit log will contain a failure message.

Administrator response

This should not happen under normal conditions. Make sure that the task handler class exists in the correct location and is specified correctly.

CTGKM1001E Required task name value is not defined.

Explanation

Required task name value was detected missing when scheduling a task.

System action

Task will not be scheduled.

Administrator response

This should not happen under normal conditions. Make sure that the task information contains all required values before submitting it.

CTGKM1002E Required task type value is not defined.

Explanation

Required task type value was detected missing when scheduling a task.

System action

Task will not be scheduled.

Administrator response

This should not happen under normal conditions. Make sure that the task information contains all required values before submitting it.

CTGKM1003E Error while scheduling a task:\n Original error message: error_message

Explanation

Required task type value was detected missing when scheduling a task.

System action

Task will not be scheduled.

Administrator response

This should not happen under normal conditions. Make sure that the task information contains all required values before submitting it.

CTGKM1004E Error occurred while suspending a scheduled task:\n Original error message: error_message

Explanation

Error occurred while suspending a scheduled task.

System action

Task will not be suspended.

Administrator response

This should not happen under normal conditions. Investigate the logs for clues.

CTGKM1005E Error occurred while resuming a suspended scheduled task:\n Original error message: error_message

Explanation

Error occurred while resuming a suspended scheduled task.

System action

Task will not be resumed.

Administrator response

This should not happen under normal conditions. Investigate the logs for clues.

CTGKM1006E Error occurred while canceling a scheduled task:\n Original error message: error_message

Explanation

Error occurred while canceling a scheduled task.

System action

Task will not be canceled.

Administrator response

This should not happen under normal conditions. Investigate the logs for clues.

CTGKM1007E Error occurred while purging a task:\n Original error message: error_message

Explanation

Error occurred while purging a task.

System action

Task will not be purged.

Administrator response

This should not happen under normal conditions. Investigate the logs for clues.

CTGKM1008E Scheduler is not available:\n Original error message: error_message

Explanation

Scheduler is not available.

System action

Scheduler related operations fail.

Administrator response

This should not happen under normal conditions. Investigate the logs and server startup log for clues. Restart the system. Check if the database server is operating correctly.

CTGKM1009E Error in scheduler task detected:\n Original error message: error_message

Explanation

Error in scheduler task detected.

System action

Operations involving this task will fail.

Administrator response

This should not happen under normal conditions. Investigate the logs for clues. Delete the task and reschedule.

CTGKM1072W The system will be restored from ${0}. The key and configuration data will be restored to the level of the backup that you select. Any changes made after the selected backup will be lost, including the metadata. After restoring from this backup, the server will be restarted automatically. The server will not be available during the restart process. After the server is restarted, you must restart the browser session (Log in again to use the product user interface). Do you want to continue?

Explanation

The key and configuration data are restored to the level of the backup that you select. Any changes made after the selected backup are lost, including the metadata.

System action

The key and configuration data are restored to the level of the backup you select. Later changes are lost.

Administrator response

Confirm that you want to restore from this backup level. When the operation completes, manually restart the Guardium Key Lifecycle Manager server.

CTGKM1100E Object (object_type) with identifier object_id cannot be found.

Explanation

The identifier value that you specified does not match an existing object.

System action

The operation fails.

Administrator response

Specify an identifier which corresponds to an existing object.

CTGKM1101E Incorrect or missing parameter was passed to perform a data store operation. Parameter identifier: parameter_id

Explanation

Incorrect input was specified for a data store operation.

System action

The operation fails.

Administrator response

Make sure that correct parameters are used as input.

CTGKM1107E Error: symmetricKeySet VALUE_1 for parameter VALUE_0 .

Explanation

The passed symmetricKeySet is either not a valid key or key group.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1108E Key Group for device group is not valid: VALUE_1 for parameter VALUE_0 .

Explanation

The passed symmetricKeySet key group is not the valid device group

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1109E Key for device group is not valid VALUE_1 for parameter VALUE_0 .

Explanation

The passed symmetricKeySet key is not the valid device group.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1110E Certificate alias VALUE_0 does not exist in this device group.

Explanation

The passed defaultAlias1/defaultAlias2 does not exist.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1111E Key Alias does not belong to device group VALUE_1 for parameter VALUE_0 .

Explanation

The passed defaultAlias1/defaultAlias2 does not match the given device group.

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1115E Cannot change the device group of this device. It is associated with a key or key group.

Explanation

Cannot change the device group. The device is associated with a key or key group.

System action

Cannot change the device group. The device is associated with a key or key group.

Administrator response

Cannot change the device group. The device is associated with a key or key group.

CTGKM1116E Cannot change the device group of this device. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.

Explanation

Cannot change the device group. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.

System action

The operation fails.

Administrator response

Cannot change the device group. The symmetric key alias of this device is being used as the default symmetric key alias of the device group, and cannot be moved.

CTGKM1117E Cannot change the device group membership. The key is used by one or more devices.

Explanation

Cannot change the device group membership. The key is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The key is used by one or more devices.

CTGKM1118E Cannot change the device group membership. The certificate is used by one or more devices.

Explanation

Cannot change the device group membership. The certificate is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The certificate is used by one or more devices.

CTGKM1119E Cannot change the device group membership. The certificate is used by one or more devices.

Explanation

Cannot change the device group membership. The certificate is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The certificate is used by one or more devices.

CTGKM1120E Cannot change the device group membership. The symmetric key is used by one or more devices.

Explanation

Cannot change the device group membership. The symmetric key is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The symmetric key is used by one or more devices.

CTGKM1121E Cannot change the device group membership. The group is used by one or more devices.

Explanation

Cannot change the device group membership. The group is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The group is used by one or more devices.

CTGKM1122E Cannot change the device group membership. The symmetric key is used by one or more devices.

Explanation

Cannot change the device group membership. The symmetric key is used by one or more devices.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The symmetric key is used by one or more devices.

CTGKM1123E Cannot change the device group membership. The symmetric key is being used by another device group.

Explanation

Cannot change the device group membership. The symmetric key is being used by another device group.

System action

Cannot change the device group membership. The symmetric key is being used by another device group.

Administrator response

Cannot change the device group membership. The symmetric key is being used by another device group.

CTGKM1124E Cannot change the device group membership. The symmetric key is being used by another device.

Explanation

Cannot change the device group membership. The symmetric key is being used by another device.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The symmetric key is being used by another device.

CTGKM1125E Cannot change the device group membership. The certificate is being used by another device group.

Explanation

Cannot change the device group membership. The certificate is being used by another device group.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The certificate is being used by another device group.

CTGKM1126E Cannot change the device group membership. The certificate is being used by another device group.

Explanation

Cannot change the device group membership. The certificate is being used by another device group.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The certificate is being used by another device group.

CTGKM1127E Cannot change the device group membership. The certificate is being used by another device.

Explanation

Cannot change the device group membership. The certificate is being used by another device.

System action

The operation fails.

Administrator response

Cannot change the device group membership. The certificate is being used by another device.

CTGKM1129E Target and source device groups family type does not match.

Explanation

System action

Administrator response

CTGKM1130E Cannot delete a device group when keys, certificates, groups, or devices are attached to that device group.

Explanation

System action

Administrator response

CTGKM1131E Key Alias Device Group does not match the device.

Explanation

System action

Administrator response

CTGKM1132E Symmetric Key Alias device group does not match device.

Explanation

System action

Administrator response

CTGKM1133E Delete operation failed because family device groups cannot be deleted.

Explanation

System action

Administrator response

CTGKM1134E Device group already exists. Specify a different device group name and retry the operation.

Explanation

Device group already exists.

System action

Operation fails.

Administrator response

Specify a different device group name and retry the operation.

CTGKM1135E Incorrect device group family VALUE_0

Explanation

The device family must exist.

System action

The operation fails.

Administrator response

Specify an existing device family.

CTGKM1136E Group device group does not match the secret key device group usage.

Explanation

The group device group must match the secret key device group.

System action

The operation fails.

Administrator response

Group device group does not match the secret key device group usage.

CTGKM1137E Cannot add an empty key group as the default symmetricKeySet.

Explanation

The key group must have keys.

System action

The operation fails.

Administrator response

Cannot add an empty key group as the default symmetricKeySet.

CTGKM1138E No attributes were specified for the device group attribute update operation.

Explanation

No attribute-value pairs were specified to update information for a device group attribute.

System action

The operation fails.

Administrator response

Collect available audit log information and contact IBM Support.

CTGKM1139E Incorrect value for device group name VALUE_0

Explanation

The device group name must follow the requirement: 1. Can only contain alphanumeric characters and underscore. 2. First character cannot be a digit. 3. Maximum length is 256.

System action

The operation fails.

Administrator response

The device group name must follow the requirement: 1. Name can only contain alphanumeric character and underscore 2. First character cannot be a digit. 3. Maximum length should be 256.

CTGKM1140E Device family VALUE_0 cannot be used to create a device group.

Explanation

The specified device family cannot be used for this operation.

System action

Device group not created.

Administrator response

Specify a different device family. Then, try again.

CTGKM1141E aliasOne and aliasTwo are not valid attributes for the LTO device group and DS5000 device group.

Explanation

Key aliasOne and aliasTwo are not used by LTO and DS5000 device groups.

System action

Device not created or updated.

Administrator response

Remove the attributes aliasOne and aliasTwo. Then, try the operation again.

CTGKM1142E symAlias is not a valid attribute for a DS8000 device group and 3592 device group.

Explanation

symAlias is not used by DS8000 and 3592 device groups.

System action

Device not created or updated.

Administrator response

Remove the attribute symAlias. Then, try the operation again.

CTGKM1143E Cannot delete enableKMIPDelete attribute. enableKMIPDelete attribute must have a value of true or false.

Explanation

enableKMIPDelete attribute must have a value of true or false.

System action

The operation fails.

Administrator response

Do not run this command to delete the enableKMIPDelete attribute value.

CTGKM1144E Value for enableKMIPDelete attribute is not valid. A valid value is true or false.

Explanation

Value for enableKMIPDelete attribute is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false for the enableKMIPDelete attribute and try the operation again.

CTGKM1145E Expired or inactive Key Alias cannot be set as default.

Explanation

The defaultAlias1 or defaultAlias2 is expired or inactive

System action

The operation fails.

Administrator response

Specify a valid value for the parameter. Then, try the operation again.

CTGKM1146E The device group VALUE_0 does not support secret keys.

Explanation

The device group does not support secret keys.

System action

The operation fails.

Administrator response

Specify a device group that supports secret keys. Then, try the operation again.

CTGKM1147E The device group VALUE_0 does not support certificates.

Explanation

The device group does not support certificates.

System action

The operation fails.

Administrator response

Specify a device group that supports secret keys. Then, try the operation again.

CTGKM1148E Value for enableMachineAffinity attribute is not valid. A valid value is true or false.

Explanation

Value for enableMachineAffinity attribute is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false for the enableMachineAffinity attribute and try the operation again.

CTGKM1149E Value for device.AutoPendingAutoDiscovery attribute is not valid. Valid values are 0, 1 and 2.

Explanation

Value for device.AutoPendingAutoDiscovery attribute is not valid. Valid values are 0, 1 and 2.

System action

The operation fails.

Administrator response

Specify valid values (0,1,2) for device.AutoPendingAutoDiscovery attribute and try the operation again.

CTGKM1152E TLS or IKEv2-SCSI certificate is not allowed to move to other device groups.

Explanation

TLS or IKEv2-SCSI certificate is not allowed to move to other device groups.

System action

The operation fails.

Administrator response

CTGKM1150E Cannot delete machineAffinity attribute. machineAffinity must have a value of true or false.

Explanation

machineAffinity attribute must have a value of true or false.

System action

The operation fails.

Administrator response

Do not run this command to delete the machineAffinity attribute value.

CTGKM1151E Cannot delete device.AutoPendingAutoDiscovery attribute. device.AutoPendingAutoDiscovery must have a value of 0, 1 or 2.

Explanation

device.AutoPendingAutoDiscovery attribute must have a value of 0, 1 or 2.

System action

The operation fails.

Administrator response

Do not run this command to delete the device.AutoPendingAutoDiscovery attribute value.

CTGKM1153E Cannot add a DS5000 family device with symAlias specified.

Explanation

You attempted to create a DS5000 family device and associate it with a key group.

System action

The device add operation fails.

Administrator response

Do not specify symAlias. Then, try the operation again.

CTGKM1154E Cannot associate a device with an empty key group.

Explanation

Cannot associate a device with an empty key group.

System action

The device update operation fails.

Administrator response

Specify a different symAlias. Then, try the operation again.

CTGKM1156E Conflicted key VALUE_0 cannot be moved to a new device group.

Explanation

Conflicted key cannot be moved to a new device group.

System action

The key update operation fails.

Administrator response

Specify a different key alias. Then, try the operation again.

CTGKM1157E Unknown key can be moved to either VALUE_0 or VALUE_1 or VALUE_2 device group only.

Explanation

Explanation

Explanation

Unknown key cannot be moved to a device group other than DS8000, 3592, SSLSERVER.

System action

The key update operation fails.

Administrator response

Specify a different device group. Then, try the operation again.

CTGKM1158E Conflicted certificate VALUE_0 cannot be moved to a new device group.

Explanation

Conflicted certificate cannot be moved to a new device group.

System action

The certificate update operation fails.

Administrator response

Specify a different certificate alias. Then, try the operation again.

CTGKM1159E Unknown certificate can be moved to either VALUE_0 or VALUE_1 or VALUE_2 device group only.

Explanation

Unknown certificate cannot be moved to a device group other than DS8000, 3592, SSLSERVER.

System action

The certificate update operation fails.

Administrator response

Specify a different device group. Then, try the operation again.

CTGKM1160E Unknown device can be moved to either VALUE_0 or VALUE_1 device group only.

Explanation

Unknown device cannot be moved to a device group other than LTO, 3592.

System action

The device update operation fails.

Administrator response

Specify a different device group. Then, try the operation again.

CTGKM1161E Conflicted certificate cannot be specified for a default rollover. This certificate is not valid: alias

Explanation

Conflicated certificate cannot be specified for a default rollover.

System action

The add rollover operation fails.

Administrator response

Specify a different certificate alias. Then, try the operation again.

CTGKM1162E The device group VALUE_0 does not support keys.

Explanation

The device group does not support keys.

System action

The operation fails.

Administrator response

Specify a device group that support keys. Then, try the operation again.

CTGKM1163E The key with alias VALUE_0 cannot be moved. Keys belonging to a key group cannot be moved between device groups.

Explanation

Keys are not allowed to be moved between device groups if that key is member of any key group.

System action

The key update operation fails.

Administrator response

Specify a key which does not belong to a key group, then try again.

CTGKM1200E Error getting device groups for device family VALUE_0 .

Explanation

Exception occurred during the process.

System action

The operation fails.

Administrator response

See the log for more details.

CTGKM1201E Error getting device families for device group VALUE_0 .

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1202E Error getting a list of device groups.

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1203E Error creating device group VALUE_0 .

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1204E Error deleting device group VALUE_0 .

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1205E Error setting machine affinity.

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1206E Error setting auto pending.

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1207E Error getting devices referencing key group.

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1208E Error getting devices referencing certificate.

Explanation

Exception occurred during the process.

System action

See the log for more details.

Administrator response

See the log for more details.

CTGKM1209E Concurrent update error. Another user might have changed the data.

Explanation

Exception occurred while performing a concurrent update.

System action

See the log for more details.

Administrator response

Refresh and try again.

CTGKM1210E An error occurred while accepting the pending device.

Explanation

The device may have already been accepted, there may be an error in the additional fields specified while accepting this device, or the IBM Security Guardium Key Lifecycle Manager database might not be available. Additional information should accompany this message.

System action

The device may not have been accepted, or the device was accepted but additional fields specified for the device may not have been set.

Administrator response

The additional information accompanying this message might guide your response. You might need to confirm that the database is available.

CTGKM1211E An error occurred while rejecting the pending device.

Explanation

The device may have already been rejected by another user or the IBM Security Guardium Key Lifecycle Manager database might not be available. Additional information should accompany this message.

System action

The device may not have been rejected.

Administrator response

The additional information accompanying this message might guide your response. You might need to confirm that the database is available.

CTGKM1212E An error occurred while setting the default key group.

Explanation

IBM Security Guardium Key Lifecycle Manager database might not be available. Additional information should accompany this message.

System action

Cannot update the default key group.

Administrator response

The additional information accompanying this message might guide your response.

CTGKM1213E An error occurred while setting the default certificate.

Explanation

IBM Security Guardium Key Lifecycle Manager database might not be available. Additional information should accompany this message.

System action

Cannot update the default certificate.

Administrator response

The additional information accompanying this message might guide your response.

CTGKM1214E An error occurred while setting the partner certificate.

Explanation

IBM Security Guardium Key Lifecycle Manager database might not be available. Additional information should accompany this message.

System action

Cannot update the partner certificate.

Administrator response

The additional information accompanying this message might guide your response.

CTGKM1215W Not all keys were made. Some aliases of the keys for the specified key group collided with another key group generated at the same time. You might want to use Modify Key Group panel to add additional keys.

Explanation

There were key alias conflicts and the total number of keys requested could not be created.

System action

No action required.

Administrator response

Use Modify Key Group panel to add additional keys.

CTGKM1301E The key group VALUE_0 cannot be set as a system or device default, because all its keys are compromised.

Explanation

Key groups containing only compromised keys cannot be set as a system or device default.

System action

The operation fails.

Administrator response

Add non-compromised keys to the key group, or specify a different key group.

CTGKM1302E The private key algorithm is VALUE_0, which is not supported for usage VALUE_1. The supported algorithms are: VALUE_2

Explanation

The private key uses an encryption algorithm which is not supported for the specified device group.

System action

The operation fails.

Administrator response

Change the usage, or specify another private key with an appropriate encryption algorithm. Then, try the operation again.

CTGKM1303E Unable to access keystore file VALUE_0.

Explanation

Keystore file is missing or not readable.

System action

The operation fails.

Administrator response

Ensure that the specified file exists and has the correct permissions.

CTGKM1307E Keys could not be released because no backup has been made.

Explanation

A backup is required before keys can be released.

System action

The operation fails.

Administrator response

Make a backup, then try the operation again.

CTGKM1308E The configuration property VALUE_0 cannot be manually updated or deleted.

Explanation

The configuration property cannot be manually updated or deleted.

System action

The operation fails.

Administrator response

No action required.

CTGKM1400E Machine ID cannot be null.

Explanation

Machine ID is a required attribute.

System action

The operation fails.

Administrator response

Specify a valid machine ID.

CTGKM1401E Either machine ID or machine text is required.

Explanation

Either machine ID or machine text is required.

System action

The operation fails.

Administrator response

Specify either the machine ID or machine text. Then, try the operation again.

CTGKM1402E Machine UUID cannot be null.

Explanation

Machine UUID cannot be a null attribute.

System action

The operation fails.

Administrator response

Specify a value for the machine UUID.

CTGKM1403E Device group does not exist.

Explanation

The specified device group is not a valid or known device group.

System action

The operation fails.

Administrator response

Specify another valid device group.

CTGKM1404E Device group is not a DS5000 device group.

Explanation

The specified device group is not a DS5000 device group or a member of the DS5000 device family.

System action

The operation fails.

Administrator response

Specify a valid DS5000 device group or DS5000 device family.

CTGKM1405E Device UUID cannot be null.

Explanation

The specified device UUID cannot be empty or null.

System action

The operation fails.

Administrator response

Specify a valid device UUID.

CTGKM1406E Device does not exist.

Explanation

The specified device does not exist or is not a valid device in IBM Security Guardium Key Lifecycle Manager.

System action

The operation fails.

Administrator response

Specify a valid and known device group.

CTGKM1407E No machine IDs exist.

Explanation

No machine IDs exist in IBM Security Guardium Key Lifecycle Manager.

System action

The operation fails.

Administrator response

No machine IDs exist.

CTGKM1408E Machine ID/Text not found.

Explanation

This Machine ID/Text does not exist or is not valid.

System action

The operation fails.

Administrator response

Specify a valid machine identifier.

CTGKM1409E Machine affinity is ON. The device is associated with at least one machine and cannot be deleted or rejected.

Explanation

Machine affinity is ON. The device is associated with at least one machine and cannot be deleted or rejected.

System action

The operation fails.

Administrator response

Delete the machine device association before trying to delete or reject the device.

CTGKM1410E Either Machine UUID, Machine Text, or Machine ID is required.

Explanation

A value is required for either machine UUID, machine text, or machine ID.

System action

The operation fails.

Administrator response

Specify the machine UUID, machine text, or machine ID, and try again.

CTGKM1411E Machine Identifier field must be between 1 (minimum) and 48 (maximum) characters in length.

Explanation

Machine Identifier field should be between 1 and 48 characters in length.

System action

The operation fails.

Administrator response

Specify a machine identifier that is between 1 (minimum) and 48 (maximum) characters in length.

CTGKM1416E The specified machine must exist for the operation to succeed.

Explanation

Machine device association cannot be added. The machine does not exist.

System action

The operation fails.

Administrator response

Specify a valid machine identifier for this association.

CTGKM1417E Machine does not exist and cannot be updated.

Explanation

Machine lookup failed. It appears the machine does not exist.

System action

The operation fails.

Administrator response

Specify a valid machine identifier to update.

CTGKM1418E Machine text is not unique.

Explanation

Machine text is not unique. There is already a machine ID with that machine text.

System action

The operation fails.

Administrator response

Specify a unique string for the machine text.

CTGKM1419E Machine has existing machine affinities.

Explanation

The machine has existing machine affinities.

System action

The operation fails.

Administrator response

Delete all machine affinities before deleting the machine ID.

CTGKM1420E Device text is not unique.

Explanation

There is already a device with that device text.

System action

The operation fails.

Administrator response

Specify a different unique device text.

CTGKM1422E serialNumber cannot be updated with the device group.

Explanation

A serial number update is not supported for the device group.

System action

The operation fails.

Administrator response

Do not use a serial number as an attribute for this action.

CTGKM1423E VALUE_0 is not allowed for a non-DS5000 device group.

Explanation

This attribute is not allowed for a non-DS5000 device group.

System action

The operation fails.

Administrator response

Do not use this attribute for this action.

CTGKM1425E The machine device association or the device is not pending.

Explanation

The machine device association or the device has been accepted or is not in pending status.

System action

No action taken.

Administrator response

You cannot accept a nonpending machine/device.

CTGKM1426E Machine ID is not unique.

Explanation

The machine ID given is not unique in IBM Security Guardium Key Lifecycle Manager.

System action

The operation fails.

Administrator response

Specify a valid unique machine identifier.

CTGKM1427E Machine affinity already exists.

Explanation

Machine affinity for this device and machine already exists in IBM Security Guardium Key Lifecycle Manager.

System action

The operation fails.

Administrator response

Specify a different unique machine identifier and device.

CTGKM1429E The DS5000 number of keys cannot exceed 12.

Explanation

The DS5000 number of keys cannot exceed 12.

System action

The operation fails.

Administrator response

Specify a value between 0 and 12 for the number of keys.

CTGKM1430E This device has pending machine affinities. Reject the pending machine affinities first.

Explanation

This pending device has pending machine affinities. Reject the pending machine affinities first.

System action

The operation fails.

Administrator response

Reject the pending machine affinities first.

CTGKM1431E Value for DS5000 number of keys is not valid. The value must be a positive integer.

Explanation

The value for the DS5000 number of keys can only be a positive integer.

System action

The operation fails.

Administrator response

Specify a positive integer for the number of keys.

CTGKM1432E symmetricKeySet is not a valid attribute for a DS5000 device group.

Explanation

symmetricKeySet is not used by DS5000.

System action

Device group not created or updated.

Administrator response

Remove the symmetricKeySet attribute and try the operation again.

CTGKM1433E Values for machineText VALUE_1 and machineID VALUE_0 do not match.

Explanation

MachineText and MachineID do not match.

System action

Machine device will not be listed.

Administrator response

Specify a different value for machineText or machineID and try the operation again.

CTGKM1434E Machine Text must be between 1 and 96 characters in length.

Explanation

The value of the machineText parameter must be between 1 and 96 characters in length.

System action

The operation fails.

Administrator response

Specify a value for the machineText parameter between 1 and 96 characters in length.

CTGKM1435E Machine ID/Text does not match the Machine UUID.

Explanation

Machine ID/Text does not match the machine with the specified UUID.

System action

The operation fails.

Administrator response

Specify a different value for Machine ID/Text.

CTGKM1436E No machine affinity between device VALUE_0 and machine VALUE_1.

Explanation

Machine affinity is only supported for DS5000 devices.

System action

The operation fails.

Administrator response

Specify a DS5000 device.

CTGKM1500E NULL attribute array.

Explanation

No attributes were specified for a new template.

System action

The template is not created.

Administrator response

Specify attributes for the template, then try the operation again.

CTGKM1501E Found inappropriate attribute for template: VALUE_0

Explanation

The specified attribute is not supported by the template.

System action

The template is not created.

Administrator response

Remove or change the unsupported attribute, then try the operation again.

CTGKM1502E NULL template names array.

Explanation

No template names were specified to be merged.

System action

The template merge fails.

Administrator response

Specify template names to be merged, then try the operation again.

CTGKM1503E Template with name VALUE_0 not found.

Explanation

The specified template was not found in the database.

System action

The message processing fails because the template attributes cannot be read.

Administrator response

Specify the correct template name and try again.

CTGKM1504E The authentication information in the request was not able to be validated, or there was no authentication information in the request when there SHOULD have been.

Explanation

The authentication information is either missing or not valid.

System action

The authentication failed because the information provided is not valid or missing.

Administrator response

Specify the correct authentication information and try again.

CTGKM1505E The client does not have permission to perform the requested operation.

Explanation

The client is not authorized to perform the requested operation.

System action

The requested operation failed because the client does not have the permission.

Administrator response

Make sure that the requested operation is authorized and retry the action.

CTGKM1506E The operation failed due to a cryptographic error.

Explanation

The requested operation failed due to a cryptographic error.

System action

The requested operation failed because the key cannot be read due to a cryptographic error.

Administrator response

Please look at the exception message and take appropriate action.

CTGKM1507E An OPTIONAL feature specified in the request is not supported.

Explanation

The requested OPTIONAL feature is not supported.

System action

The request failed because the feature is not supported.

Administrator response

Remove or change the feature, then try the operation again.

CTGKM1508E The client requested an operation that was not able to be performed with the specified parameters.

Explanation

The specified parameters are not valid for the requested operation.

System action

The requested operation failed because the specified parameters are not valid.

Administrator response

Specify the correct parameters and try again.

CTGKM1509E Some data item in the request has an incorrect value.

Explanation

Some of the parameter value in the request is not valid.

System action

The requested operation failed because one or more of the attributes has an incorrect value.

Administrator response

Make sure to pass in the correct attribute values and retry the action.

CTGKM1510E The request message was not understood by the server.

Explanation

The message in the request was not understood by the server.

System action

The processing of the message failed because it was not understood by the server.

Administrator response

Specify the correct message in the request and try again.

CTGKM1511E A requested object was not found or did not exist.

Explanation

The requested object was not found.

System action

The requested operation failed because the object did not exist.

Administrator response

Make sure to pass the identifier for the existing object and retry the action.

CTGKM1512E The operation requires additional OPTIONAL information in the request, which is not present.

Explanation

The request is missing the OPTIONAL information required for the operation.

System action

The requested operation failed because it is missing the OPTIONAL information required.

Administrator response

Make sure to pass in the required OPTIONAL information and retry the action.

CTGKM1513E The object must be recovered from the archive before performing the operation.

Explanation

The requested object is archived.

System action

The requested operation failed because the object is archived.

Administrator response

Make sure that the object is recovered and retry the action.

CTGKM1514E The operation was asynchronous, and the operation was canceled by the Cancel operation before it completed successfully.

Explanation

The asynchronous operation was canceled before it completed successfully.

System action

The requested operation failed because it was canceled before it completed successfully.

Administrator response

No action required.

CTGKM1515E The operation requested by the request message is not supported by the server.

Explanation

The requested operation is not supported by the server.

System action

The requested operation failed because it is not supported by the server.

Administrator response

Specify a supported operation then try the operation again.

CTGKM1516E The response to a request would exceed the maximum response size in the request.

Explanation

The response size exceeds the maximum response size specified in the request.

System action

The requested operation failed because the response size exceeds the maximum response size specified in the request.

Administrator response

Increase the maximum response size in the request, then try the operation again.

CTGKM1517E Value out of range.

Explanation

The specified value is out of range.

System action

The requested operation failed because the value specified is out of the enumerated list.

Administrator response

Specify the correct value and retry the action.

CTGKM1520E The server was not able to perform the requested operation.

Explanation

An unexpected error occurred on the KMIP server.

System action

This error is returned to the KMIP client.

Administrator response

Please look at the exception message and take appropriate action.

CTGKM1521E The operation failed due to an inappropriate index.

Explanation

The caller passed an incorrect index on a multivalued attribute.

System action

This error is returned to the KMIP client.

Administrator response

Specify another index, and try the operation again.

CTGKM1522E Attribute VALUE_0 is not supported.

Explanation

Attribute name is unknown or unsupported.

System action

The operation fails.

Administrator response

Specify a supported attribute name, and try the operation again.

CTGKM1523E Index must be specified for update or delete operation on a multivalued attribute.

Explanation

Index was not specified for an update or delete operation on a multivalued attribute.

System action

The operation fails.

Administrator response

Specify an index, and try the operation again.

CTGKM1524E The operation VALUE_0 is not supported.

Explanation

The operation is not supported.

System action

The operation fails.

Administrator response

Specify a supported operation name, then try again.

CTGKM1525E The field VALUE_0 is not supported for the attribute VALUE_1.

Explanation

The field provided is not supported for the attribute.

System action

The operation fails.

Administrator response

Specify a field that is supported for the attribute, then try the operation again.

CTGKM1526E Date must be in the format VALUE_0, and represent a valid date.

Explanation

The date supplied is not valid.

System action

The operation fails.

Administrator response

Specify a valid date in the correct format, then try the operation again.

CTGKM1527E Attribute values must be specified for add or update operation.

Explanation

The add and update attributes operations require that attribute values be specified.

System action

The operation fails.

Administrator response

Specify the attribute values, then try the opreation again.

CTGKM1528E VALUE_0 fields must be specified for attribute VALUE_1.

Explanation

The listed fields are required when adding or updating this attribute.

System action

The operation fails.

Administrator response

Specify values for all the listed fields, then try the operation again.

CTGKM1529E Name for a custom attribute must begin with either VALUE_0 or VALUE_1.

Explanation

The name for a custom KMIP attribute must follow the stated requirements.

System action

The operation fails.

Administrator response

Specify a custom attribute name that meets the requirements, then try the operation again.

CTGKM1530E The value VALUE_0 is not supported for the field VALUE_1.

Explanation

The value is not supported for the specified field.

System action

The operation fails.

Administrator response

Specify a supported value, then try the operation again.

CTGKM1531E The value exceeds the limit for a multi-valued attribute.

Explanation

The value exceeds the limit for a multi-valued attribute set by the IBM Security Guardium Key Lifecycle Manager server.

System action

The operation fails.

Administrator response

Set the property mv.attribute.max.values in SKLMConfig.properties file to a higher value and try again.

CTGKM1532E Value contains reserved wildcard characters that are not allowed.

Explanation

The specified value contains reserved wildcard characters such as (* and %).

System action

The requested operation failed because the value specified is not valid.

Administrator response

Specify the correct value and retry the action.

CTGKM1533E The request cannot be processed.

Explanation

The request from this device cannot be processed.

System action

The requested operation fails.

Administrator response

Check the setting for accepting devices for this device group through the graphical user interface. Take appropriate action either to accept this device from the pending list or set the flag to automatically accept all new devices. Then try the request again.

CTGKM1534E The request cannot be processed.

Explanation

An internal error occurred and the request from this device cannot be processed.

System action

The requested operation fails.

Administrator response

Check the setting for accepting devices for this device group through the graphical user interface. Then retry the action.

CTGKM1535E VALUE_0 is too large.

Explanation

The object or attribute is oversized and cannot be processed.

System action

The operation fails.

Administrator response

The key bytes length exceeds the maximum length 8K supported by the keystore. Try again with a reduced size.

CTGKM1536E Key must be specified.

Explanation

The key to create or register is not specified in the request.

System action

The requested operation fails.

Administrator response

Specify the key, then try the operation again.

CTGKM1537E Key group VALUE_0 does not exist.

Explanation

The specified key group in the request does not exist.

System action

The requested operation fails.

Administrator response

Specify an existing key group, then try the operation again.

CTGKM1538E Usage mask must be specified.

Explanation

The usage mask must be specified for a symmetric key in the request.

System action

The requested operation fails.

Administrator response

Specify the usage mask, then try the operation again.

CTGKM1539E Algorithm VALUE_0 not supported.

Explanation

Algorithm not supported for the requested operation.

System action

The requested operation fails.

Administrator response

Specify a supported algortihm, then try the operation again.

CTGKM1540E Key size VALUE_0 not supported for algorithm VALUE_1.

Explanation

Key size is not supported for the algorithm specified in the request.

System action

The requested operation fails.

Administrator response

Ensure that the key size specified is supported by the algorithm. Try the operation again.

CTGKM1541E Unexpected key type, only register of SecretKey supported.

Explanation

To register a key, it must be of type javax.crypto.SecretKey in the request.

System action

The requested operation fails.

Administrator response

Specify a key of type SecretKey, then try the operation again.

CTGKM1542E JCE problem with DESede or AES while generating a secret key.

Explanation

JCE unable to generate a secret key with algorithm DESede or AES.

System action

The requested operation fails.

Administrator response

Ensure that the JCE provider supports the requested algorithm and try again.

CTGKM1543E Algorithm VALUE_0 not supported by the provider for hashing.

Explanation

The algorithm is not supported by the provider.

System action

The requested operation fails.

Administrator response

Specify an algorithm that is supported by the provider, then try the operation again.

CTGKM1544E The following attribute(s) are not allowed for the VALUE_0 operation: VALUE_1

Explanation

Some of the attributes are not allowed for the requested operation.

System action

The requested operation fails.

Administrator response

Remove the attributes that are not allowed, and try the operation again.

CTGKM1545E y-KeyGroupGetNext must supply a key group name.

Explanation

The y-KeyGroupGetNext custom server attribute must supply a key group name.

System action

The requested operation fails.

Administrator response

Specify a key group name, then try the operation again.

CTGKM1546E An object with the nametype of VALUE_0 and the namevalue of VALUE_1 already exists.

Explanation

The caller is trying to reuse an existing name for an object.

System action

The requested operation fails.

Administrator response

Specify a different nametype/namevalue. Then try the operation again.

CTGKM1547E This VALUE_0 requires an instance of VALUE_1.

Explanation

The caller is trying to set an unsupported value.

System action

The requested operation fails.

Administrator response

Specify a supported value, then try the operation again.

CTGKM1548E Unsupported object type: VALUE_0

Explanation

The caller is requesting an operation on an unsupported object type.

System action

The requested operation fails.

Administrator response

Specify a supported object type, then try the operation again.

CTGKM1549E StorageStatusMask: VALUE_0 is not valid.

Explanation

The caller is requesting an unsupported storage status mask.

System action

The requested operation fails.

Administrator response

Specify a supported storage status mask and try the operation again.

CTGKM1550E No search attributes were specified on the LOCATE request.

Explanation

The caller omitted required parameters.

System action

The requested operation fails.

Administrator response

Specify the search attributes in the LOCATE request, then try again.

CTGKM1551E The VALUE_0 operation is not valid for an object of type VALUE_1.

Explanation

The caller requested an operation that is inappropriate for that object.

System action

The requested operation fails.

Administrator response

Specify an operation supported for the object, then try again.

CTGKM1552E The VALUE_0 attribute requires a non-null value.

Explanation

The attribute cannot contain a null value.

System action

Cannot process the message.

Administrator response

Ensure that the attribute value is non-null, then try again.

CTGKM1553E The attribute name is not specified.

Explanation

The attribute name is not specified.

System action

The requested operation fails.

Administrator response

Specify the attribute name, then try the operation again.

CTGKM1554E The attribute VALUE_0 does not exist.

Explanation

The specified attribute does not exist.

System action

The requested operation fails.

Administrator response

Specify an existing attribute, then try the operation again.

CTGKM1555E The index VALUE_0 is not valid for a single-valued attribute.

Explanation

For a single-valued attribute, the index can only be 0.

System action

The requested operation fails.

Administrator response

Specify the correct index for a single-valued attribute, then try the operation again.

CTGKM1556E The value at index VALUE_0 does not exist.

Explanation

The value at the specified index does not exist.

System action

The requested operation fails.

Administrator response

Ensure that a value exists at the specified index. Then, try the operation again.

CTGKM1557E Could not construct VALUE_0 from the input provided. Underlying field name or error message VALUE_1

Explanation

The caller provided input that could not be processed.

System action

The requested operation fails.

Administrator response

Specify a correct value for this attribute, then try the operation again.

CTGKM1558E No key material is available for the object with identifier VALUE_0.

Explanation

No key material is available, possibly because none was ever sent to the server.

System action

The requested operation fails.

CTGKM1559E No key material is available for the object with identifier VALUE_0. The object has been destroyed.

Explanation

No key material exists on the server because the object has been destroyed.

System action

The requested operation fails.

CTGKM1560E Object with UUID VALUE_0 and type VALUE_1 does not exist.

Explanation

An object with the specified UUID and type does not exist.

System action

The requested operation fails.

Administrator response

Specify another UUID and type, then try the operation again.

CTGKM1561E Object with UUID VALUE_0 could not be served for cryptographic use because it is not backed up.

Explanation

Object with the specified UUID cannot be served for cryptographic use because it is not backed up.

System action

The requested operation fails.

Administrator response

Back up IBM Security Guardium Key Lifecycle Manager, then try the operation again.

CTGKM1562E Cannot register a key in a key group if no key material is supplied by the caller.

Explanation

Keys that are in key groups must contain cryptographic material, but the caller is not providing any.

System action

The requested operation fails.

CTGKM1563E Object with UUID VALUE_0 could not be served for cryptographic use because it is not released.

Explanation

Object with the specified UUID cannot be served for cryptographic use because it is not released. This message may also occur if the config property release.date is missing or wrongly formatted.

System action

The requested operation fails.

Administrator response

Run the tklmKeyRelease command to release keys, then try the operation again.

CTGKM1701E For DS5000 device group, device text must be less than 96 characters in length.

Explanation

For the DS5000 device group, the value of the deviceText parameter must be less than 96 characters in length.

System action

The operation fails.

Administrator response

For DS5000 devices, specify a value for deviceText that is less than 96 characters in length.

CTGKM1702E Unable to generate more than 12 keys at a time for DS5000 group.

Explanation

DS5000 keys can only generated 12 or less at a time.

System action

The operation fails.

Administrator response

Reduce the number of requested keys and try the operation again.

CTGKM1703E Incorrect device group ID : VALUE_0

Explanation

Device group ID is not found.

System action

The operation fails.

Administrator response

Change the device group and try the operation again.

CTGKM1704E Device description cannot exceed 255 characters in length.

Explanation

The device description exceeded 255 characters in length.

System action

The operation fails.

Administrator response

Change to a shorter description and try the operation again.

CTGKM1706E The certificate VALUE_0 is scheduled for a future rollover, and cannot be moved or deleted.

Explanation

A certificate which is scheduled for a future rollover cannot be moved or deleted.

System action

The operation fails.

Administrator response

Remove any pending rollovers for this certificate, then try the operation again.

CTGKM1707E The key group VALUE_0 is scheduled for a future rollover, and cannot be moved or deleted.

Explanation

A key group which is scheduled for a future rollover cannot be moved or deleted.

System action

The operation fails.

Administrator response

Remove any pending rollovers for this key group, then try the operation again.

CTGKM1901E Device group: VALUE_0 is not a valid group for license count.

Explanation

This device group must be one of the valid device groups listed in the license list.

System action

Specify a correct group name.

Administrator response

Specify a correct group name.

CTGKM1936E dateAfter cannot be later than dateBefore.

Explanation

dateAfter is after dateBefore. This will give an empty time interval.

System action

The operation fails.

Administrator response

Specify different dateAfter and dateBefore values, and try the operation again.

CTGKM2100E The value for replication.role is not valid. Accepted values are CLONE or MASTER.

Explanation

The value for the replication.role must be CLONE or MASTER.

System action

The operation fails.

Administrator response

Correct setting of replication.role parameter to CLONE or MASTER.

CTGKM2101E Location specified in replication.BackupDestDir is not a valid directory.

Explanation

replication.BackupDestDir must specify a valid directory.

System action

The operation fails.

Administrator response

Correct setting of replication.BackupDestDir to a valid directory.

CTGKM2102E No valid replication config file exists. It will be created.

Explanation

No valid replication config file exists. It will be created.

System action

The operation fails.

Administrator response

No action required.

CTGKM2103E The value for replication.MaxLogFileSize is not valid. Acceptable values are between 100 and 500000 bytes.

Explanation

The replication log file size can be between 100 and 500000 bytes.

System action

The operation fails.

Administrator response

Correct setting of replication.MaxLogFileSize.

CTGKM2104E The value for replication.MaxLogFileNum is not valid. Acceptable values are between 2 and 100.

Explanation

The value for replication.MaxLogFileNum must be between 2 and 100.

System action

The operation fails.

Administrator response

Correct setting of replication.MaxLogFileNum.

CTGKM2105E The value for replication.MaxBackupNum is not valid. Acceptable values are between 2 and 10.

Explanation

The value for replication.MaxBackupNum must be between 2 and 10.

System action

The operation fails.

Administrator response

Correct setting of replication.MaxBackupNum.

CTGKM2106E Value for replication.MasterListenPort is not valid. Acceptable values are integers between 1 and 65535.

Explanation

Valid values for replication.MasterListenPort are integers between 1 and 65535.

System action

The operation fails.

Administrator response

Correct setting of replication.MasterListenPort.

CTGKM2107E Value for replication.MasterListenPort is not a valid port number or is used as a port elsewhere in IBM Security Guardium Key Lifecycle Manager.

Explanation

replication.MasterListenPort is not a valid port number, or is the same as one of restore.ListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.

System action

The operation fails.

Administrator response

Correct setting of replication.MasterListenPort to a valid, available port number.

CTGKM2108E Value for the backup.CheckFrequency is not valid. Acceptable values are integers equal to or greater than 1.

Explanation

Valid values for backup.CheckFrequency are integers equal to or greater than 1.

System action

The operation fails.

Administrator response

Correct setting of backup.CheckFrequency to be an integer equal to or greater than 1.

CTGKM2109E Command ignored. Backup time has already been set.

Explanation

Command ignored. Backup time has already been set as per the backup.DailyStartReplicationBackupTime parameter.

System action

Command ignored.

Administrator response

No action required.

CTGKM2110E Value of backup.DailyStartReplicationBackupTime is not valid. It should be in HH:MM format.

Explanation

Value of backup.DailyStartReplicationBackupTime should be a valid time in HH:MM format.

System action

The operation fails.

Administrator response

Correct backup.DailyStartReplicationBackupTime to be a valid time in HH:MM format.

CTGKM2111E Value for backup.SerializeRestores is not valid. Accepted values are either true or false.

Explanation

Value for configuration parameter backup.SerializeRestores must be either true or false.

System action

The operation fails.

Administrator response

Correct backup.SerializeRestores to be either true or false.

CTGKM2112E The value for backup.BackupDescriptionText must not exceed 100 characters.

Explanation

The value for backup.BackupDescriptionText must not exceed 100 characters.

System action

The operation fails.

Administrator response

Correct backup.BackupDescriptionText such that it does not exceed 100 characters.

CTGKM2113E The value for backup.ReleaseKeys is not valid. Accepted values are RESTORE, BACKUP or OFF.

Explanation

The value for backup.ReleaseKeys must be one of RESTORE, BACKUP or OFF.

System action

The operation fails.

Administrator response

Correct backup.ReleaseKeys to be one of RESTORE, BACKUP or OFF.

CTGKM2114E Failed to release keys for use because the enableKeyRelease parameter in the configuration file is set to false. Set the value of the enableKeyRelease parameter to true, and retry the operation.

Explanation

To update the backup.ReleaseKeys parameter, the value of the enableKeyRelease parameter in the configuration file should be set to true.

System action

The operation fails.

Administrator response

Use the Config Properties List REST Service to check the value of enableKeyRelease. Use the Update Config Property REST Service to update the value of enableKeyRelease. After you are sure that enableKeyRelease is set to true, retry the operation.

CTGKM2115E restore.ListenPort parameter is not a valid port number. Accepted values are integers between 1 and 65535.

Explanation

The value of restore.ListenPort parameter should be an integer between 1 and 65535.

System action

The operation fails.

Administrator response

Correct restore.ListenPort to be a valid port number.

CTGKM2116E The value of restore.ListenPort must not be shared with any other IBM Security Guardium Key Lifecycle Manager port parameter settings.

Explanation

The value for the restore.ListenPort parameter cannot be the same as values for the replication.MasterListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.

System action

The operation fails.

Administrator response

Correct restore.ListenPort to be a valid port number not used elsewhere in IBM Security Guardium Key Lifecycle Manager.

CTGKM2117E Value of restore.DailyStartReplicationRestoreTime is not valid. It should be in HH:MM format.

Explanation

The value for restore.DailyStartReplicationRestoreTime should be a valid time in HH:MM format.

System action

The operation fails.

Administrator response

Correct restore.DailyStartReplicationRestoreTime to be a valid time in HH:MM format.

CTGKM2118E The value for the restore.NumAttemptRetryFailedRestore parameter must be between 0 and 2.

Explanation

The value for the restore.NumAttemptRetryFailedRestore parameter must be between 0 and 2.

System action

The operation fails.

Administrator response

Correct restore.NumAttemptRetryFailedRestore to be between 0 and 2.

CTGKM2119E Value for restore.RevertToPreviousBackupOnFailure must be either true or false.

Explanation

Value for configuration parameter restore.RevertToPreviousBackupOnFailure can only be either true or false.

System action

The operation fails.

Administrator response

Correct restore.RevertToPeviousBackupOnFailure to be either true or false.

CTGKM2120E Value for the backup.ClientPort(n) parameter must be an integer between 1 and 65535.

Explanation

Value for the backup.ClientPort(n) parameter must be an integer between 1 and 65535.

System action

The operation fails.

Administrator response

Correct backup.ClientPort(n) to be an integer between 1 and 65535.

CTGKM2121E backup.ClientPort must not be shared with any other IBM Security Guardium Key Lifecycle Manager port parameter settings.

Explanation

The value for the backup.ClientPort parameter cannot be the same as values for the replication.MasterListenPort, TransportListener.tcp.port, KMIPListener.ssl.port or TransportListener.ssl.port.

System action

The operation fails.

Administrator response

Correct restore.ListenPort to be a valid port number not used elsewhere in IBM Security Guardium Key Lifecycle Manager.

CTGKM2122E backup.EncryptionPassword must not be fewer than 6 characters or exceed 175 single-byte or 87 double-byte characters.

Explanation

backup.EncryptionPassword cannot be null, fewer than 6 characters or longer than 175 single-byte or 87 double-byte characters.

System action

The operation fails.

Administrator response

Correct backup.EncryptionPassword to a valid value.

CTGKM2123E The backup.ObfuscatedEncryptionPassword parameter cannot be updated.

Explanation

The backup.ObfuscatedEncryptionPassword parameter cannot be updated.

System action

The operation fails.

Administrator response

No action required.

CTGKM2124E The StopReplication has timed out!.

Explanation

The StopReplication has timed out!.

System action

The operation fails.

Administrator response

No action required.

CTGKM2125E restore.TipadminPassword must not be fewer than 6 or more than 20 characters.

Explanation

restore.TipadminPassword cannot be shorter than 6 characters or longer than 20 characters.

System action

The operation fails.

Administrator response

Correct restore.TipadminPassword to a valid value.

CTGKM2126E The restore.ObfuscatedTipadminPassword parameter cannot be updated.

Explanation

The restore.ObfuscatedTipadminPassword parameter cannot be updated.

System action

The operation fails.

Administrator response

No action required.

CTGKM2201W Replication already in progress.

Explanation

Replication request rejected as one is already in progress.

System action

No action necessary.

Administrator response

Re-try replication when the currently running one has completed.

CTGKM2202E Replication failed for

Explanation

Replication has failed for the host listed.

System action

No action necessary.

Administrator response

No action necessary.

CTGKM2203E Replication failed with a connection error

Explanation

Replication has failed for the host listed with a connection error.

System action

Check debug for exceptions.

Administrator response

Ensure that the hosts and ports listed are available.

CTGKM2204E Replication failed with a validation error

Explanation

Replication has failed for the host listed with a validation error.

System action

Check debug for exceptions.

Administrator response

Check debug for exceptions.

CTGKM2206E The replication operation failed to start. Examine the log files to determine the cause of failure.

Explanation

The Replication operation did not initialize.

System action

Replication fails.

Administrator response

Examine the audit and debug logs to determine the cause of failure.

CTGKM2207W Replication operation is already initialized.

Explanation

The replication start is ignored as the task is already up and running.

System action

None.

Administrator response

No action necessary.

CTGKM2209E Replication operation failed to stop. Examine the audit and debug logs to determine the cause of failure.

Explanation

The replication stop operation failed.

System action

Replication operation fails to stop.

Administrator response

Examine the audit and debug logs to determine the cause of failure.

CTGKM2210W Replication operation is already stopped.

Explanation

The replication stop operation is ignored because it is already stopped.

System action

None.

Administrator response

No action necessary.

CTGKM2211E Command failed as the -confirm parameter is not set to Y.

Explanation

IBM Security Guardium Key Lifecycle Manager Replication stop command will not work without the confirm parameter being specified as Y.

System action

No action necessary.

Administrator response

If stop is required, rerun the command with the -confirm parameter set to Y.

CTGKM2212E Replication timed out

Explanation

Replication for the specified host timed out.

System action

Check debug log.

Administrator response

Correct any problems on master or clone systems and retry.

CTGKM2213W Replication result unknown for

Explanation

Result for the replication of the specified host is unknown.

System action

Check debug log.

Administrator response

Check debug log.

CTGKM2214E Replication fails because the parameters are incorrectly specified. Specify both host name and port parameters, or no parameters, and retry the operation.

Explanation

The Replication Now REST Service requires either no parameters to replicate to all defined hosts, or both host name and port parameters to replicate to a single clone.

System action

The Replication Now REST Service fails.

Administrator response

Specify correct parameters and retry the operation.

CTGKM2222E No valid replication configuration file exists.

Explanation

Either no replication configuration file exists, or it is invalid.

System action

No action required.

Administrator response

Create a valid replication configuration file and retry the operation.

CTGKM2237E Replication failed.

Explanation

Replication failed.

System action

No action necessary.

Administrator response

No action required.

CTGKM2243E Replication can only be invoked on the master machine.

Explanation

Replication now invoked from CLI on a clone machine. However, it can only in invoked on the master machine.

System action

No action necessary.

Administrator response

Go to master machine and invoke replication.

CTGKM2244E VALUE_0 can not be updated.

Explanation

The config property referenced in the message can not be updated by the CLI. It is only updated by the product.

System action

No action necessary.

Administrator response

No action necessary.

CTGKM2245E Cannot modify the key

Explanation

Attempt to modify the key did not complete. The key that you intend to update, might not be found, or there might be a database error. There might be more information in the message that describes the problem.

System action

The key was not modified.

Administrator response

Additional information might guide your response. Make appropriate changes. Then, try the operation again.

CTGKM2246E Cannot update the replication.MaxBackupNum property. Specify an integer value that is between 2 - 10.

Explanation

Value for replication.MaxBackupNum property must be an integer value that is between 2 - 100.

System action

The operation fails.

Administrator response

Specify a valid integer value that is between 2 - 10 for the replication.MaxBackupNum property.

CTGKM2247E Cannot update the replication.Incremental.CheckFrequency property. Specify an integer value that is equal to or greater than 60.

Explanation

Value for replication.Incremental.CheckFrequency property must be equal to or greater than 60.

System action

The operation fails.

Administrator response

Specify a valid integer value that is equal to or greater than 60 for the replication.Incremental.CheckFrequency property.

CTGKM2248E Cannot update the replication.Incremental.Enable property. Specify one of these values: true, false.

Explanation

Value for the replication.Incremental.Enable property must be true or false.

System action

The operation to update the configuration property fails.

Administrator response

Specify true or false as the value for the replication.Incremental.Enable property and retry the operation.

CTGKM2250E Cannot configure the backup.Client property because replication is not supported.

Explanation

The backup.Client property cannot be updated because Replication is not supported in a containerized deployment.

System action

Replication configuration fails.

Administrator response

No action needed.

CTGKM2253E Replication failed. User name VALUE_0 doesn't exists exists in this installation. Create the users and try again.

Explanation

User name doesn't exist. Please create the users and try again.

System action

The operation fails.

Administrator response

Create the users and try again.

CTGKM2300E Client certificate push is disabled.

Explanation

enableClientCertPush is set to false in the configuration file.

System action

The operation fails.

Administrator response

Change the value from false to true for the enableClientCertPush property in the SKLMConfig.properties file.

CTGKM2301E The number of pending client certificates has been reached.

Explanation

The number of pending client certificates exceeds the configuration value for maxPendingClientCerts.

System action

The operation fails.

Administrator response

Increase the value for the maxPendingClientCerts property in the SKLMConfig.properties file.

CTGKM2302E The X509 certificate cannot be null.

Explanation

The X509 certificate to be added to the pending client certificate list is null.

System action

The operation fails.

Administrator response

Add the X509 certificate and continue.

CTGKM2303E Client certificate exists in the pending client certificate list in the database: VALUE_0

Explanation

Client certificate exists in the pending client certificate list in the database.

System action

The operation fails.

Administrator response

None.

CTGKM2304E Client certificate alias is required.

Explanation

Client certificate alias is required.

System action

The operation fails.

Administrator response

Add the alias string and try again.

CTGKM2305E Client certificate UUID is required.

Explanation

The client certificate UUID is required.

System action

The operation fails.

Administrator response

Add the UUID and try again.

CTGKM2306E Client certificate alias already in use: VALUE_0

Explanation

The client certificate alias is already in use in the database and keystore.

System action

The operation fails.

Administrator response

Use a different alias and try again.

CTGKM2307E Client certificate UUID not found in the database: VALUE_0

Explanation

The client certificate UUID was not found in the database.

System action

The operation fails.

Administrator response

Change to a valid UUID and try again.

CTGKM2308E There are no pending client certificates in the database.

Explanation

There are no pending client certificates in the database.

System action

The operation fails.

Administrator response

No action.

CTGKM2311E maxPendingClientCerts does not fall within the valid value set of 1 to 999. VALUE_0

Explanation

maxPendingClientCerts does not fall within the valid value set of 1 to 999.

System action

The operation fails.

Administrator response

Update the configuration parameter and try again.

CTGKM2312E enableClientCertPush is not true or false.

Explanation

enableClientCertPush is not true or false.

System action

The operation fails.

Administrator response

Update the configuration parameter and try again.

CTGKM2313E maxPendingClientCerts does not fall within the valid value set of 1 to 999.

Explanation

maxPendingClientCerts does not fall within the valid value set of 1 to 999.

System action

The operation fails.

Administrator response

Update the configuration parameter and try again.

CTGKM2314E Certificate expired. Expired certificate cannot be used as client certificate.

Explanation

Certificate expired. Expired certificate cannot be used as client certificate.

System action

Update operation fails.

Administrator response

Specify a valid certificate alias and try the operation again.

CTGKM2901E Export operation fails because the export directory cannot be resolved. Specify a valid export directory name and path, and retry the operation.

Explanation

The name or path of the export directory is invalid and hence, the directory cannot be resolved.

System action

The export operation fails.

Administrator response

Specify a valid export directory name and path and retry the export operation.

CTGKM2902W IBM Security Guardium Key Lifecycle Manager export is already in progress.

Explanation

Only one import/export operation is allowed at any given time.

System action

The requested operation will not be performed.

Administrator response

Wait until the operation completes.

CTGKM2903E Export of VALUE_0 failed: VALUE_1 .

Explanation

Export failed unexpectedly.

System action

Export fails.

Administrator response

Check the log entries to find out the reason for export failure.

CTGKM2905E Status of the export operation is unknown.

Explanation

Export failed unexpectedly. Check the logs for more information

System action

Export fails.

Administrator response

Check the log entries to find out the reason for export failure.

CTGKM2906E Export operation failed.

Explanation

Export operation failed. Check the logs for more information.

System action

Export fails.

Administrator response

Check the log entries to find out the reason for export failure.

CTGKM2907E Device Group with name VALUE_0 is not found.

Explanation

Incorrect Correct Device Group Name is provided

System action

Export fails.

Administrator response

Please Provide the Correct Device Group Name.

CTGKM2910E Key Group with name VALUE_0 is not found. .

Explanation

Key Group mentioned in export manifest file not found

System action

Export fails.

Administrator response

Please check if the export file is not corrupted.

CTGKM2911E Import of VALUE_0 failed: VALUE_1 .

Explanation

Import failed unexpectedly.

System action

Import fails.

Administrator response

Check the log entries to find out the reason for import failure.

CTGKM2912W Import is already in progress.

Explanation

Only one import/export operation is allowed at any given time.

System action

The requested operation will not be performed.

Administrator response

Wait until the operation completes.

CTGKM2913W Export is already in progress.

Explanation

Only one import/export operation is allowed at any given time.

System action

The requested operation will not be performed.

Administrator response

Wait until the operation completes.

CTGKM2914E The key is missing for decryption. Check whether the provided file is valid.

System action

The operation fails.

Administrator response

Specify the correct file and retry.

CTGKM2915E Specified export file does not exist: VALUE_0 .

Explanation

The export file does not exist.

System action

The IBM Security Guardium Key Lifecycle Manager import operation fails.

Administrator response

Make sure that the export file path provided to the import operation is valid.

CTGKM2916E Error reading manifest from the export jar file: VALUE_0 .

Explanation

Export manifest could be corrupted or incorrect for unknown reasons.

System action

Restore fails.

Administrator response

Check the log entries to find out the reason for import failure.

CTGKM2917E I/O error while decrypting and/or extracting export file. \nPossible cause: Incorrect password may have been provided, which results in the export entry being decrypted incorrectly.

Explanation

I/O error occurred while decrypting and/or extracting a export file entry. A common reason for this error is that a file was encrypted using one password and an incorrect or null password was provided to decrypt the file. Decryption will still take place, but the decrypted file is not valid and cannot be used in later stages of the restore.

System action

Import fails.

Administrator response

Check the password provided for decryption. Check if the destination location contains sufficient disk space to hold the decrypted/extracted file. Check the log files for additional clues if necessary. Retry the operation.

CTGKM2918E Certificate with Alias name VALUE_0 doesn't exists.

Explanation

Certificate with Alias name doesn't exist. Please provide the exisiting alias.

System action

Administrator response

Certificate with alias name does not exist. Provide the existing alias.

CTGKM2919E Certificate with Alias name VALUE_0 already exists.

Explanation

Certificate with Alias name already exists. Please provide the different alias name.

System action

Administrator response

Certificate with alias name already exists. Provide a different alias name.

CTGKM2920E Key with Alias name VALUE_0 already exists.

Explanation

Key with Alias name already exists. Please provide the different alias name.

System action

Administrator response

Key with alias name already exists. Provide a different alias name.

CTGKM2921E Key with Alias name VALUE_0 doesn't exists.

Explanation

Key with Alias name doesn't exist. Please provide the exisiting alias.

System action

Administrator response

Key with alias name does not exist. Provide the existing alias.

CTGKM2922E Object with the given name VALUE_0 doesn't exists.

Explanation

Object with the given old name doesn't exist in the system. Please check the given old name.

System action

Administrator response

Device with serial number does not exist. Provide the serial number that is registered.

CTGKM2923E The given new name VALUE_0 is already associated with an Object.

Explanation

An Object with given new name already exists in the system. Please provide different new name for the object.

System action

Administrator response

Device with Serial number already exists. Provide a different serial number.

CTGKM2924E Successfully deleted VALUE_0 .

Explanation

Successfully deleted the export file.

System action

Administrator response

CTGKM2925E Error deleting file : VALUE_0 .

Explanation

An error occurred while deleting the export file.

System action

Administrator response

CTGKM2926E Getting error while generating UUID. InstanceID is not initialized.

Explanation

System is not able to generate UUID as mandatory InstanceID is not initialized or generated properly while installation.

System action

Administrator response

CTGKM2927E Invalid file extension. Valid extensions are .cer or .der for baser64 and DER formats respectively.

Explanation

User must export certificate file with valid extension.

System action

Administrator response

You must export the certificate file with valid extension.

CTGKM2928E Internal Server Error. Please contact IBM Support.

Explanation

System action

The operation fails.

Administrator response

Check the log file to find the root cause and contact IBM Support.

CTGKM2934E Type is not valid

Explanation

System action

The type provided is not supported.

Administrator response

Ensure that the type provided is supported by the system.

CTGKM2935E Requested operation not supported on this System.

Explanation

The operation you are trying to execute is not supported on this System. This could be because the it is a Clone System or Read only System.

System action

Login fails.

Administrator response

Check if the System is Clone or Read only.

CTGKM2937E Error restarting IBM Security Guardium Key Lifecycle Manager Server, please check logs for more information.

Explanation

System action

The server restart operation fails.

Administrator response

Check the log file to find the root cause and correct the problem.

CTGKM2938E Error creating Master Key Packets for Keystore Password Obfuscation.

Explanation

System action

The request has been halted.

Administrator response

Review the log files. Make changes as needed and retry the request.

CTGKM2939E Error during Obfuscating Keystore Password.

Explanation

System action

The request has been halted.

Administrator response

Review the log files. Make changes as needed and retry the request.

CTGKM2940E Error during DeObfuscating Keystore Password.

Explanation

System action

Administrator response

CTGKM2941E Packet writing in file failed. Directory location doesn't exist.

Explanation

System action

The operation will return failure.

Administrator response

Confirm that the directory exists and has the correct permissions.

CTGKM2942E Packet reading from file failed.

System action

The request has been halted.

Administrator response

Verify that the given file exist and it is valid and retry the operation.

CTGKM2946E Configuration of masters is Incomplete.

Explanation

System action

An error is logged.

Administrator response

Specify the missing configuration attributes and try again.

CTGKM2947W No entry found with the mentioned Cluster Name. Please check the value passed.

Explanation

System action

Administrator response

Specify a server which exists in the repository.

CTGKM2950E Port value for VALUE_0 should be in the range 0-65535

Explanation

System action

The operation fails.

Administrator response

Specify a valid port number and ensure that the port is not used by other applications on the system.

CTGKM2951E VALUE_0 should be either Primary, Standby or Master

Explanation

System action

Multi-master configuration fails.

Administrator response

Specify a valid role: Primary, Standby, Master

CTGKM2953E Multi-Master is already configured.

Explanation

System action

Administrator response

CTGKM2954E Login request to the instance with hostname VALUE_0 and port VALUE_1 is unsuccessful.

Explanation

System action

Multi-master configuration fails.

Administrator response

Ensure that the specified values for port and host name are correct.

CTGKM2955E Master key needs to be created on this server before the Multi-Master setup.

Explanation

System action

Administrator response

Create a master key to continue with multi-master configuration.

CTGKM2956E Input value cannot be an exceed the size of VALUE_0 for parameter VALUE_1

Explanation

System action

Multi-master configuration fails.

Administrator response

Specify the valid values. Then, try the operation again.

CTGKM2957E Master with Instance ID VALUE_0 already exists.

Explanation

System action

Multi-master configuration fails.

Administrator response

Specify an instance ID that is valid and unique.

CTGKM2958E Master with Instance ID VALUE_0 not found.

Explanation

System action

Operation fails.

Administrator response

Verify that you specified the correct instance ID of master server.

CTGKM2959E VALUE_0 should be STANDALONE (0), REPLICATION (1) or MULTI_MASTER (2)

Explanation

System action

Operation fails.

Administrator response

Specify a valid value.

CTGKM2960E VALUE_0 should be LOCAL (0), PRIMARY (1), STANDBY(2) or NODE (3)

Explanation

System action

Operation fails.

Administrator response

Specify a valid value.

CTGKM2961E VALUE_0 should be NOT_CONFIGURED (0), NODES_CONFIGURED (1), AGENTS_CONFIGURED (2), DB2_CONFIGURED (3), WAS_CONFIGURED (4) or CONFIGURED (5) or OUT_OF_SYNC (6)

Explanation

System action

Operation fails.

Administrator response

Specify a valid value.

CTGKM2963E VALUE_0 should be within range 1-3.

System action

Operation fails.

Administrator response

Specify a valid value.

CTGKM2964E Standby Priority Index missing for Instance with Hostname VALUE_0

Explanation

System action

Operation fails.

Administrator response

Specify a valid priority index number for standby master.

CTGKM2965E Standby Priority Index for Instance with Hostname(s) VALUE_0 and VALUE_1 are same.

Explanation

System action

Operation fails.

Administrator response

Specify a valid priority index number for standby master.

CTGKM2966E Invalid value for Standby Priority Index. The value must be in ascending order starting from 1.

Explanation

System action

Operation fails.

Administrator response

Verify the number of standby masters in the multi-master cluster.

CTGKM2967E Multi-Master configuration must be done on Primary machine. Primary machine Hostname specified VALUE_0 and This machine hostname VALUE_1

Explanation

System action

Administrator response

CTGKM2968E Instance with Hostname VALUE_0 is already added.

Explanation

System action

Operation fails.

Administrator response

CTGKM2969E VALUE_0 should be either 0 or 1.

System action

Operation fails.

Administrator response

Specify a valid value.

CTGKM2970E Agent is not Running.

Explanation

System action

Operation fails.

Administrator response

Start the agent and retry the operation.

CTGKM2971E Operating System for Standby System VALUE_0 is different from that of Primary System.

Explanation

System action

Operation fails.

Administrator response

Ensure that the primary and standby systems have the same operating system and level.

CTGKM2972E Request failed. Only one master is allowed to be removed at a time.

Explanation

System action

Operation fails.

Administrator response

CTGKM2973E Request failed. The master server does not exist in the Multi-Master cluster.

Explanation

System action

Operation fails.

Administrator response

CTGKM2974E Request failed. Primary master server of the cluster cannot be removed.

Explanation

System action

Operation fails.

Administrator response

CTGKM2975E Cannot remove the standby master server. Multi-Master cluster must have at least one standby master server.

Explanation

System action

Operation fails.

Administrator response

CTGKM2976E WAS Configuration failed to update after removing master.

Explanation

System action

Operation fails.

Administrator response

CTGKM2977E Stop Agent Services failed during remove master.

Explanation

System action

Operation fails.

Administrator response

Ensure that the Stop Agent Service is up and running.

CTGKM2978E Restart servers failed.

Explanation

System action

Operation fails.

Administrator response

CTGKM2979E Reset HADR failed during remove master.

Explanation

System action

Operation fails.

Administrator response

CTGKM2980E Rollforward end of logs failed during remove master.

Explanation

System action

Operation fails.

Administrator response

CTGKM2982E Standby master failed to Takeover as Primary.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2983E Primary or Standby master server is missing in Multi-Master cluster. Adding server is not allowed in current state.

Explanation

System action

Operation fails.

Administrator response

You must add a standby server to the cluster before adding master server.

CTGKM2984E Failed to start Agent on instance VALUE_0 .

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2985E Failed to connect to VALUE_0 .

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2986E Failed to add master.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2987E Failed to remove master.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2988E Failed to modify master.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2990E Instance with IP/hostname VALUE_0 not found.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2991E Error fetching present SKLM Instance.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM2994E IOException while running VALUE_0.

System action

Operation fails.

Administrator response

Check the text of the Java IOException for possible reasons for the error.

CTGKM2995E AgentException while running VALUE_0.

System action

Operation fails.

Administrator response

Review the message for possible reasons for the error.

CTGKM2996E Error occurred while running VALUE_0.

System action

Operation fails.

Administrator response

Check the log file and correct the problem.

CTGKM2997E Exception occurred while running VALUE_0.

System action

Operation fails.

Administrator response

Attempt to diagnose the cause of the error based on the exception text.

CTGKM2998E KLMException while running VALUE_0.

System action

Operation fails.

Administrator response

Attempt to diagnose the cause of the error based on the exception text.

CTGKM2999E Master Key creation failed.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM3000E Master Key Transmission failed on master VALUE_0 .

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM3001E Error refreshing master VALUE_0 . Showing the last updated status.

Explanation

System action

Refresh operation fails.

Administrator response

See the log for more details.

CTGKM3003E Promoting standby to primary failed.

Explanation

System action

Operation fails.

Administrator response

See the log for more details.

CTGKM3004E The master with Host name / IP address VALUE_0 already exist in the cluster.

Explanation

System action

Operation fails.

Administrator response

CTGKM3006E Couldn't verify if HADR role while executing VALUE_0 .

Explanation

System action

Operation fails.

Administrator response

CTGKM3010E Scheduler could not be found:\n Original error message: error_message

Explanation

Error in scheduler task detected.

System action

Operations involving scheduler will fail.

Administrator response

This should not happen under normal conditions. Investigate the logs and server startup log for clues. Restart the server.

CTGKM3011E Invalid exisiting Db2 password. DB Password updation service failed.

Explanation

System action

DB2 password update operation failed.

Administrator response

Specify a valid password for the DB2 administrator ID. Verify that the user ID has a password that is valid and ready to use.

CTGKM3013E DB Password updation service for SKLM instance failed.

Explanation

System action

DB2® password update operation failed.

Administrator response

See the log files for more details.

CTGKM3015E Database password update service for IBM Security Guardium Key Lifecycle Manager Multi-Master cluster failed.

Explanation

System action

password update operation fails.

Administrator response

Check the log to identify the root cause. Correct the problem, and then rerun the REST service to change the password on the Multi-Master setup.

CTGKM3016E Invalid range. Keys with given prefix in alias range already generated.

Explanation

The specified alias range prefix is already generated.

Administrator response

Specify a different prefix for the alias range. Then, try the operation again.

CTGKM3017E Invalid range. Keys with given prefix in alias range doesn't exist.

Explanation

System action

The operation fails.

Administrator response

Specify a valid range. Then, try the operation again.

CTGKM3019E Setup of Isolated Server failed.

Explanation

System action

Setting up the isolated master in read-only mode is failed.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM3020E Not a recognized device group: VALUE_0

Explanation

The specifed device group does not match any device group stored in the database.

System action

The operation fails.

Administrator response

Specify a valid device group and try again.

CTGKM3021E Operation cannot be null.

Explanation

The specifed KLMOperation object is null. This is an internal error.

System action

The operation fails.

Administrator response

This is an internal error that external users should not see. Contact IBM Support.

CTGKM3022E User VALUE_0 does not have appropriate permission to perform this operation. Depending on what the target resource is, it usually requires at least one of the listed permission(s): VALUE_1 .

Explanation

The user does not have the appropriate permissions for this operation.

System action

The operation fails.

Administrator response

Check the user's permission. Refer to the product documentation in the IBM Knowledge Center to understand the permissions required for this operation. Set up appropriate permissions for the user and try again.

CTGKM3023E User VALUE_0 does not have a valid IBM Security Guardium Key Lifecycle Manager role. Some roles require both device group and action permissions. Verify that the user's role has appropriate permissions.

Explanation

User does not have a valid IBM Security Guardium Key Lifecycle Manager role.

System action

The operation fails.

Administrator response

Check the user's permission. Refer to the product documentation in the IBM Knowledge Center to understand the permissions required for this operation. Set up appropriate permissions for the user and try again.

CTGKM3024E No permission set defined for operation VALUE_0.

Explanation

No permission set defined for the specified operation.

System action

The operation fails.

Administrator response

This is an internal error that external users should not see. Contact IBM Support.

CTGKM3025E Operation VALUE_0 requires device group permission, but specified resource is null.

Explanation

The specified operation requires device group permission but the device group resource is not specified.

System action

The operation fails.

Administrator response

The specified operation requires device group permission but the device group resource is not specified. This is an internal error that external users should not see. Contact IBM Support.

CTGKM3026E The target resource's device group name cannot be null.

Explanation

At permission checking, the target resource's device group name is not specified.

System action

This is an internal error that external users should not see. Contact IBM Support.

Administrator response

This is an internal error that external users should not see. Contact IBM Support.

CTGKM3027E Device group must be specified.

Explanation

Device group must be specified while invoking AuthorizationService.getPermission to get a user's IBM Security Guardium Key Lifecycle Manager permission.

System action

The operation fails.

Administrator response

The call to AuthorizationService.getPermission(KLMUserSession, String) must have a device group parameter specified. This is usually an internal error that external users should not see. If this API is invoked by another application, the application needs to adjust the parameter.

CTGKM3028E Cannot merge these two permissions.

Explanation

If two IBM Security Guardium Key Lifecycle Manager permissions have different device groups, they cannot be merged.

System action

The operation fails.

Administrator response

The call to KLMPermission.merge(KLMPermission) cannot merge the specified permission. This is usually an internal error that external users should not see. If this API is invoked by another application, the application needs to adjust the parameters.

CTGKM3029E No device group information specified.

Explanation

No device group information specified in the KLMDeviceType object.

System action

The operation fails.

Administrator response

KLMDeviceType object must include the device group name or device group ID. The caller needs to adjust the parameter.

CTGKM3030E User has no permission to query certificates. Check the user's permissions.

Explanation

Access is denied for query certificate operation. Check the user's permissions.

System action

The operation fails.

Administrator response

Check user's role and permissions. Assign appropriate permissions to the user. Then, try again.

CTGKM3031E User has no permission to query keys. Check the user's permissions.

Explanation

The permissions associated with the user role are not appropriate for query key operation.

System action

The operation fails.

Administrator response

Check the user's role and permissions. Assign appropriate permissions to the user. Then, try again.

CTGKM3032E User has no permission to query key groups. Check the user's permissions.

Explanation

The permissions associated with the user role are not appropriate for query key group operation.

System action

The operation fails.

Administrator response

Check the user's role and permissions. Assign appropriate permissions to the user. Then, try again.

CTGKM3033E User has no permission to query devices. Check user's permission.

Explanation

The permissions associated with the user role is not appropriate for query device operation.

System action

The device query fails.

Administrator response

Check user's role and permission set. Assign appropriate permissions to the user.

CTGKM3034E Cannot do 3592 rollover operation for non-3592 device group certificate.

Explanation

The certificate's device group must match the rollover device group.

System action

The operation fails.

Administrator response

Check the device group of the certificate and modify it to match the target rollover device group, or choose a different certificate for the rollover.

CTGKM3035E Cannot do LTO rollover operation for a non-LTO device group key group.

Explanation

The key group's device group must match the rollover device group.

System action

The operation fails.

Administrator response

Check the device group of the certificate and modify it to match the target rollover device group, or choose a different key group for the rollover.

CTGKM3036E Cannot find the specified rollover task.

Explanation

Cannot find the specified rollover task from the database.

System action

The operation fails.

Administrator response

Correct the specified rollover task parameters. Then, try again.

CTGKM3037E Failed to create key group VALUE_0 and keys with prefix VALUE_0

Explanation

Failed to create the key group and keys with specified prefix.

System action

The operation fails.

Administrator response

Look at the logs for more information and retry. If the failure still exists, contact IBM support.

CTGKM3038E Cannot change the key in a DS5000 key group to another key group.

Explanation

DS5000 key group and keys are bound together. You cannot change the group membership of an individual DS5000 key directly.

System action

The operation fails.

Administrator response

You are not allowed to change the key of a DS5000 key group to another key group.

CTGKM3039E Cannot change the key's group membership. The key is used by one or more devices.

Explanation

Cannot change the key's group membership. The key is used by one or more devices.

System action

The operation fails.

Administrator response

You are not allowed to change the key of a DS5000 key group to another key group. The key is used by one or more devices.

CTGKM3040E Object with identifier object_id cannot be found.

Explanation

The identifier value that you specified does not match an existing object.

System action

The operation fails.

Administrator response

Specify an identifier that corresponds to an existing object.

CTGKM3041E User object_id has no access to the destroyed object. The destroyed object has no device group information and only the klmSecurityOfficer role can access it.

Explanation

When a KLM key or certificate is marked as destroyed, its data in the relation table are removed. There is no device group information. Only the klmSecurityOfficer role can access the object.

System action

The operation fails.

Administrator response

Log in as security officer to view the destroyed objects.

CTGKM3042E The operation fails because the key alias is not specified. Specify the alias of the key that encrypts the secret key file, and retry the operation.

Explanation

To import the secret key file, specify the alias of the public private key pair so that IBM Security Guardium Key Lifecycle Manager can get the private key to decrypt the file.

System action

The operation fails.

Administrator response

Specify the keyAlias when you use the Key Import REST Service.

CTGKM3043E Error occurred while loading data from the file VALUE_0. Make sure that the password is correct and the file has not been tampered with.

Explanation

This is an error in reading data from a key or certificate file.

System action

The operation fails.

Administrator response

Ensure that the path and filename are correct, and that the password is correct. Then, try the operation again.

CTGKM3044E The file VALUE_0 is reserved for internal IBM Security Guardium Key Lifecycle Manager keystore. Use another file name.

Explanation

User cannot create a new keystore that has the same location and file name as the internal IBM Security Guardium Key Lifecycle Manager keystore.

System action

The operation fails.

Administrator response

Use a different file name. Then, try the operation again.

CTGKM3045E Value for configuration parameter Audit.eventQueue.max is not valid. A valid value is a non-negative integer.

Explanation

Audit.eventQueue.max is a non-negative integer.

System action

The operation fails.

Administrator response

Specify 0 or a positive integer and try the operation again.

CTGKM3046E Value for configuration parameter Audit.handler.file.size is not valid. A valid value is a non-negative integer.

Explanation

Audit.handler.file.size is a non-negative integer.

System action

The operation fails.

Administrator response

Specify 0 or a positive integer and try the operation again.

CTGKM3047E Value for configuration parameter Audit.handler.file.threadlifespan is not valid. A valid value is a non-negative integer.

Explanation

Audit.handler.file.threadlifespan is a non-negative integer.

System action

The operation fails.

Administrator response

Specify 0 or a positive integer and try the operation again.

CTGKM3048E Value for configuration parameter Audit.handler.file.multithreads is not valid. A valid value is true or false.

Explanation

Audit.handler.file.multithreads parameter allows the use of multiple threads while logging audit events. The valid value is either true or false.

System action

The operation fails.

Administrator response

Specify true or false and try the operation again.

CTGKM3049E The tklm.backup.dir configuration parameter cannot be modified directly. To change to a different directory, specify the new directory when doing the next backup.

Explanation

The current backup directory cannot be modified. To change to a different directory, specify the new directory when doing the next backup.

System action

The operation fails.

Administrator response

Do not use the Config Update REST Service to modify the tklm.backup.dir configuration parameter.

CTGKM3050E Value for configuration parameter cert.valiDATE is not valid. A valid value is true or false.

Explanation

Valid value for cert.valiDATE is true or false.

System action

The operation fails.

Administrator response

Specify true or false as the value.

CTGKM3051E Keystore name cannot be modified by updating configuration parameter config.keystore.name directly. Use a keystore command to update the name.

Explanation

Keystore name cannot be modified by updating config.keystore.name directly. Use a keystore command to update the name.

System action

The operation fails.

Administrator response

Keystore name cannot be modified by updating config.keystore.name directly. Use a keystore command to update the name.

CTGKM3052E Invlalid value for configuration parameter disableDatabaseBackup. A valid value is true or false.

Explanation

Value for configuration parameter disableDatabaseBackup is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false as the input value.

CTGKM3053E Value for configuration parameter fips is not valid. A valid value is on or off.

Explanation

Value for configuration parameter fips is not valid. A valid value is on or off.

System action

The operation fails.

Administrator response

Specify on or off as the input value.

CTGKM3054E Value for configuration parameter requireHardwareProtectionForSymmetricKeys is not valid. A valid value is true or false.

Explanation

Value for configuration parameter requireHardwareProtectionForSymmetricKeys is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false as the input value.

CTGKM3055E Unable to modify the backup directory. To change to a different directory, specify the new directory when you perform the next backup.

Explanation

The current backup directory cannot be modified. To change to a different directory, specify the new directory when you perform the next backup.

System action

The operation fails.

Administrator response

Do not use the Update Config Property REST Service to modify the tklm.backup.db2.dir parameter. Specify the new directory in the next backup run.

CTGKM3056E Value for configuration parameter tklm.encryption.pbe.algorithm is not valid. A valid value is PBEWithMD5AndTripleDES.

Explanation

Value for configuration parameter tklm.encryption.pbe.algorithm is not valid. A valid value is PBEWithMD5AndTripleDES.

System action

The operation fails.

Administrator response

Specify PBEWithMD5AndTripleDES as the input value.

CTGKM3057E Value for configuration parameter TransportListener.ssl.clientauthentication is not valid. A valid value is 0, 1 or 2.

Explanation

Value for configuration parameter TransportListener.ssl.clientauthentication is not valid. A valid value is 0, 1 or 2.

System action

The operation fails.

Administrator response

Specify 0, 1 or 2 as the input value.

CTGKM3058E Value for configuration parameter TransportListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.

Explanation

Value for configuration parameter TransportListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.

System action

The operation fails.

Administrator response

Specify an integer between 1 and 65535 as the input value.

CTGKM3059E Value for configuration parameter TransportListener.ssl.protocols is not valid. A valid value is TLS, SSL_TLSv2 or TLSv1.2.

Explanation

Value for configuration parameter TransportListener.ssl.protocols is not valid. A valid value is TLS, SSL_TLSv2 or TLSv1.2.

System action

The operation fails.

Administrator response

Specify TLS, SSL_TLSv2, or TLSv1.2 as the input value.

CTGKM3060E Value for configuration parameter TransportListener.ssl.timeout is not valid. A valid value is an integer between 1 and 120.

Explanation

Value for configuration parameter TransportListener.ssl.timeout is not valid. A valid value is an integer between 1 and 120.

System action

The operation fails.

Administrator response

Specify an integer between 1 and 120 as the input value.

CTGKM3061E Value for configuration parameter TransportListener.tcp.port is not valid. A valid value is an integer between 1 and 65535.

Explanation

Value for configuration parameter TransportListener.tcp.port is not valid. A valid value is an integer between 1 and 65535.

System action

The operation fails.

Administrator response

Specify an integer between 1 and 65535 as the input value and ensure that the port is not used by other applications on the system.

CTGKM3062E Value for configuration parameter TransportListener.tcp.timeout is not valid. A valid value is an integer between 1 and 120.

Explanation

Value for configuration parameter TransportListener.tcp.timeout is not valid. A valid value is an integer between 1 and 120.

System action

The operation fails.

Administrator response

Specify an integer between 1 and 120 as the input value.

CTGKM3063E Value for configuration parameter stopRoundRobinKeyGrps is not valid. A valid value is true or false.

Explanation

Value for configuration parameter stopRoundRobinKeyGrps is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false.

CTGKM3064E Value for configuration parameter useSKIDefaultLabels is not valid. A valid value is true or false.

Explanation

Value for configuration parameter useSKIDefaultLabels is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false.

CTGKM3065E Value for configuration parameter zOSCompatibility is not valid. A valid value is true or false.

Explanation

Value for configuration parameter zOSCompatibility is not valid. A valid value is true or false.

System action

The operation fails.

Administrator response

Specify true or false.

CTGKM3066E Value for configuration parameter pcache.refresh.interval is not valid. A valid value is a positive integer.

Explanation

Value for configuration parameter pcache.refresh.interval is not valid. A valid value is a positive integer.

System action

The operation fails.

Administrator response

Specify a positive integer.

CTGKM3067E Failed to create the directory for the log file:

Explanation

Cannot create a new directory as specified.

System action

The operation fails.

Administrator response

Specify a valid directory name and try again.

CTGKM3068E Cannot create the new log file: VALUE_0

Explanation

Cannot create a new log file as specified.

System action

The operation fails.

Administrator response

Specify a valid file name and try again.

CTGKM3069E Not a valid file name. Specify a path and file name that is relative to SKLM_HOME.

Explanation

Not a valid file name. Specify a path and file name that is relative to SKLM_HOME.

System action

The operation fails.

Administrator response

Specify a valid file and path name and try again.

CTGKM3070E Value for the debug configuration parameter is not valid. Contact IBM Support for valid values.

Explanation

Value for the debug configuration parameter is not valid. Contact IBM Support for valid values.

System action

The operation fails.

Administrator response

Specify a valid value and try again.

CTGKM3071E Cannot set the certificate alias because the keystore is not defined.

Explanation

There is no certificate alias to be set because the keystore is not defined.

System action

The operation fails.

Administrator response

Add or create a keystore for IBM Security Guardium Key Lifecycle Manager. Specify the certificate alias that exists in the keystore and try again.

CTGKM3072E The specified certificate has a different usage. Use a different certificate.

Explanation

The specified certificate has a different usage. Use a different certificate.

System action

The operation fails.

Administrator response

Specify a different certificate alias and try again.

CTGKM3073E Cannot find the class in classpath: VALUE_0

Explanation

Cannot find the class in classpath.

System action

The operation fails.

Administrator response

Make sure the class and package name are correct in the configuration file.

CTGKM3074E Not a valid class name. The class object cannot be instantiated: VALUE_0

Explanation

Not a valid class name. The class object cannot be instantiated.

System action

The operation fails.

Administrator response

Make sure the class and package name are correct in the configuration file.

CTGKM3075E Not a valid class name. It must implement SecurityEventHandlerSpi class: VALUE_0

Explanation

Not a valid class name. It must implement SecurityEventHandlerSpi class

System action

The operation fails.

Administrator response

Make sure the class and package name are correct in the configuration file.

CTGKM3076E Unsupported event type: VALUE_0

Explanation

Unsupported event type.

System action

The operation fails.

Administrator response

Make sure the event type specified in the configuration file is correct.

CTGKM3077E Value for configuration parameter VALUE_0 is not valid. Valid values are success, failure, or both that are separated by comma or semicolon.

Explanation

Valid values are success, failure, or both that are separated by a comma or semicolon.

System action

The operation fails.

Administrator response

Make sure the value is success, failure, or both that are separated by a comma or semicolon.

CTGKM3078E Keystore is not defined. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

Explanation

Keystore is not defined. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

System action

The operation fails.

Administrator response

Create the keystore and certificates and then try the operation again.

CTGKM3079E TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

Explanation

TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

System action

The operation fails.

Administrator response

Create the keystore and certificates and then try the operation again.

CTGKM3080E TLSContext is not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

Explanation

TLSContext is not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

System action

The operation fails.

Administrator response

Create the keystore and certificates and then try the operation again.

CTGKM3081E Not a supported cipher suite: VALUE_0

Explanation

Not a supported cipher suite.

System action

The operation fails.

Administrator response

Specify a different value and try the operation again.

CTGKM3082E No TLS certificate alias defined in the configuration file. TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

Explanation

No TLS certificate alias defined in the configuration file. TrustManager and KeyManager are not initialized. The TransportListener.ssl.ciphersuites parameter cannot be set to the specified value.

System action

The operation fails.

Administrator response

Set config.keystore.ssl.certalias in the configuration file and try the operation again.

CTGKM3083E Configuration parameter tklm.encryption.password cannot be updated.

Explanation

Configuration parameter tklm.encryption.password cannot be updated.

System action

The operation fails.

Administrator response

Configuration parameter tklm.encryption.password cannot be updated.

CTGKM3084E Value for configuration parameter numberOfKeys is not valid. A valid value is a positive integer

Explanation

Value for configuration parameter numberOfKeys is not valid. A valid value is a positive integer, such as 12.

System action

The operation fails.

Administrator response

Specify a positive integer.

CTGKM3085E To export the secret key, user must have proper permissions on the certificate and public key that are used to encrypt the secret key file.

Explanation

To export the secret key, user must have proper permissions on the certificate and public key that are used to encrypt the secret key file.

System action

The operation fails.

Administrator response

Give the user the proper permissions on the certificate and try again.

CTGKM3086E To import the secret key, user must have the proper permissions on the private key that is used to decrypt the secret key file.

Explanation

To import the secret key, user must have the proper permissions on the private key that is used to decrypt the secret key file.

System action

The operation fails.

Administrator response

Give the user the proper permissions on the private key and try again.

CTGKM3087E Deletion is not permitted on the object. Check the enableKMIPDelete flag on the object's device group.

Explanation

Deletion is not permitted on the object when the enableKMIPDelete flag is turned off.

System action

The operation fails.

Administrator response

Turn on the enableKMIPDelete flag on the object's device group and try the operation again.

CTGKM3088E Not a recognized device group internal identifier: VALUE_0

Explanation

The specifed device group internal identifier does not match any device group stored in the database.

System action

The operation fails.

Administrator response

Contact IBM Support.

CTGKM3089E Credential is not specified in KMIPUserSession.

Explanation

KMIPUserSession object must provide the user credential for authorization purpose

System action

The authorization of the KMIP user failed.

Administrator response

Check if the KMIP client provides an appropriate credential such as correct client certificate.

CTGKM3090E The KMIP user is not authorized to access the target object.

Explanation

The KMIP user is not authorized to access the target object.

System action

The authorization of the KMIP user failed.

Administrator response

Check if the KMIP client provides appropriate credentials such as the correct client certificate.

CTGKM3091E There is no KMIP policy defined for the operation.

Explanation

There is no KMIP policy defined for the operation.

System action

The authorization of the KMIP user failed.

Administrator response

The requested KMIP operation may not be supported. Contact IBM Support.

CTGKM3092E KLMResource is not properly instantiated.

Explanation

KLMResource is not properly instantiated.

System action

The authorization of the KMIP user failed.

Administrator response

Contact IBM Support.

CTGKM3093E Device group must be specified as a KMIP user credential.

Explanation

Device group must be specified as a KMIP user credential.

System action

The authorization of the KMIP user failed.

Administrator response

Check if the KMIP request message includes device metadata information.

CTGKM3094E Name or ID of a device group must be specified in device metadata as a KMIP user credential.

Explanation

Name or ID of a device group must be specified in device metadata as a KMIP user credential.

System action

The authorization of the KMIP user failed.

Administrator response

Check if the KMIP request message includes a name or ID of a device group as part of device metadata information.

CTGKM3095E KMIP user's device metadata credential does not match device group information in the target resource.

Explanation

KMIP user's device metadata credential does not match device group information in the target resource.

System action

The authorization of the KMIP user failed.

Administrator response

Contact IBM Support for assistance.

CTGKM3096E Credential in KMIP user session is not properly specified.

Explanation

Credential in KMIP user session is not properly specified.

System action

The authorization of the KMIP user failed.

Administrator response

Contact IBM Support for assistance.

CTGKM3097E User has no authority to access the target object. Access requires action permission on device group, klmConfigure or klmSecurityOfficer permission.

Explanation

User has no authority to access the target object. Access requires action permission on device group, klmConfigure or klmSecurityOfficer permission.

System action

Authorization fails.

Administrator response

Check if the user has appropriate permissions.

CTGKM3098E Certificate expired. Expired certificate cannot be used as default TLS or IKEv2-SCSI certificate.

Explanation

Certificate expired. An expired certificate cannot be used as a default TLS or IKEv2-SCSI certificate.

System action

Update operation fails.

Administrator response

Specify a valid certificate alias and try the operation again.

CTGKM3099E Keystore name VALUE_0 for keystore UUID VALUE_1 is not valid.

Explanation

The specified keystore name is not valid.

System action

The keystore list operation fails.

Administrator response

Specify a different keystore name and try the operation again.

CTGKM3100E Value for configuration parameter lock.timeout is not valid. A valid value is a non negative integer.

Explanation

The specified lock.timeout value is not valid.

System action

The operation to update the lock.tmeout value failed.

Administrator response

Specify a different value and try the operation again.

CTGKM3101E The operation failed as dependent data has been locked. Another user might be accessing the same data. Try the operation again later.

Explanation

The dependant data has been locked and the current thread failed to acquire the lock on the data within limited time frame. It may be because another user is accessing the same data.

System action

Try the operation again.

Administrator response

Try the operation again.

CTGKM3102E VALUE_0 and VALUE_1 cannot use the same port.

Explanation

TCP, KMIP, TLS cannot use the same port.

System action

The operation fails.

Administrator response

Try the operation again.

CTGKM3103E Value for configuration parameter KMIPListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.

Explanation

Value for configuration parameter KMIPListener.ssl.port is not valid. A valid value is an integer between 1 and 65535.

System action

The operation fails.

Administrator response

Specify an integer between 1 and 65535 as the input value and ensure that the port is not used by other applications on the system.

CTGKM3104E Value for configuration parameter backup.keycert.before.serving is not valid. The value must be either true or false.

Explanation

Value for configuration parameter backup.keycert.before.serving is not valid. The value must be either true or false.

System action

The operation fails.

Administrator response

Specify either true or false as the value.

CTGKM3105E Cannot use the certificate for key export operation. The certificate contains an EC key.

Explanation

The certificate contains an EC public key. The IBM JVM 5.0 does not support key encryption using EC key.

System action

The operation fails. Specify a different certificate and try the operation again.

Administrator response

Specify a different certificate and try the operation again.

CTGKM3107E Value for configuration parameter autoRestartAfterRestore is not valid. The value must be either true or false.

Explanation

Value for configuration parameter autoRestartAfterRestore is not valid. The value must be either true or false.

System action

The operation fails.

Administrator response

Specify either true or false as the value.

CTGKM3109E Key or certificate with alias or key prefix VALUE_0 was not served because it has not been released.

Explanation

Keys or certificates must be released before they can be served. This message may also occur if the config property release.date is missing or wrongly formatted.

System action

The operation fails.

Administrator response

First, run the command tklmKeyRelease. Then try the operation again.

CTGKM3106E Key or certificate with alias or key prefix VALUE_0 was not served because it is not backed up.

Explanation

Keys or certificates must be backed up before they can be served.

System action

The operation fails.

Administrator response

First back up IBM Security Guardium Key Lifecycle Manager. Then, try the operation again.

CTGKM3110E Value for configuration parameter enableKeyRelease is not valid. The value must be either true or false.

Explanation

Value for configuration parameter enableKeyRelease is not valid. The value must be either true or false.

System action

The operation fails.

Administrator response

Specify either true or false as the value.

CTGKM3111E Value for configuration parameter requireSHA2Signatures is not valid. The value must be either true or false.

Explanation

Value for configuration parameter requireSHA2Signatures is not valid. The value must be either true or false.

System action

The operation fails.

Administrator response

Specify either true or false as the value.

CTGKM3112E Cannot generate self signed certificate for GPFS Device Family.

Explanation

Self signed certificate creation is not allowed for GPFS type of devices.

System action

The certificate operation fails.

Administrator response

Specify the correct Device Family where the certificate needs to be created.

CTGKM3221E Join Back to Cluster process has failed.

Explanation

System action

The operation fails.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM3222E The Db2 admin group name cannot be longer than 8 characters.

Explanation

System action

Installation cannot continue until you correct the error.

Administrator response

CTGKM3223E Initial Backup folder doesn't exist at target Standby Master.

Explanation

System action

The operation fails.

Administrator response

Provide a correct folder identifier. Then, retry the operation.

CTGKM3224E Restoring process of Initial Backup failed at target Standby master.

Explanation

System action

The operation fails.

Administrator response

Check the log entries to find out the reason for the failure. Make appropriate changes. Then, try the operation again.

CTGKM3225E Intial Backup file doesn't exists in initialbackup folder.

Explanation

System action

The operation fails.

Administrator response

CTGKM3226E Validation failed for field VALUE_0.

System action

The operation fails.

CTGKM3227W Not yet updated.

Explanation

When you log in to the IBM Security Guardium Key Lifecycle Manager graphical user interface for the first time, the status of the Masters table in the Multi-master pane is displayed as Not yet updated.

System action

Status of the Masters table is not updated.

Administrator response

In the Masters table, select a Master, and click Refresh Master. The Masters table refreshes and displays the latest status.

CTGKM3229E The VALUE_0 server failed the following prerequisite checks:

Explanation

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the multi-master server. Then, try the operation again.

CTGKM3230E Port VALUE_0 is not a valid one.

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the IBM Security Guardium Key Lifecycle Manager multi-master server. Then, try the operation again.

CTGKM3231E Operating system and Db2 levels don't match.

Explanation

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the multi-master server. Then, try the operation again.

CTGKM3232E User doesn't have permission to access the temp directory.

Explanation

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the multi-master server. Then, try the operation again.

CTGKM3233E Incoming instance VALUE_0 contains master key and hence, can't be added to the cluster.

Explanation

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the multi-master server. Then, try the operation again.

CTGKM3234E Credentials of VALUE_0 are not valid.

System action

Prerequisite check failed.

Administrator response

Review the requirements to add a master server to the IBM Security Guardium Key Lifecycle Manager multi-master server. Then, try the operation again.

CTGKM3235E Updating MultiMaster Config details failed while removing Standby Master.

Explanation

System action

Remove standby master server operation fails.

Administrator response

Check the log to identify the root cause. Correct the problem, and then retry the standby master server removal operation.

CTGKM3237E Db2 credential check failed. Check whether Db2 server is running, and mapping of the host name to IP address on both the servers is correct.

Explanation

System action

The Add master operation fails.

Administrator response

Ensure that the master server that is being added to the cluster has access to the database.

CTGKM3238E Exception occurred while updating replication configuration details.

Explanation

During the replication setup, replication configuration fails.

System action

The replication configuration operation fails.

Administrator response

Check the IBM Security Guardium Key Lifecycle Manager log to identify the root cause. Correct the problem, and then retry the replication configuration operation.

CTGKM3239E Exception occurred while adding clone.

Explanation

During the replication setup, replication configuration fails.

System action

The replication configuration operation fails.

Administrator response

Check the IBM Security Guardium Key Lifecycle Manager log to identify the root cause. Correct the problem, and then retry the replication configuration operation.

CTGKM3241E The IBM Security Guardium Key Lifecycle Manager version on the server is not the same as the IBM Security Guardium Key Lifecycle Manager version on the Multi-Master cluster.

Explanation

System action

The Add master operation fails.

Administrator response

Ensure that the version of the master server to be added is the same as the version of the primary master server.

CTGKM3242E The operating system version or Db2 version of the server are different than those of the primary master server.

Explanation

As a prerequisite check, the Add master operation validates whether the server has the same operating system and Db2 versions as those of the primary master server.

System action

The Add master operation fails.

Administrator response

Add a server that has the same operating system and Db2 versions as those of the primary master server, and retry the operation.

CTGKM3243E The Db2 user (For example, sklmdb41) does not have read-write pe