KMIP Errors and Troubleshooting

KMIP Client Logs

• /host/var/log/hcs/kmipcmd.log: Fully-formatted KMIP protocol output. Key values are redacted.
• /host/var/log/hcs/ht_kmip.log: Output from the KMIP client implementation. Includes operations attempted and appropriate error codes.

KMIP Server Logs

• /host/var/log/hcs/kmipsrv.log: Transactions for server stop and start. This is mostly for debugging.
• /host/var/log/hcs/traffic.log: Fully-formatted KMIP protocol output. Key values are redacted.
• Audit log: You can configure the KMIP server to record all KMIP requests and responses or just the create/get requests and responses in the KeyControl Vault Audit log. You can also configure the server so that it does not log any KMIP information in the Audit log. For details about setting this option, see Configuring a KeyControl Vault KMIP Server.

Troubleshooting

The most common errors are:

• Error 10 KMIP_ERROR_IO—Generally, the client is not talking to the server at all. This could be because of firewall issues, incorrect “Host Name” in KMIP client settings, or some other network issue. You can check connectivity with netcat via the console menu under “Diagnostic Tools”.

• Error 29 KMIP_ERROR_SSL_PARAMS—Seen when incomplete parameters are entered on the KMIP Basic tab. For details about setting these options, see Configuring a KeyControl Vault KMIP Server.

• Error 30 KMIP_ERROR_SSL_PEER_VALIDATION—Seen when the KMIP server required Server Cert and one was not provided.

• Error 31 KMIP_ERROR_BAD_PASSWORD—One of the passwords entered for a KMIP client is incorrect.

• Error 32 KMIP_ERROR_BAD_TRUSTED_FILE—The CA cert argument specified for the KMIP client is incorrect. For details about certificates, see Creating KMIP Client Certificate Bundles.