Appendix
Troubleshooting
| Issue | Error Message | Remediation |
|---|---|---|
| KMIP auto-registration is not enabled | The following error message is displayed in the CipherTrust Manager Records:"errorMessage": "Unregistered client, please register a new client from CLI or API or UI." | Check whether the auto registration option is selected in Admin Settings > System Interfaces > kmip. If it is not selected, turn on the auto registration option. Refer to Configuration steps for CipherTrust Manager using the GUI or ksctl. |
| Incorrect KMIP interface mode has been selected | The following error message is displayed in the mongod logs:"initandlisten Unable to retrieve key .system, error: socket exception [CONNECT_ERROR] for The server certificate does not match the host name." | Check whether the mode selected in Admin Settings > System Interfaces > kmip is "TLS, verify client cert, allow anonymous logins". If not, make appropriate changes. |
| Error when enabling data encryption | The following error message is displayed in the mongod logs:"Unable to retrieve key .system, error: there are existing data files, but no valid keystore could be located." | Check whether the directory "C:\data\db" is empty. If not, clear the content of this directory and try enabling encryption again. |
