Troubleshooting
This section offers you solutions, workarounds, and explanations for issues related to CCC.
I cannot access CCC on Mozilla Firefox even after clicking the Accept the risk and continue button.
This issue is specific to Mozilla Firefox. You can either access CCC on Google Chrome or Microsoft Edge, or follow these steps to access CCC on Mozilla Firefox:
-
Click the Options tab from the menu on the right.
-
Click the Privacy and Security option from the navigation pane on left and then scroll down to the Certificates section.
-
Click the View Certificates button and then click the Servers tab from the Security Manager window that appears on the screen.
-
Click the Add Exception button at the bottom.
-
Enter the CCC path in the Add Security Exception window that appears on the screen.
-
Click the Get Certificate button and then click the Confirm Security Exception button after the certificate gets generated.
You should now be able to access CCC on Mozilla Firefox.
I’m encountering the following error message while running the sh install.sh –check command: "This script must be executed by root privilege".
To overcome this issue, you need to log in as the root user.
I’m encountering the following error during CCC installation: "Perl command not installed".
To resolve this issue, you need to install Perl using the following command: Yum install perl
.
I’m encountering the following error during CCC installation: "[Error] openssl command not installed".
To resolve this issue, you need to install OpenSSL using the following command: Yum install openssl
.
I’m encountering an error while configuring CCC.
Run the sh config.sh –debug
command to see a detailed error log on your screen. Based on the error that is displayed in the error log, you can make the necessary changes and then run the sh config.sh
command again. In case you are not able to resolve the issue using the error log, take a screenshot of the error log and contact Thales Customer Support.
I’m encountering the following error when I run the sh config.sh –check command: "This script must be executed by root privilege".
To resolve this issue, you need to log in as the root user.
I’m encountering the following error during the CCC configuration: "[Error] User lunadirector does not exist".
To resolve this error, you need to re-install CCC.
I’m encountering the following error during CCC configuration: "[Error] ipcalc command not installed".
To resolve this error, you need to install ipcalc using the following command: Yum install initscripts
.
I’m encountering the following error during CCC configuration: "[Error] JCPROV_HOME is not defined".
To resolve this error, you need to check whether lunaclient has been installed properly.
I’m encountering the following error during CCC configuration: "[Error] JCPROV libraries not found. Please make sure you have LunaClient with JCProv installed on this machine".
To resolve this error, you need to check whether lunaclient has been installed properly.
I’m encountering the following database connection error at the time of configuration: “Server chose TLSv1, but that protocol version is not enabled or supported by the client” or “Server chose TLSv1.1, but that protocol version is not enabled or supported by the client”.
If you are using a CentOS 8 or RHEL 8 operating system, you may get this error at the time of CCC configuration. This is because CentOS 8 and RHEL 8 have deprecated TLSv1.0 and TLSv1.1. To overcome this issue, either upgrade database TLS version to TLSv1.2 or above, or change policy on CCC server by running the update-crypto-policies --set LEGACY
command.
After re-configuring CCC, the server starts successfully but the CCC URL lands on a blank page.
This can be a result of configuration mismatch between the CCC and database. During CCC configuration, if you enter “no” in response to the message “The CCC database is already configured. Do you want to change the database configuration?”, ensure that the current configuration properties of the database are aligned with the previous settings. If there is any change in database configuration, enter “yes” in response to the above-stated message and then re-configure CCC with new database settings.
I’m encountering an error while uninstalling CCC.
Run the sh uninstall.sh -debug
command to see a detailed error log on your screen. Based on the error that is displayed in the error log, you can make the necessary changes and then run the sh uninstall.sh
command again. In case you are not able to resolve the issue using the error log, take a screenshot of the error log and contact Thales Customer Support.
I'm encountering the following message while activating CCC root of trust: "System already activated".
To resolve this issue, you need to:
-
Activate the ROT again by entering the partition label and password.
-
Select the checkbox mentioning that This device is running firmware 7.7 and above if you are using Luna HSM 7.7.0 or Luna HSM 7.7.1 having firmware 7.7.0 or 7.7.1.
-
Check the Remember credentials checkbox if you want CCC to cache your root of trust credentials.
-
Click the Activate button.
I'm encountering the following error in the Keys section when I type in the Crypto Officer password and press Enter: "An error has occurred in creating NTLS connection”.
You may be encountering this issue because the Luna Client installed on your system is old. To overcome this issue, you can try using Luna Client 7.1 and above. To obtain the latest version of Luna Client, contact Thales Customer Support.
I'm encountering a yellow icon during the LDAP/LDAPs authentication process. Additionally, in the console.log file, I found the following error details:
Exception: KC-SERVICES0055: Error when authenticating to LDAP: LDAP response read timed out, timeout used: 60 ms.: javax.naming.NamingException: LDAP response read timed out, timeout used: 60 ms.
You are experiencing this issue due to a problem with the LDAP authentication process. To resolve the problem and prevent further LDAP authentication errors, please follow these steps:
Go to the machine where the CCC application is hosted.
Navigate to the directory /usr/safenet/ccc/server/bin.
Edit the standalone.conf file using the command vi standalone.conf
.
Append the following line and save the file: JAVA_OPTS="$JAVA_OPTS -Dcom.safenetinc.lunadirector.auth.ldapconnection.timeout=30000".
Restart the CCC service by executing service ccc restart
.
Access the GUI of CCC and log in.
Activate the ROT (if required).
Add the directory again.