Recovery from Encryption Key Manager migration failure

During inline migration process for Encryption Key Manager, you might encounter migration failure. If the migration failure occurs, run the migration recovery steps.

The installation process completes the installation step for IBM® Security Guardium® Key Lifecycle Manager and starts a migration process to migrate data from Encryption Key Manager to IBM Security Guardium Key Lifecycle Manager.

  • When the migration process starts, an error might occur during the installation program is validating the values in the Encryption Key Manager properties file for the following conditions:
    • The properties file cannot be read because of inadequate access permissions.
    • A required property does not exist or does not have a value.
    • The value of a property is malformed.
    • The file that a property points to does not exist or cannot be read because of inadequate access permissions.
  • An error might occur after the migration operation completes significant activities. In this case, review the error log file:
    AIX® and Linux®

If Encryption Key Manager migration fails and you choose to complete the remaining migration process, you can start a migration-recovery script if you do not make changes or otherwise configure Guardium Key Lifecycle Manager server before you run the script. For information about how to run the script, see Migration recovery script for Encryption Key Manager.

If Encryption Key Manager migration fails, and no data were migrated, remove the tklmKeystore.jceks file to start the migration process again. You can locate the file in the WAS_HOME\products\sklm\keystore directory.

For the definition of IM_DATA_DIR and WAS_HOME, see Definitions for HOME and other directory variables.