Appendix
Troubleshooting
| Issue | Error Message | Remediation |
|---|---|---|
| KMIP auto-registration is not enabled | The following error message is displayed in the CipherTrust Manager Records:"errorMessage": "Unregistered client, please register a new client from CLI or API or UI." | Check whether the auto registration option is selected in Admin Settings > System Interfaces > kmip. If it is not selected, turn on the auto registration option. Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl. |
| Incorrect KMIP interface mode has been selected | The following error message is displayed in the mongod logs:"initandlisten Unable to retrieve key .system, error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name." | Check whether the mode selected in Admin Settings > System Interfaces > kmip is "TLS, verify client cert, allow anonymous logins". If not, make appropriate changes. |
| Unable to view load the keyring_okv plugin after configuration | 2021-05-24T16:44:45.524984Z 0 [System] [MY-010116] [Server] /usr/sbin/mysqld (mysqld 8.0.25-commercial) starting as process 23992021-05-24T16:44:45.544113Z 0 [ERROR] [MY-011400] [Server] Plugin keyring_okv reported: 'Error setting the key file.'2021-05-24T16:44:45.544307Z 0 [ERROR] [MY-011386] [Server] Plugin keyring_okv reported: 'Could not initialize ssl layer'2021-05-24T16:44:45.544351Z 0 [ERROR] [MY-011377] [Server] Plugin keyring_okv reported: 'keyring_okv initialization failure. Please check that the keyring_okv_conf_dir points to a readable directory and that the directory contains Oracle Key Vault configuration file and ssl materials. Also, please check that Oracle Key Vault is up and running.' | Restrict permission on the complete set of directories as mentioned in the integration steps. Investigate the logs in /varlog/mysqld.log to make sure there are no errors when connecting to CipherTrust Manager. |
