Troubleshooting

This section describes how to handle the issues that you might face when using CTE with the CipherTrust Data Security Platform Service.

Connection Issues

Symptoms Possible Cause and Remediation

• Client status is Error
• Configuration changes are not pushed to the client
• Requests like Browse file system are failing Analyze the CTE logs, identify connection failure reasons, and rectify them:
1. Look for the issues in the /var/log/vormetric/server_comms.log file on the CTE agent. This file contains information about the CipherTrust Data Security Platform Service's communication with the client.
2. Identify the cause of the issue.
3. Restart vmd to get the latest init.

Client status is Error

This can occur for CTE clients running version 7.4.0 or lower when a CipherTrust Data Security Platform Service node in a cluster goes down. With CTE Agent versions 7.4.0 and lower, this issue occurs because they lack the functionality for the default server health check setting (server_response_rate set to 0). This capability was introduced in a later version.
Workaround: In the client's profile, change server_response_rate from the default of 0 to a value between 1 and 100 using the /v1/transparent-encryption/profiles/ API.
This parameter sets a health threshold. For example, a value of 75 means the server is considered healthy if 75% or more of its API calls succeed. If the success rate drops below this threshold, the agent marks the server as unhealthy.

Symptoms	Possible Cause and Remediation
• Client status is Error • Configuration changes are not pushed to the client • Requests like Browse file system are failing	Analyze the CTE logs, identify connection failure reasons, and rectify them: 1. Look for the issues in the `/var/log/vormetric/server_comms.log` file on the CTE agent. This file contains information about the CipherTrust Data Security Platform Service's communication with the client. 2. Identify the cause of the issue. 3. Restart `vmd` to get the latest `init`.
Client status is Error This can occur for CTE clients running version 7.4.0 or lower when a CipherTrust Data Security Platform Service node in a cluster goes down.	With CTE Agent versions 7.4.0 and lower, this issue occurs because they lack the functionality for the default server health check setting (`server_response_rate` set to `0`). This capability was introduced in a later version. Workaround: In the client's profile, change `server_response_rate` from the default of `0` to a value between `1` and `100` using the `/v1/transparent-encryption/profiles/` API. This parameter sets a health threshold. For example, a value of `75` means the server is considered healthy if `75%` or more of its API calls succeed. If the success rate drops below this threshold, the agent marks the server as unhealthy.

Registration Issues

Symptoms Possible Cause and Remediation

Registration fails with conflict errors Conflict errors occur when a client with the given name already exists on the CipherTrust Data Security Platform Service. To fix these issues:
• Delete the existing client entry from the CipherTrust Data Security Platform Service.
• Unenroll the existing client if you want to register it with another CipherTrust Data Security Platform Service.
NOTE: A conflict error might occur even if no CTE client with the given name exists on the CipherTrust Data Security Platform Service. This happens because the client's entry, which was added during registration, is no longer associated with the CTE client due to any failure in enrollment. To resolve this issue:
1. Run the API /v1/transparent-encryption/clients/delete with the flag delete_stale_clients set to true. DON'T specify any other parameters when running the API. Alternatively, run the command ksctl cte clients bulk-delete --delete-stale-clients true on the CLI. This cleans up the stale client entries.
2. Retry registration with the same name.

Reregistration fails with capabilities related errors Capabilities cannot be disabled during reregistration with the CipherTrust Data Security Platform Service. To disable the CTE Agent capabilities, delete the client from the CipherTrust Data Security Platform Service and register again with these capabilities disabled.

Symptoms	Possible Cause and Remediation
Registration fails with conflict errors	Conflict errors occur when a client with the given name already exists on the CipherTrust Data Security Platform Service. To fix these issues: • Delete the existing client entry from the CipherTrust Data Security Platform Service. • Unenroll the existing client if you want to register it with another CipherTrust Data Security Platform Service. NOTE: A conflict error might occur even if no CTE client with the given name exists on the CipherTrust Data Security Platform Service. This happens because the client's entry, which was added during registration, is no longer associated with the CTE client due to any failure in enrollment. To resolve this issue: 1. Run the API `/v1/transparent-encryption/clients/delete` with the flag `delete_stale_clients` set to `true`. DON'T specify any other parameters when running the API. Alternatively, run the command `ksctl cte clients bulk-delete --delete-stale-clients true` on the CLI. This cleans up the stale client entries. 2. Retry registration with the same name.
Reregistration fails with capabilities related errors	Capabilities cannot be disabled during reregistration with the CipherTrust Data Security Platform Service. To disable the CTE Agent capabilities, delete the client from the CipherTrust Data Security Platform Service and register again with these capabilities disabled.

Configuration Issues

Symptoms	Possible Cause and Remediation
Mismatched log levels between the CipherTrust Data Security Platform Service configuration and client logs	Try these: • Check the configuration in the linked profile on the CipherTrust Data Security Platform Service. • Validate the vmd configuration on the CTE client by running: `vmsec vmdconfig`

Suggest A Change

Troubleshooting

Connection Issues

Registration Issues

Configuration Issues

On this page