Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

Administration

Troubleshooting

search

Please Note:

Troubleshooting

This section describes the issues you may run into and how to resolve them. If you face an issue that is not listed here, contact Thales Customer Support.

Errors in DPG Logs

Error/IssuePossible CauseResolution
Registration failed with error: provided registration token is not associated with any client profileRegistration token is incorrect.Check registration token on the CipherTrust Manager.
Registration failed with error: License not installed yet for feature DataProtectionGatewayLicenses have expired in the trial mode.Contact the Sales Team for license.
Cryptographic operation not supportedKey might not be exportable.Ensure that key is exportable.
Generic local cryptography errorFor FPE, at least 2 characters from charset should be part of the plain text.Ensure at least 2 characters from charset should be part of plain text in case of FPE.
Error in Initializing ICAPI: Server unavailableClient cannot reach the CipherTrust Manager.Check for the connectivity between the CipherTrust Manager and client. Also, verify if the NAE port is open.
jwt not obtained from the CipherTrust ManagerClient can't connect to the CipherTrust Manager.Check the connectivity between the client and CipherTrust Manager.
Unknown key name or insufficient permissions/Unable to fetch key for crypto operationsEither the key is not exportable or the user doesn't have permissions on the key.The user passed in CN of the CSR should be the owner of the key and the key should be exportable.
invalid authorization scheme— Occurs when there is a mismatch in the authentication scheme in Request Header and Application Configuration on the CipherTrust Manager.
— The CipherTrust Manager version is lower than 2.9.
Ensure to use the same authentication scheme in the Request Header and Application.
Error in configurationOccurs when there is an error in configuration.The policies and configurations on the CipherTrust Manager should be configured properly. For details, refer to Managing Applications.
Registration failed,exiting the containerOccurs when supplied registration token is invalid or IP address of the CipherTrust Manager is invalid.Provide the correct registration token and CipherTrust Manager's IP address in your deployment.
Cannot initialize crypto libraryCrypto libraries can't be initialized.Check the Network and SSL configuration settings of your application on the CipherTrust Manager. For details, refer to Managing Applications.
Could not authorize to Key ManagerCould not authorize to the Key Manager.Check the SSL settings of your application on the CipherTrust Manager. For details, refer to Managing Applications.
Internal Server Error received from key ManagerInternal Server Error received from key Manager.Check whether the services on the CipherTrust Manager are up and running.
Unsupported/Invalid token format defined in Dpg PolicyOccurs when the token to be protected/revealed is not specified in correct format.For a token in array, use the following format:
TokenName[*].TokenNumber
For example, CreditCard.[*].CCNumber

Errors in API Response

Error/IssuePossible CauseResolution
Error: Status 404Occurs when tls_enabled=true, and skip_verify=true.Make sure SSL certificates are valid and accessible by the client.
Error: 502 bad gateway— URL of the application server is incorrect.
— The application server is down.
Make sure the destination URL is correct and the application server is up and running.
Error: validation: chart.metadata is requiredchart.metadata is missing.Make sure chart.yaml exists at the path where the helm install command is run.
Response code:400
error message:Client sent an HTTP request to an HTTPS server
Request is made over HTTP.Make sure "client to DPG" (through browser/tool) and "DPG to server" requests are over https.
Error: Status 401: invalid authorization schemeOccurs when there is a mismatch in the authentication scheme in Request Header and Application Configuration on the CipherTrust Manager.Ensure to use the same authentication scheme in the Request Header and Application.