Skipped Key Rotation
The following alerts trigger when CTE-LDT skips key rotation.
-
LDT-ALERT: Skipped key rotation on GuardPoint [GuardPoint]. It is on a read-only file system
Key rotation is skipped on a specified GuardPoint because the mount point where the GuardPoint resides does not permit write operations.
Solution:
-
Remount the file system where the GuardPoint resides, and change the mount option to read/write.
-
On the GuardPoint page on the CipherTrust Manager, press Re-push Policies to manually re-push the policies to the host to initiate key rotation on GuardPoints ready for key rotation.
-
-
LDT-ALERT: Failed to rotate key on GuardPoint [GuardPoint] during pre-commit
-
LDT-ALERT: Failed to rotate key on GuardPoint [GuardPoint] during commit
-
LDT-ALERT: Skipped key rotation on GuardPoint [GuardPoint]. Error: [ErrorNumber]
-
LDT-ALERT: Failed to update LDT attribute on GuardPoint [GuardPoint]. Error: [ErrorNumber]
CTE-LDT failed to start a key rotation process on a GuardPoint during a guard operation or when processing a key rotation notification from the CipherTrust Manager. For [ErrorNumber], a Linux error number is substituted, such as
errorcode 17.Solution: The host returns error code 17 during CTE-LDT key rotation if it cannot perform the key rotation because there is already a rekey in progress. This pre-existing rekey operation could be active, or it could be in a suspended state, either because of the QoS schedule or a manual pause initiated by the administrator. See Suspending and Resuming Rekey and/or Scan Phase.
An I/O error is the most common cause of failure when updating the persistent state of a GuardPoint. For I/O errors, fix the problem at the host OS or storage level.
If you cannot find and fix the host OS or storage issue, contact Customer Support for troubleshooting and recovery.
