DataControl Audit Messages

There are many audit messages produced by DataControl. Many of these are informative and require no action. In the tables below, we list many of the audit messages and show:

  • Whether an Alert is also generated.
  • The severity (L=Low, M=Medium, H=High).
  • What the resolution is if any action should be taken.

  • In the Message column, a %s represents a string value. For example, in the following message:

    Added user %s to group %s

    The actual message will be displayed with the name of the user and group, for example:

    Added user fred to group IT

Msg ID

Message

Severity

Alert?

Description

Resolution

1

 System License installed.

L

no

 A new license has been uploaded and installed.

2

 Begin System Initialization

L

no

3

 Created group %s

M

no

 The specified admin group has just been created.

4

 Created Domain %s

L

no

 This message appears during initialization of the first KeyControl node.

5

 Added user %s to group %s

M

no

 The user shown has been added to the specified admin group.

6

 Expired password for user %s

H

no

 A password has expired for the specified user. The specified user needs to log into the GUI and change his/her password.

7

 User %s logged out from ipaddr %s

L

no

 The specified user has just logged out from the IP address shown.

8

 Changed following attributes for user Security Administrator :- Password, Password Expiration Date, Password History List

M

no

 One or more of the listed attributes has been changed for the user.

9

 Changed SMTP Auth Settings

M

no

 Email settings have been modified.

10

 EKS has been removed, not destroying old admin keypair

M

no

 Permission to use External Key Store has been removed. The old Admin Key was NOT removed on the EKS to allow restoration of older backups. Informational only. Restore or add new access if so desired.

11

 Regenerated Admin Key. The generation count of this key is %s. Reason: %s

H

yes

12

 Created Cloud VM Set %s

L

yes

13

 Could not create Cloud VM Set %s, HTCC server connection not configured

M

no

14

 Masterkey Recovered on node %s

H

yes

15

 User %s logged in from ipaddr %s

L

no

 The specified user has just logged in from the IP address shown.

16

 Repeated login failures for %s from ipaddr %s

H

yes

 There have been a succession of login failures for the specified user. A security admin should check whether the correct user has been trying to log in or not.

17

 Account disabled for %s due to repeated login failures

H

yes

 The number of failed login attempts has reached the maximum allowed value. A security admin needs to reset the account to enable access.

18

 Server registration failed -- No license Installed

H

yes

19

 Attempt to register a new %s server "%s" failed -- licensed limit reached.

H

yes

 The number of KeyControl servers is already at the limit imposed by the license. An attempt is being made to another another node. A new license will be required before the number of nodes in the cluster can be extended. Please contact support@hytrust.com

20

 Storage Pool %s Filestore %s on server %s is low on space.

H

yes

21

 Changed following Settings :- %s

M

no

22

 Changed following attributes for group %s :- %s

M

no

 One or more of the listed attributes has been changed for the group shown.

23

 Virtual Machine %s authenticated

L

no

 A VM has registered or re-authenticated. This message is in response to direct admin actions. No action is required.

24

 Virtual Machine %s created in group %s

L

no

25

 Removed Server %s from Cloud %s

L

no

26

 Created Cluster Info %s

L

no

27

 Removed Cluster Info %s

L

no

28

 Activated account for user %s

M

no

 A user's account has been activated.

29

 Disabled account for user %s

H

no

 A user's account has been disabled. A security admin should check to see if the account should be enabled again.

30

 Created user %s

M

no

 The specified user has been created.

31

 Deleted user %s

M

no

 The specified user has been deleted.

32

 Renamed user %s to %s

L

no

 A username has been modified.

33

 Deleted group %s

L

no

 The specified groups has been deleted.

34

 Renamed group %s to %s

L

no

 An admin group has been renamed.

35

 Removed user %s from group %s

M

no

 The specified user has been removed from the group shown.

36

 Using EKS for MasterKey protection

M

no

 An External Key Store has been configured to protect the Admin Key.

37

 Admin Key regeneration failed. Failed to use external KMIP Server for MasterKey protection

M

yes

 An External Key Store has been configured to protect the Admin Key but access was not allowed for keypair creation. EKS denied access to create/retrieve an RSA keypair. Please check KMIP settings and configuration.

38

 Could not register to HTCC, htcc server, password and login must be specified

H

no

39

 Could not register to HTCC %s: HTCC login failed

H

no

40

 Could not register to HTCC %s. Please check user privileges and Boundary Control License on HTCC

H

no

41

 Successfully registered with HTCC Server %s

M

no

42

 Keyid %s has %s

H

yes

 Keyid has expired and/or rotated. Keys only expire if a Cloud Admin has explicitly set them to expire.

43

 The Key for disk %s Virtual Machine %s has %s

H

yes

 A key for the specified VM has either expired or been rotated. Keys only expire or rotate if a Cloud Admin has explicitly set them to expire or rotate.

44

 Key in VMSet %s on VMV %s has %s

M

yes

45

 Changed following KeyControl cluster settings :- %s

M

no

 The name of the cluster has been modified.

46

 Deleted Domain %s

M

yes

47

 Changed following KPS Settings :- %s

M

no

48

 Changed following VS Appliance Settings :- %s

M

no

49

 Unknown pool %s appeared on VMV, destroying...

M

yes

50

 Changed following Storage Pool Settings :- %s

M

no

51

 Changed following attributes of filestore %s :- %s

M

no

52

 Changed following settings for Cluster Info %s :- %s

M

no

53

 Coretrace Server %s, changed following attributes :- %s

M

no

54

 Changed following settings for Cloud VM Set %s :- %s

M

no

55

 Cloud VM Set %s changed group ownership from %s to %s.

H

no

56

 Deleted Cloud VM Set %s

M

yes

57

 Cloud VM Set %s: added keyid %s using %s cipher

H

no

 A VM user has explicitly requested creation of a KeyID using the specified cipher.

58

 Cloud VM Set %s: Virtual Machine %s removed keyid %s

M

no

 A VM user has explicitly requested deletion of the specified KeyID. It has been removed from the specified Cloud VM.

59

 Cloud VM Set %s: updated keyid %s

L

no

 The KeyID description was changed.

60

 Cloud VM Set %s: Virtual Machine %s attempted to fetch inactive keyid %s

M

no

 The KeyID shown has been revoked but an attempt was made to fetch it. The cloud admin who owns the key should determine whether access should be reinstated or not.

61

 Cloud VM Set %s: Virtual Machine %s attempted to fetch expired keyid %s

M

no

 An attempt has been made to fetch an expired KeyID. The cloud admin who owns the key should determine whether access should be reinstated or not. This is only possible if the KeyID was set to 'No use?' on expiration.

62

 Cloud VM Set %s: Virtual Machine %s fetched keyid %s

M

no

 A request has been made to access the specified KeyID.

63

 Revoked permission for keyid %s

M

yes

 KeyID is currently revoked. It must be activated before use. The cloud admin who owns the key should determine whether access should be reinstated or not.

64

 Granted permission for keyid %s

H

yes

 KeyID has been activated after having been previously revoked.

65

 Cloud VM Set %s keyid %s updated - description %s

L

no

 The description field for the specified KeyID has been updated.

66

 Cloud VM Set %s keyid %s updated - key expires on %s, onexpiry %s

M

no

 The expiration date and effect on expiration for the specified KeyID have been updated.

67

 Cloud VM Set %s Keyid %s has expired

M

yes

 An expiration date has been hit for the specified KeyID The owning cloud admin should verify that the KeyID should be no longer used.

68

 Keyid %s has expired

M

yes

 A request to access an expired KeyID has been made. The owning cloud admin should verify that the KeyID should be no longer used.

69

 The Key for keyid %s in Cloud VM Set %s expires in %d day(s). Please extend the key life.

M

yes

 A KeyID is about to expire. The owning cloud admin should verify that the KeyID should be expire and change the date if not.

70

 Unable to check keyid %s

M

no

 An error occurred while attempting to check properties of KeyID. An internal error occurred while checking expiration/rotation properties for specific keyid. Informational only, keyid will be checked again.

78

 Properties changed for VMSet %s on server %s (%s)

M

no

79

 Virtual Machine %s, changed following attributes: %s

M

no

80

 Deleted Virtual Machine %s

L

yes

81

 Deleted Certificate %s

L

no

 An unused certificate was deleted

82

 The Virtual Machine %s, could not be checked for geo-location boundary. HTCC login failed

H

yes

83

 The Virtual Machine %s, is not in the geo-location boundary. Key access is denied

H

yes

84

 The Virtual Machine %s, is in the geo-location boundary. Key access is granted

M

yes

85

 Added Virtual Machine %s, authentication complete

L

yes

 A VM has completed registration. This message is in response to direct admin actions. No action is required.

86

 Added Virtual Machine %s, authentication pending

M

yes

 A VM has a registration request pending. The cloud admin needs to complete authentication in the KeyControl GUI.

87

 Removed Server %s from Cloud %s

L

no

88

 Renamed Server %s to %s

L

no

89

 Virtual Machine %s re-connected, authentication pending

H

yes

 A VM has a re-authorization request pending. The cloud admin needs to complete re-authorization in the KeyControl GUI.

90

 Revoked permissions for Virtual Machine %s

M

no

91

 Re-authenticated Virtual Machine %s from KPS

M

no

 A VM has a re-authorized. This message is in response to direct admin actions. No action is required.

92

 Virtual Machine %s added disk %s

L

no

 A new disk has been added to the specified VM.

93

 Virtual Machine %s removed disk %s

L

yes

 A disk has been removed from the specified VM.

94

 Virtual Machine %s : disk %s renamed to %s

L

no

95

 Virtual Machine %s attempted to fetch key for inactive disk %s. %s

L

no

 If a disk is not active, no keys will be delivered.

96

 Virtual Machine %s attempted to fetch expired key for disk %s. %s

H

no

 If a key has expired an attempt by a VM to fetch the key will fail. The cloud admin should determine whether the expiration date should be extended. This does not apply to shredded keys.

97

 Virtual Machine %s fetched key for disk %s. %s

L

no

 A key for the specified disk has been requested by the VM shown.

98

 Virtual Machine %s created key for disk %s using %s cipher

L

no

 A disk has been encrypted. The type of cipher is shown.

99

 Virtual Machine %s revoked permission for disk %s

M

yes

100

 Virtual Machine %s granted permission for disk %s

M

yes

101

 Virtual Machine %s added mount point %s

L

no

 An encrypted folder has been mounted.

102

 Virtual Machine %s removed fs %s

L

yes

 An encrypted folder has been removed.

106

 The Key for disk %s Virtual Machine %s has expired

H

yes

 An attempt is being made to change properties for an already expired key. The cloud admin should determine whether the key of the disk should be made accessible. This is only possible if the disk's key has not been shredded.

107

 Virtual Machine %s set key expiry to %s, onexpiry to %s for disk %s

H

no

 An expiration date has been set on a key for the specified disk. The effect taken on expiration is shown. The cloud admin should determine whether the expiration date should be extended.

108

 The Certificate for Virtual Machine %s expire%s %d days%s. Please renew the certificate.

M

yes

109

 The Key for disk %s Virtual Machine %s has expired

H

yes

 The key shown for the specified VM has expired. The cloud admin should determine whether the expiration date should be extended.

110

 The Key for disk %s Virtual Machine %s expires in %d day(s). Please extend the key life.

H

yes

 The encryption key shown is about to expire. The cloud admin should determine whether the expiration date should be extended.

111

 Unable to check key for disk %s Virtual Machine %s

M

no

 An error occurred while attempting to check properties of key for the given disk and VM. An internal error occurred while checking expiration/rotation properties for specified key. Informational only, key will be checked again.

112

 Virtual Machine %s rebooted, reauthentication required

H

yes

 A VM has rebooted and the reboot setting requires that the VM is re-authenticated. The cloud admin needs to complete re-authorization in the KeyControl GUI.

113

 Virtual Machine %s has new alerts, please check

M

yes

114

 Added Coretrace policy "%s" to Virtual Machine %s

L

yes

115

 Activated Coretrace policy "%s" for Virtual Machine %s

M

no

116

 De-activated Coretrace policy "%s" for Virtual Machine %s

M

no

117

 Modified Coretrace policy "%s" for Virtual Machine %s

M

no

118

 Removed Coretrace policy "%s" for Virtual Machine %s

M

no

119

 Deleted CAStore %s

M

no

120

 Removed Server %s from Domain %s

L

no

121

 Storage pool %s created on server %s (%s)

L

no

122

 Storage pool %s extended on server %s (%s)

L

no

123

 Log added to Storage pool %s on server %s (%s)

L

no

124

 Log removed from Storage pool %s on server %s (%s)

L

no

125

 Storage pool %s deleted from server %s (%s)

L

no

126

 Disk added to hot spare list on server %s (%s)

L

no

127

 Disk removed from hot spare list on server %s (%s)

L

no

128

 Filestore %s created on server %s (%s)

L

no

129

 Filestore %s deleted from server %s (%s)

L

no

130

 Removed server %s (%s) from domain %s

L

yes

131

 KMIP Server restarted on %s

M

no

 The KMIP server has been restarted on the specified host.

132

 KMIP Server started on %s

L

yes

 The KMIP server has been started on the specified host.

133

 KMIP Server halted on %s

H

yes

 The KMIP server has been halted on the specified host.

134

 KMIP Server: All client certificates removed

H

yes

 All client certificates have been removed from the KMIP server.

135

 KMIP Server: Client certificate %s removed

H

yes

 The specified client certificate has been removed from the KMIP server.

136

 KMIP Server: Client certificate %s updated

M

no

 The specified client certificate has been updated on the KMIP server.

137

 KMIP Server: Client certificate %s created

M

yes

 The specified client certificate has been created on the KMIP server.

138

 Could not store oskey on %s/%s. Needs recovery

H

yes

 Could not store object store key on joining KC node KC join did not succeed, node should be removed from cluster. If problem persists contact support.

139

 Reconnect not allowed for %s/%s. Please follow reauthenication steps

H

yes

 KC has attempted to reauthenticate with cluster that does not recognize it KC node likely was in the cluster and removed. Should be re-joined

140

 Cluster join failed for %s/%s.

H

yes

 KC has failed to join cluster KC node join can be attempted again. If problem persists contact support

141

 Reconnect info does NOT match. Follow reauthentication steps for node %s/%s

H

yes

 KC has attempted to reauthenticate with cluster but its info has changed KC node likely needs MasterKey recovery or kicked out of cluster and re-joined

142

 Could not store connection info for %s/%s

H

yes

 KC cannot store info to reconnect to cluster on restart Condition could be transitory, node could be restarted. Also could indicate that KC disk is full

143

 Problem with auth/secd communication

H

yes

 Communication stack on KC is not working

144

 System utilities NOT functioning. Authentication will not happen

H

yes

 Auth daemon unable to query system information

145

 Attempt to add node %s/%s which has valid data but no clusterid. Please reauthenticate if this is a valid action.

M

yes

 KC was formerly in a cluster that has no identifying cluster ID If action is a valid one, proceed with join. Note that the KC data on joining node will be destroyed

146

 Attempt to add node %s/%s which has a different clusterid. Please reauthenticate if this is a valid action.

M

yes

 KC was formerly in a different cluster than the one it is attempting to join If action is a valid one, proceed with join. Note that the KC data on joining node will be destroyed

147

 Could not restore cluster to normal operating mode after adding new node, error $rc

M

yes

 KC cluster state could not be restored to normal operating state Can indicate cluster join issues

148

 KeyControl Server system `hostname` ($myip) $act.

L

no

149

 Restricted support login enabled on `hostname`

M

yes

 Restricted support login was enabled on KC

150

 Full support login enabled on `hostname`

M

yes

 Full support login was enabled on KC

151

 All support logins disabled on `hostname`

M

yes

 All support logins were disabled on KC

152

 KeyControl node {$myip[0]}/{$myhost[0]} has failed upgrade to version {$curver}

H

yes

 KC upgrade to new version has failed KC will revert to prior install. Upgrade can be attempted again if valid or contact support

153

 KeyControl node {$myip[0]}/{$myhost[0]} reverted from {$str[1]} to {$str[2]}

M

yes

 User initiated revert to previous version has succeeded.

154

 KeyControl node {$myip[0]}/{$myhost[0]} has successfully upgraded to version {$curver}

M

yes

 KC upgrade to new version has succeeded.

155

 KeyControl node {$myip[0]}/{$myhost[0]} has failed upgrade finalization to version {$curver}

H

yes

 KC upgrade to new version has failed KC will revert to prior install. Upgrade can be attempted again if valid or contact support

156

 Hostname %s, Management IP %s, Current Version %s, New Version %s. Upgrade from version {$oldver} (b{$oldrevision}) to version {$curver} (b{$newrevision}) not allowed. Consult product documentation for upgrade procedure

H

yes

 KC upgrade to this version is not supported from current version Upgrade to a supported version and/or contact support

157

 Upgrade from version {$oldver} to version {$curver} not officially supported but allowed for development

L

yes

 KC upgrade to this version is not officially supported but allowed for development build

158

 Internal error $ret checking upgrade from {$oldver} to {$curver}

H

yes

 An error has occurred attempting to valid upgrade Contact support

159

 Multiple KeyControl nodes still in cluster. All excess KeyControl nodes must be removed before upgrade.

H

yes

 Upgrade should be attempted on only a single node cluster Remove all nodes from cluster except the node to be upgraded

160

 Insufficient free space to perform upgrade. Consult product documentation for procedure to add another disk

H

yes

 Disk does not have enough space for upgrade Consult support for freeing disk space or create/join a node with more space and upgrade that

161

 System has reverted to prior installation.

L

yes

 System has successfully reverted to prior version

162

 Failed revert to prior installation.

H

yes

 System failed to revert to prior version Contact support. Current version is still in place

163

 System utilities NOT functioning.

H

yes

 Unable to query system info

164

 Error resizing partition

H

yes

 An error occurred while resizing the KeyControl storage. Please contact support.

165

 Error resizing storage pool

H

yes

 An error occurred while resizing the KeyControl storage. Please contact support.

166

 Successfully resized KeyControl storage pool

M

no

 The storage pool on the KeyControl node was successfully resized.

167

 KMIP Server operation failed - internal error

M

yes

 KMIP server operation failed with an internal error. Consult support or retry operation

168

 %s operation %s for %s on %s, TaskId: %s.

L

no

 A task has changed state

169

 Virtual Machine %s : disk %s resized to %s

L

no

 Virtual Machine disk is resized

170

 Virtual Machine %s : KC mapping %s attached

L

no

 A KC Mapping is attached to a VM

172

 User %s changed %s passwd

M

yes

 Passwd changed for htadmin

173

 User %s failed to change %s passwd

M

yes

 An admin attempted a reset console/htadmin passwd that failed

174

 A support event has occurred on HyTrust node %s. Please create a Support Bundle as described in the online help, then contact HyTrust support.

H

yes

 Please contact HyTrust support (support@hytrust.com) for more information

175

 New certificate created with guid %s in group %s

L

no

 A new certificate has been create for use with policy agent or KMIP server

176

 Backup created successfully for %s (%s)

L

no

 A new backup image has been created on the KeyControl appliance

177

 Failed to create backup for %s (%s)

M

no

 Creation of the backup image failed. Backup will be retried automatically or can be triggered manually via the WebGUI

178

 KeyControl Cluster is in normal mode

L

no

 The KeyControl cluster state has returned to normal operating mode

179

 KeyControl Cluster is in degraded mode

H

no

 The KeyControl cluster has gone into degraded mode. This occurs when the KeyControl nodes in the cluster are not able to communicate successfully Check the availability and connectivity of the KeyControl nodes in the cluster

180

 KeyControl Cluster is in standby mode

L

no

 The KeyControl cluster is in a standby state. This is a temporary state which occurs when a node is joining the cluster

181

 Freespace available on %s has fallen below 2G. An upgrade to the storage for this system should be considered.

H

yes

 The amount of free disk space available to the KeyControl appliance has dropped below our recommended threshold. Please increase the size of the disk or contact support for more assistance Increase the size of the disk and reboot the KeyControl appliance to resize

182

 Login failure for %s from %s

L

no

 User unsuccessfully attempted to login to the KeyControl instance

183

 Reboot of %s initiated by %s

M

yes

 Domain administrator initiated reboot of KeyControl node

184

 KeyControl node reboot initiated from console

M

yes

 The KeyControl node was rebooted from the console

185

 KeyControl node shutdown initiated from console

M

yes

 The KeyControl node was shutdown from the console

186

 Azure agent: illegal attempt to install plugin

M

yes

 Azure "extensions" (a.k.a. "plugins") to a KeyControl VM are not allowed

187

 Azure agent: illegal attempt to disable or uninstall a plugin

M

yes

 Azure "extensions" (a.k.a. "plugins") to a KeyControl VM are not allowed

188

 %d inactive tasks found on Cloud VM Set %s. %s task for %s on %s not updated since %s, TaskId: %s.

L

yes

 List of tasks that have not been updated for a long time

189

 Updated LDAP configuration: %s

M

no

 The values for the given LDAP fields have been updated

190

 Virtual Machine %s synchronized devices. Following devices were not found - %s. Reason for sync: %s

M

no

 The Policy Agent synchronized the registered device list; some devices not found

191

 Virtual Machine %s synchronized devices. Reason for sync: %s

M

no

 The Policy Agent synchronized the registered device list

192

 Virtual Machine %s state for disk %s changed to %s. %s

L

no

 Disk state on policy agent changed

193

 HyTrust bootloader ssh key updated for %s

L

no

 Private key required for ssh login to hytrust bootloader updated on KC

194

 Two-factor authentication enabled for %s

L

no

 Two factor authentication has been enabled for the user

195

 Two-factor authentication disabled for %s

M

yes

 Two factor authentication has been disabled for the user

196

 KeyControl Cluster is in degraded mode during node-join

L

no

 The KeyControl cluster has gone into degraded mode while a new node is joining the cluster. This occurs as KeyControl restarts communication protocols after a new node has joined the cluster.

197

 KeyControl Cluster is in degraded mode during node-join

L

no

 The KeyControl cluster has gone into normal mode while a new node is joining the cluster. This occurs as KeyControl restarts communication protocols after a new node has joined the cluster.

198

 New AppLink created to %s

M

yes

 A new Application Link has been created. This link will allow secure communication between the HyTrust products.

199

 Application link removed for Product (%s) Version (%s) IP List (%s)

L

no

 Application link has been removed for the external product.

200

 Admin user logged in successfully

M

no

 htadmin account login successful in one of the KeyControl nodes

201

 %s account logged in from <IP>

M

no

 Full support account login successful in one of the KeyControl nodes

202

 htadmin account login failure

M

no

 Failed attempt to login to htadmin account

203

 %s account login failure from <IP> - <Reason>

M

no

 Failed attempt to login to full support account

204

 Full support account <user> logged in from <IP> and executed <command>

M

no

 Full support account login successful and executed a command

205

 %s account login failure from <IP> attempting <command>

M

no

 Failed attempt to login to full support account and execute command

206

 Created new log bundle - %s with options - %s

L

no

 New log bundle creation has been initiated by some user

207

 Downloaded log bundle - %s

L

no

 Latest log bundle has been downloaded by some user

208

 Exported Cloud VM Set %s

M

no

 A Cloud VM Set has been exported

209

 Imported Cloud VM Set %s

M

no

 A Cloud VM Set has been imported

210

 Following guests have unsupported policy agent installed in Cloud VM Set %s: %s(%s)

M

yes

 A Cloud VM Set has guests with unsupported agent version Upgrade policy agent on reported guests

211

 Unsupported Policy Agent (version %s ) detected on guest %s.

M

no

 A guests has unsupported agent version installed Upgrade policy agent on reported guest

212

 Download of admin key initiated

M

no

 Download of admin key initiated via admin_key GET call

213

 Reset of KMIP server initiated

M

no

 Reset of KMIP server initiated

214

 KMIP Response/Request: <op> <obj> <result>

M

yes

 Create, destroy or revoke of KMIP object initiated

215

 KMIP Response/Request: <op> <obj> <result>

M

no

 Operation on some KMIP object initiated

216

 The Certificate for Virtual Machine %s will auto-renew in %d days%s.

L

yes

217

 The Certificate for Virtual Machine %s failed to auto-renew. Certificate expire%s %d days%s. Please renew the certificate.

H

yes

218

 Set Key Encryption Key expiry to %s onexpiry to %s, for Cloud VM Set %s. %s Cloud VMs affected.

H

no

 An expiration date has been set for Key Encryption Key for the specified Cloud VM Set. The effect taken on expiration is shown. The cloud admin should determine whether the expiration date should be extended.

219

 The Key Encryption Key for Cloud VM Set %s expire%s in %d days%s.

H

yes

 The cloud admin should determine whether the expiration date should be extended.

220

 The Key Encryption Key for Cloud VM Set %s has expired. %s Cloud VMs affected.

H

yes

 The Key Encryption Key for specified Cloud VM Set has expired. The cloud admin should determine whether the expiration date should be extended.

221

 Access to Key Encryption Key of Cloud VM Set %s has been revoked. %s Cloud VMs affected.

H

yes

 Access to specified Cloud VM Set has been revoked.

222

 Access to Key Encryption Key of Cloud VM Set %s has been granted. %s Cloud VMs affected.

H

yes

 Access to specified Cloud VM Set has been granted.

223

 The Key Encryption Key for Cloud VM Set %s has expired. %s Cloud VMs deleted. Deleted CVM Set %s.

H

yes

 The Key Encryption Key for specified Cloud VM Set has expired.

224

 The Certificate for Virtual Machine %s failed to auto-renew as the Virtual Machine is unreachable.

H

yes

 The Certificate Auto Renewal of a VM fails if the VM is in auto renewal period and is unreachable.

225

 Authentication of Server %s (%s) failed due to incorrect passphrase

no

 Authentication of KeyControl node failed due to incorrect passphrase.

226

 Cloud VM Set creation failed. Error: Failed to store key in HSM. %s

H

yes

 Cloud VM Set creation failed. Failed to store key in HSM. A security admin should check whether the HSM connection is configured properly

227

 Key Encryption Key import failed. Error: Failed to store key in HSM. %s

H

yes

 Key Encryption Key import failed. Failed to store key in HSM. A security admin should check whether the HSM connection is configured properly

228

 Failed to fetch Key Encryption Key from HSM. Error: %s

H

yes

 Failed to fetch Key Encryption Key from HSM. A security admin should check whether the HSM connection is configured properly

229

 Successfully imported Key Encryption Key for Cloud VM Set %s.

no

 Successfully imported Key Encryption Key

230

 Removed Domain %s from group %s

no

 Removed Domain from group

231

 Authenticated Server %s (%s)

no

 New Key Control has been successfully authenticated and added to the cluster

232

 Added Server %s (%s) to Domain %s

no

 Server has been successfully added to a domain

233

 Invalid Key Encryption Key size specified for Cloud VM Set %s.

H

yes

 Invalid Key Encryption Key size Verify that the Key Encryption Key size is 128 bits or 256 bits

234

 Retention period has expired for Cloud VM Set %s. %s Cloud VMs deleted. Deleted Cloud VM Set %s.

L

yes

 Retention period has expired for Cloud VM Set

235

 Retention period for Cloud VM Set %s will expire in %d days.

H

yes

 Retention period expiration for Cloud VM Set The cloud admin should determine whether the retention date should be extended.

236

 Set Retention Date to %s for Cloud VM Set %s.

no

 Changed Retention period for Cloud VM Set

237

 Failed to delete Key Encryption Key from HSM for Cloud VM Set %s. Error: %s.

M

yes

 Failed to delete Key Encryption Key from HSM

238

 New CA Certificate added to Certificate Store for verifying %s

no

 New CA certficate has been added to verify some subsystem

239

 CA Certificate for %s removed from Certificate Store

no

 CA Certificate for some subsystem has been removed from Certificate Store

240

 Authentication for LDAP user %s failed. Reason :- %s

no

 Reason for LDAP login failures

241

 Cannot register Cloud VM until Key Encryption Key for Cloud VM Set %s is imported

L

yes

 Cannot register Cloud VM

242

 Virtual Machine %s HTcrypt driver update -- %s

L

no

 HTcrypt driver state on policy agent changed

243

 New self-signed certificates generated for %s

L

no

 New self-signed certificates generated for server

244

 New SSL certificate installed for %s

L

no

 New SSL certificate installed for server

245

 CSR generated with common name - %s

L

no

 New CSR generated

246

 Web server for %s restarted

L

no

 Webserver/Apache restarted for server

247

 Certificate installation task got timed out. There are VMs that did not receive the new CA certificate. Please contact Cloud Administrators to login to the VM and execute hcl heartbeat before restarting the webserver

H

yes

 One (or more) policy agents did not receive the new CA certificate uploaded. Cloud administrator has to login to the policy agent and execute hcl heartbeat

248

 Cannot update CA as part of SSL certificate installation for %s. Please login to the VM and execute hcl heartbeat

H

yes

 Domain Administrator has attempted to install a new SSL certificate for the webserver. Unfortunately one of the policy agents did not receive a copy of the new CA certificate that can verify the SSL certificate of the webserver. Cloud administrator has to login to the policy agent and execute hcl heartbeat

249

 The webserver certificate used by %s has expired. A new certificate must be installed before the associated VMs can communicate with %s. After the new certificate has been installed, the certificate information on the associated VMs must be manually updated if the new certificate is from a different Certificate Authority. For more information, search for certificates in the WebGUI online help.

H

yes

 Certificate used by the webserver of one of the nodes has expired. Domain administrator has to install a new certificate. If the newly installed certificate is generated by a new CA, cloud administrators will have to login to policy agent and update the CA certificate file. The latest CA certificate file can be found in the cloud tab in webGUI

250

 Certificate for %s will expire in %s days, %s hours and %s minutes. If another certificate is not installed before the current one expires, the VMs will not be able to communicate with %s after %s and all VMs may need to be manually updated after the new certificate is installed. For more information, search for certificates in the WebGUI online help.

H

yes

 Certificate used by the webserver of one of the nodes is about to get expired. Domain administrator has to install a new certificate before it gets expired. Otherwise policy agents will not be able to communicate with the KC after expiry

251

 CA certificate used for verifying %s:%s has already expired. Please upload a new CA certificate to verify the %s server certificate. Otherwise %s users will not be able to login to the WebGUI.

H

yes

 CA certificate used by the LDAP server has already expired. Security Administrator has to install a new certificate to verify the LDAP server certificate. Otherwise LDAP users will not be able to login to the WebGUI.

252

 CA certificate used for verifying %s:%s will expire in %s days, %s hours and %s minute. If another CA certificate is not installed before the currentone expires, %s users will not be able to login to the WebGUI after %s.

M

yes

 CA certificate used for evaluating LDAP server certificate is about to get expired. Security Administrator has to install a new certificate before the current one expires. Otherwise LDAP users will not be able to login to the WebGUI after the CA certificate expiry date.

253

 Certificate for %s:%s has already expired. Please re-configure %s after updating the certificate in %s.

H

yes

 Certificate for APPLINK has already expired. APPLINK should be reconfigured after uploading a new certificate.

254

 Certificate for %s:%s will expire in %s days, %s hours and %s minutes. Once the certificate of %s is updated, please re-configure the %s:%s

M

yes

 Certificate for APPLINK is about to get expired. Security Administrator has to install a new certificate and re-configure the APPLINK before the current one expires.

255

 KeyControl Cluster is in maintenance mode

L

no

 The KeyControl cluster is in maintenance state. This is a temporary state which occurs during upgrade process

256

 Virtual Machine with IP %s is a possible clone of %s (%s) and hardware signature verification is turned off.

H

yes

 A possible clone of a Virtual Machine that is already registered has been detected. Verify that the VM is valid and register it as a new VM using 'hcl register -c' command.

257

 KeyControl cluster has been successfully upgraded from HT-KC %s to version HT-KC %s

M

yes

 KeyControl cluster upgrade to new version has succeeded.

258

 KeyControl cluster has been successfully reverted from HT-KC %s to version HT-KC %s

M

yes

 KeyControl cluster revert to old version has succeeded

259

 Access Control Policy: %s, at version: %s applied to disk: %s on VM: %s

H

yes

 Access Controls Policy version update to disk.

260

 Access Control Policy removed from disk: %s on VM: %s

H

yes

 Access Controls Policy removed.

261

 New Access Control Policy: %s created.

L

no

 New Access Control Policy Created.

262

 Access Control Policy: %s updated. Policy now available as: %s.

H

no

 Access Control Policy Updated.

263

 Access Control Policy: %s deleted.

L

no

 Access Control Policy Deleted.

264

 Access Control Rule: %s added to Policy: %s.

H

no

 New Access Control Rule added to Policy.

265

 Access Control Rule: %s updated for Policy: %s.

H

no

 Access Control Rule updated for Policy.

266

 Access Control Rule: %s deleted from Policy: %s.

H

no

 Access Control Rule deleted from Policy.

267

 hytrust_accesscontrols rpm state changed to: %s on VM: %s

M

no

 HyTrust Access Controls rpm state changed

268

 Initiated application of Access Control Policy: %s to disk: %s on VM: %s.

H

no

 Access Control Policy application initiated by Admin.

269

 Initiated removal of Access Control Policy: %s from disk: %s on VM: %s.

H

no

 Access Control Policy removal initiated by Admin.

270

 Created Cloud VM Set %s with Single Encryption Key

L

yes

 CVMSet created with Single Encryption Key for dedup

271

 Failed to upgrade KeyControl nodes: %s. Reverting upgraded nodes: %s.

L

yes

 Failed to upgrade KeyControl nodes.

272

 Failed to revert KeyControl nodes: %s. Remove nodes from KeyControl after reboot.

L

yes

 Failed to revert KeyControl nodes.

273

 Upgrade Cancelled. Error: %s

L

yes

 Failed to finalize upgrade.

274

 %s got reverted during upgrade. Reverting other nodes in the cluster to revision %s

L

no

 Failed to upgrade KeyControl node.

275

 Successfully cancelled KeyControl Upgrade.

M

no

 Cancelled KeyControl Upgrade.

276

 IP conflict detected for %ipaddr with MAC %this_mac on %this_month %this_day %this_time

H

yes

 Another VM is/was using this KeyControl IP address.

277

 Access Controls removed successfully on VM %s

H

yes

 Successful Access Controls removal on VM

278

 Applying Policy %s, version %s failed on VM %s. %s

H

yes

 Policy application failure on VM with reason.

279

 Applying Policy %s, version %s failed on disk %s of VM %s

H

yes

 Failure in Policy application on a specific disk of a VM.

280

 Error removing Access Control Policy on disk %s of VM %s

H

yes

 Error removing Access Control Policy on a disk.

281

 %s doesn't allow local user creation. Cannot support Access Controls

H

yes

 VM doesn't support Access Controls due to inability to create local users

282

 %s doesn't allow ssh for localhost. Cannot support Access Controls

H

yes

 Cannot setup Access Controls on VM since it doesn't allow ssh for localhost

283

 %s doesn't allow password-based ssh login. Cannot support Access Controls

H

yes

 Cannot setup Access Controls on VM since it doesn't allow password-based ssh login.

284

 Access Control setup failed on VM %s. Please check /var/log/htac.log on VM for more details

H

yes

 Failure in initial Access Controls setup

285

 Insufficient free space on %s to perform upgrade. Consult product documentation for procedure to add another disk

H

yes

 Disk does not have enough space for upgrade Consult support for freeing disk space or create/join a node with more space and upgrade that

286

 Access Control tampering detected on VM %s

H

yes

 Access Control Tampering

287

 Error enforcing policy %s, version %s on VM %s. %s

H

yes

 Access Control Policy application failure due to htadmin error

288

 New AD Server: %s created.

L

no

 Create AD Server

289

 Updated AD Server config: %s.

L

no

 Updated AD Server config

290

 Deleted AD Server: %s.

L

no

 Deleted AD server

291

 User account htadmin already exists on VM %s. Please delete htadmin, before enforcing Access Control Policy

L

yes

 Local user account htadmin detected before Access Control pre-setup tests

292

 VM - %s cannot verify communications from KeyControl because the KeyControl SSL certificate has changed but the CA certificate on the VM was not updated when the new SSL certificate was installed for KeyControl. To update the CA certificate on the VM and restore connectivity, log into the webGUI, download the latest CA certificate from Cloud tab > Actions > Download CA Certificate, copy the CA certificate to the VM, and execute "hcl update_ca -f </path/to/cert>"

H

yes

 SSL certificate of KeyControl has changed and webserver has been restarted. One of the VMs did not receive the latest copy of the CA certificate to verify KeyControl. To restore communication, download the latest CA certificate from webgui cloud tab, copy it to the VM and execute hcl update_ca command

293

 KMIP user ceritificate for %s has expired. KMIP client(s) that is/are using the expired certificate will not be authenticated to perform KMIP operations. Please extend the user certificate or create new user certificate, and update the KMIP clients with the new certificate bundle

H

yes

 KMIP user certificate for one of the users has expired. KMIP client(s) using the expired certificate will not be authenticated to perform KMIP operations. Please create new KMIP certificate for the KMIP client(s) to use

294

 KMIP user ceritificate for %s will expire in %s days, %s hours and %s minutes. Upon expiry, client(s) that is/are using the expired certificate will not be authenticated to perform KMIP operations. Please extend the user certificate or create new user certificate, and update the KMIP clients with the new certificate bundle

H

yes

 KMIP user certificate for one of the users will expire soon. Upon expiry, KMIP client(s) using the expired certificate will not be authenticated to perform KMIP operations. Please create new KMIP certificate for the KMIP client(s) to use

295

 VM %s is using an older Hardware Signature format. Please run "hcl auth" cmd on the VM for a more secure signature.

H

yes

 VM is using an older Hardware Signature format. Please run "hcl auth" cmd on the VM for a more secure signature.

296

 Your HyTrust KeyControl cluster has been upgraded to 4.2.1. Automatic Vitals reporting is now available on this cluster. Automatic Vitals reporting lets you automatically share information about the health of your KeyControl cluster with HyTrust support. If you enable this service, KeyControl periodically sends an encrypted bundle containing system status and diagnostic information to a secure HyTrust server. HyTrust support may proactively contact you if the Vitals service identifies issues with the health of your cluster. KeyControl Security Admins can enable or disable this service at any time by selecting Settings -> Vitals in the KeyControl WebGUI. For details, see the HyTrust DataControl Administration Guide or search for "Vitals" in the KeyControl online help. To enable or disable Automatic Vitals Reporting now, go to %s

L

yes

 Alert email sent to Security Admins on upgrade.

297

 Abandoning %d inactive tasks on %s. Abandoning %s task %s on %s not updated since %s, TaskId: %s

L

yes

 List of tasks that have been abandoned due to inactivity

298

 Error!!! Could not enable support login. Please make sure there is enough space in the filesystem

H

yes

 Cannot enable support login. Please make sure there is enough space in the file-system Increase the size of the disk and reboot the KeyControl appliance to resize

299

 Error!!! Could not disable support login. Please make sure there is enough space in the filesystem

H

yes

 Cannot disable support login. Please make sure there is enough space in the file-system Increase the size of the disk and reboot the KeyControl appliance to resize

300

 %s attempting %s account login when object store is not readable

M

no

 Attempt to login to support login in one of the KeyControl nodes when object store is down

301

 Decryption is not allowed for device %s on VM %s. To decrypt: Access Control Policy : %s Version: %d must be removed from device. Auto Encryption Policy should be changed so as to exclude the device.

L

yes

 Device decryption refused due to applied policies. Change policies as suggested in error message.

302

 Space on HyTrust Bootloader partition %s is running low (%lld bytes free). Often times USN journal is the culprit. You can check USN journal size using the command: "fsutil usn queryjournal %s". To delete USN journal, use the command: "fsutil usn deletejournal /N %s "

H

yes

 Device decryption refused due to applied policies. Change policies as suggested in error message.

303

 Login failure for %s from %s because %s is in lock out period.

M

no

 Attempt to login to secroot in the lock out period after repeated unsuccessful login attempts

304

 Changed AD group members for group %s. %s

L

no

 List of AD Group members has been changed for a KeyControl Group

305

 The current number of KeyControl nodes (%d) exceeds the maximum number of nodes allowed by your license (%d). You cannot add any more KeyControl nodes to this cluster until you upgrade your license.

M

yes

 KeyControl nodes in use exceeds license limit of installed license

306

 The current number of VMs registered with this KeyControl cluster (%d) exceeds the maximum number of VMs allowed by your license (%d). You cannot register any additional VMs until you upgrade your license.

M

yes

 Registered VM count exceeds license limit of installed license

307

 Service %s is up

L

no

 KeyControl system service is up

308

 Service %s is down

H

yes

 KeyControl system service is down

309

 Using AD group membership for %s - %s

M

no

 ADgroup membership of the AD user that was returned by the LDAP server during first time login. The ADgroup membership will be used to determine the KeyControl Group membership of the AD user.

310

 Updating AD group membership for %s - %s

M

no

 ADgroup membership of the AD user that was returned by the LDAP server. The new ADgroup membership will be used to determine the KeyControl Group membership of the AD user who has already logged into KeyControl previously.

311

 Added KMIP client configuration. Server: %s

L

no

 Added KMIP client configuration

312

 Updated KMIP client configuration. Server: %s

L

no

 Updated KMIP client configuration

313

 Deleted KMIP client configuration. Server: %s

H

yes

 Deleted KMIP client configuration

314

 Deleted all KMIP client configurations.

H

yes

 Deleted KMIP client configuration

315

 Failed to delete key:%s on external KMIP server

M

no

 Failed to delete key on KMIP server

316

 Added AD Domain: %s

L

no

 Added a new AD Domain

317

 Updated AD Domain %s. Changed Attributes - %s

L

no

 Updated the AD Domain

318

 Remomved AD Domain %s

no

 Removed AD Domain from KeyControl L

319

 Added new Domain Controller %s for AD Domain %s

L

no

 Added a new AD Domain Controller

320

 Updated Domain Controller %s for AD Domain %s. Changed Attributes - %s

L

no

 Updated Domain Controller

321

 Removed Domain Controller %s for AD Domain %s

no

 Removed Domain Controller from KeyControl L

322

 encrypt failed for device %s on VM %s, error %d

M

yes

 Encrypt operation failed on VM

323

 decrypt failed for device %s on VM %s, error %d

M

yes

 Decrypt operation failed on VM

324

 rekey failed for device %s on VM %s, error %d

M

yes

 Rekey operation failed on VM

325

 Successfully deleted admin key on EKS: %s

M

no

 Successfully deleted admin key on KMIP server

326

 Successfully generated admin key on EKS: %s

M

no

 Successfully generated admin key on KMIP server

327

 Failed to generate admin key on EKS: %s

H

yes

 Failed to generate admin key on KMIP server

328

 Failed to store admin key on EKS: %s

H

yes

 Failed to store admin key on KMIP server

329

 Successfully stored admin key on EKS: %s

M

no

 Successfully stored admin key on KMIP server

330

 Failed to fetch admin key from EKS: %s

M

yes

 Failed to fetch admin key from KMIP server

331

 KeyControl Upgrade failed. Please contact HyTrust Support

H

yes

 Post upgrade failed

332

 Domain Controllers re-ordered for %s

L

no

 Order of Domain Controllers has been changed for an AD domain configured

333

 Failed to set backup hosts to %s on %s

H

yes

 Failed to update backup hosts

334

 Virtual Machine %s is in BoundaryControl grace period

M

yes

 VM in Boundary Control grace period

335

 Virtual Machine %s, BoundaryControl grace period expired

M

yes

 VM Boundary Control grace period expired

336

 Application Link created from Product (%s) Version (%s) IP List (%s)

L

no

 A new Application Link has been created from an external product. This link will allow the external product to make API calls to KeyControl.

337

 Application Link renewed for Product (%s) Version (%s) IP List (%s)

L

no

 An Application Link has been renewed for the external product.

338

 Failed to upgrade LDAP Settings. Please reconfigure LDAP settings manually

H

yes

 Failed to upgrade LDAP Settings.

339

 Failed to store adminkey on HSM

H

yes

 Failed to store adminkey on HSM

340

 Removed Server(s) %s from Domain %s

L

yes

341

 Grace period will expire on %s for Virtual Machine %s, please check connectivity

H

yes

342

 Grace period expired for Virtual Machine %s, please authenticate again

H

yes

343

 Virtual Machine %s, failed to update following attributes: %s

H

no

 Failed to update Virtual Machine settings

344

 Finished propagating changed attributes: %s to all Virtual Machines in Cloud VMSet: %s

H

no

 Propagation of changed attributes completed for CVMSet

345

 Invalid software was discovered on KeyControl system %s. This is a possible trojan horse attack. Contact HyTrust Support for assistance

H

yes

 Whitelisting violation detected on production build

346

 HyTrust Whitelist validation on KeyControl system %s has discovered modified files. These changes are allowed for development systems, but please review Whitelist logs for correctness.

L

yes

 Whitelisting violation detected on development build

347

 Could not set password for %s: %s

H

yes

 Failed to set password

348

 Password changed for %s

H

yes

 Password changed

349

 Enabled %s user

H

yes

 Enabled user

350

 Failed to enable %s user

H

yes

 Failure in enabling user

351

 Disabled %s account

H

yes

 Disable account

352

 %s user logged out successfully

L

no

 User logout

353

 Could not download the certificate: %s

M

yes

 Download certificate failure

354

 Downloaded a new CA certificate

M

yes

 Downloaded CA certificate

355

 ssh %sd for %s

M

no

 SSH enabled/disabled for user

356

 Failed to %s ssh for %s

M

no

 Failure in enabling/disabling SSH for user

357

 KeyControl restored from version %s backup file

M

no

 KeyControl restored from backup successfully

358

 License auto-update: %s

M

yes

 License change during auto-update