Troubleshooting
This section describes the issues you may run into and how to resolve them. If you face an issue that is not listed here, contact Thales Customer Support.
Errors in DPG Logs
| Error/Issue | Possible Cause | Resolution |
|---|---|---|
Registration failed with error: provided registration token is not associated with any client profile | Registration token is incorrect. | Check registration token on the CipherTrust Manager. |
Registration failed with error: License not installed yet for feature DataProtectionGateway | Licenses have expired in the trial mode. | Contact the Sales Team for license. |
Cryptographic operation not supported | Key might not be exportable. | Ensure that key is exportable. |
Generic local cryptography error | For FPE, at least 2 characters from charset should be part of the plain text. | Ensure at least 2 characters from charset should be part of plain text in case of FPE. |
Error in Initializing ICAPI: Server unavailable | Client cannot reach the CipherTrust Manager. | Check for the connectivity between the CipherTrust Manager and client. Also, verify if the NAE port is open. |
jwt not obtained from the CipherTrust Manager | Client can't connect to the CipherTrust Manager. | Check the connectivity between the client and CipherTrust Manager. |
Unknown key name or insufficient permissions/Unable to fetch key for crypto operations | Either the key is not exportable or the user doesn't have permissions on the key. | The user passed in CN of the CSR should be the owner of the key and the key should be exportable. |
invalid authorization scheme | — Occurs when there is a mismatch in the authentication scheme in Request Header and Application Configuration on the CipherTrust Manager. — The CipherTrust Manager version is lower than 2.9. | Ensure to use the same authentication scheme in the Request Header and Application. |
Error in configuration | Occurs when there is an error in configuration. | The policies and configurations on the CipherTrust Manager should be configured properly. For details, refer to Managing Applications. |
Registration failed,exiting the container | Occurs when supplied registration token is invalid or IP address of the CipherTrust Manager is invalid. | Provide the correct registration token and CipherTrust Manager's IP address in your deployment. |
Cannot initialize crypto library | Crypto libraries can't be initialized. | Check the Network and SSL configuration settings of your application on the CipherTrust Manager. For details, refer to Managing Applications. |
Could not authorize to Key Manager | Could not authorize to the Key Manager. | Check the SSL settings of your application on the CipherTrust Manager. For details, refer to Managing Applications. |
Internal Server Error received from key Manager | Internal Server Error received from key Manager. | Check whether the services on the CipherTrust Manager are up and running. |
Unsupported/Invalid token format defined in Dpg Policy | Occurs when the token to be protected/revealed is not specified in correct format. | For a token in array, use the following format: TokenName[*].TokenNumber For example, CreditCard.[*].CCNumber |
Errors in API Response
| Error/Issue | Possible Cause | Resolution |
|---|---|---|
Error: Status 404 | Occurs when tls_enabled=true, and skip_verify=true. | Make sure SSL certificates are valid and accessible by the client. |
Error: 502 bad gateway | — URL of the application server is incorrect. — The application server is down. | Make sure the destination URL is correct and the application server is up and running. |
Error: validation: chart.metadata is required | chart.metadata is missing. | Make sure chart.yaml exists at the path where the helm install command is run. |
Response code:400error message:Client sent an HTTP request to an HTTPS server | Request is made over HTTP. | Make sure "client to DPG" (through browser/tool) and "DPG to server" requests are over https. |
Error: Status 401: invalid authorization scheme | Occurs when there is a mismatch in the authentication scheme in Request Header and Application Configuration on the CipherTrust Manager. | Ensure to use the same authentication scheme in the Request Header and Application. |