HP Command View for Tape Libraries Software User Manual
Page 257
Solution
Issue/Symptom
should be as close as possible, but variations of up to 5
minutes are acceptable.
The SKM or ESKM key generation policy, or policies, for
this library have an error or are not complete.
•
Each library partition must have a separate policy, even
if the policy is No Encryption. See
partitions after initial SKM or ESKM setup” (page 169)
.
•
The policy contains the serial number of the library or
partition. That serial number must match exactly. Review
the section of the SKM or ESKM User Guide containing
library steps for SKM or ESKM installation, in which key
generation policies are entered.
The main rules for certificates are:
A certificate issue exists.
•
There is 1 and only 1 Certificate Authority (CA) for the
entire system.
•
Ensure there is only 1 Local CA, and it is the same CA
on each ESKM node.
•
The CA must sign all client (library) certificates, and all
server (ESKM) certificates.
•
All server certificates must have the same name. Each
ESKM node has a unique certificate, but they all must
have the same name.
•
The server certificate name must be selected in the KMS
server for each ESKM.
For detailed information, review the section of the ESKM
User Guide that presents CA creation and server certificate
creation and installation.
It is important to follow the installation processes
step-by-step, exactly, and make only those changes that
An ESKM configuration is wrong. This can occur if
un-intended changes were made to the ESKM configuration,
usually during initial installation.
are specified. Most un-intended configurations prevent
correct operation of the system. If re-tracing the installation
steps does not identify the issue, restore default
configurations on the ESKM and start again.
This can occur when libraries and/or ESKMs are distributed
across multiple sites. The devices all communicate over a
Firewall issues exist.
set of TCP ports, which must be opened between the sites
for correct operation. A complete list of the ports that must
be opened is provided at
All passwords must be 8 or more characters, and some
mix of letters and numbers. If you have configured the SKM
Password and username issues exists.
or ESKM for increased password security, then the rules
are even stricter. Each tape library must have a unique
username. Passwords may be unique, but that is not
enforced. See the SKM or ESKM Installation and
Configuration Guide for detailed information about creating
usernames and passwords, and change the usernames
and passwords to meet the SKM or ESKM requirements.
Common issues 257