KMIP Errors and Troubleshooting

KMIP Client Logs

  • /host/var/log/hcs/kmipcmd.log: Fully-formatted KMIP protocol output. Key values are redacted.
  • /host/var/log/hcs/ht_kmip.log: Output from the KMIP client implementation. Includes operations attempted and appropriate error codes.

KMIP Server Logs

  • /host/var/log/hcs/kmipsrv.log: Transactions for server stop and start. This is mostly for debugging.
  • /host/var/log/hcs/traffic.log: Fully-formatted KMIP protocol output. Key values are redacted.
  • Audit log: You can configure the KMIP server to record all KMIP requests and responses or just the create/get requests and responses in the KeyControl Audit log. You can also configure the server so that it does not log any KMIP information in the Audit log. For details about setting this option, see Configuring a KeyControl KMIP Server.

Troubleshooting

The most common errors are:

  • Error 10 KMIP_ERROR_IO — Generally, the client is not talking to the server at all. This could be because of firewall issues, incorrect “Host Name” in KMIP client settings, or some other network issue. You can check connectivity with netcat via the console menu under “Diagnostic Tools”.

  • Error 29 KMIP_ERROR_SSL_PARAMS — Seen when incomplete parameters are entered on the KMIP Basic tab. For details about setting these options, see Configuring a KeyControl KMIP Server.

  • Error 30 KMIP_ERROR_SSL_PEER_VALIDATION — Seen when the KMIP server required Server Cert and one was not provided.

  • Error 31 KMIP_ERROR_BAD_PASSWORD — One of the passwords entered for a KMIP client is incorrect.

  • Error 32 KMIP_ERROR_BAD_TRUSTED_FILE — The CA cert argument specified for the KMIP client is incorrect. For details about certificates, see Creating KMIP Client Certificate Bundles.

Full List of KMIP Errors

#define KMIP_ERROR_NONE                    0
#define KMIP_ERROR_FAILED                  1
#define KMIP_ERROR_ALLOC                   2
#define KMIP_ERROR_BAD_ARGS                3
#define KMIP_ERROR_SPACE                   4
#define KMIP_ERROR_BAD_DATA                5
#define KMIP_ERROR_INCOMPLETE              6
#define KMIP_ERROR_BAD_CERT_FILE           7
#define KMIP_ERROR_BAD_KEY_FILE            8
#define KMIP_ERROR_BAD_CONNECT             9
#define KMIP_ERROR_IO                      10
#define KMIP_ERROR_NOT_FOUND               11
#define KMIP_ERROR_BAD_TYPE                12
#define KMIP_ERROR_NO_DATA                 13
#define KMIP_ERROR_INVALID                 14
#define KMIP_ERROR_RANGE                   15
#define KMIP_ERROR_CHECK                   16
#define KMIP_ERROR_NOT_SUPPORTED           17
#define KMIP_ERROR_BAD_PROTOCOL            18
#define KMIP_ERROR_NO_SPACE                19
#define KMIP_ERROR_BAD_ID                  20
#define KMIP_ERROR_DENIED                  21
#define KMIP_ERROR_TOO_LARGE               22
#define KMIP_ERROR_GENERATE_FAILED         23
#define KMIP_ERROR_EVAL_EXPIRED            24
#define KMIP_ERROR_ARCHIVED                25
#define KMIP_ERROR_BAD_STATE               26
#define KMIP_ERROR_RETRY                   27
#define KMIP_ERROR_NO_PROVIDERS            28
#define KMIP_ERROR_SSL_PARAMS              29
#define KMIP_ERROR_SSL_PEER_VALIDATION     30
#define KMIP_ERROR_BAD_PASSWORD            31
#define KMIP_ERROR_BAD_TRUSTED_FILE        32
#define KMIP_ERROR_AUTH_FAILED             33
#define KMIP_ERROR_CERT_AUTH_FAILED        34
#define KMIP_ERROR_DB_CONNECT              35
#define KMIP_ERROR_DB_GENERAL              36
#define KMIP_ERROR_AGAIN                   37
#define KMIP_ERROR_NOT_UNIQUE              38
#define KMIP_ERROR_DB_INSERT               39
#define KMIP_ERROR_DB_UPDATE               40
#define KMIP_ERROR_SINGLE_INSTANCE         41
#define KMIP_ERROR_SERVER_TRUST            42
#define KMIP_ERROR_PROTECT                 43
#define KMIP_ERROR_REPLICATE               44
#define KMIP_ERROR_SERIALISE               45
#define KMIP_ERROR_PROXY                   46
#define KMIP_ERROR_SSL_VALIDATION          47
#define KMIP_ERROR_SSL_VERIFY_HOST         48
#define KMIP_ERROR_SPECIFICATION_ERROR     49
#define KMIP_ERROR_POOL_FAILURE            50
#define KMIP_ERROR_DB_TRANSACTION          51
#define KMIP_ERROR_DB_LIMIT                52
#define KMIP_ERROR_DB_LOCK                 53
#define KMIP_ERROR_CRYPTO                  54
#define KMIP_ERROR_INVALID_FIELD           55
#define KMIP_ERROR_ATTESTATION_REQUIRED    56
#define KMIP_ERROR_ATTESTATION_FAILED      57
#define KMIP_ERROR_BAD_INDEX               58
#define KMIP_ERROR_NAMESPACE               59
#define KMIP_ERROR_FEATURE_DISABLED        60
#define KMIP_ERROR_VERIFY                  61
#define KMIP_ERROR_DB_READ_ONLY            62
#define KMIP_ERROR_FIPS140                 63
#define KMIP_ERROR_HSM                     64
#define KMIP_ERROR_TOKEN                   65
#define KMIP_ERROR_NO_KEY                  66
#define KMIP_ERROR_HEARTBEAT_BLOCKED       67
#define KMIP_ERROR_SSL_HANDSHAKE           68
#define KMIP_ERROR_SSL_BAD_TIMEOUT         69
#define KMIP_ERROR_HSM_OFFLINE             70
#define KMIP_ERROR_CERT_KEY_MISMATCH       71

 

HyTrust DataControl v 4.3

Copyright © 2019 HyTrust, Inc. All Rights Reserved.

Follow us: