ProtectToolkit-M Troubleshooting
This section describes solutions to issues you might encounter due to incorrect configuration or usage of the ProtectToolkit-M product. It contains the following subsections:
>Duplicate Container or Key Instances
Session Exists Error
This error may occur during an attempt to allocate additional keyset space or during a delete keyset operation.
Problem: Error message during keyset delete or during space allocation / de-allocation.
Cause: There are applications that have open sessions to ProtectToolkit-M. Certain administrative operations require exclusive use of the system as a security measure; these include keyset sensitive tasks such as space allocation and keyset deletion.
Solution: Close or temporarily stop any applications or services that may be using ProtectToolkit-M such as Certificate Services, IIS etc.
To check if an application has any open sessions to ProtectToolkit-M, check the value shown next to Application Count in the System section of the administration utility. This will need to be “1”, and the Total Session Count must be “0” in order for the chosen action to succeed.
If this error persists, try re-booting your machine and check for any self- or auto-starting applications which may open sessions to ProtectToolkit-M.
The Certification Authority service: CertSvc is one application that may be using ProtectToolkit-M. If after reboot, the application count is still > 1, try disabling the service, performing the Admin operation and then re-enabling the service.
Also try the following if applicable:
>Stop the CA
>Deactivate Directory Security (IIS)
>Reboot machine
>Run the E8KRESET utility (PCIe HSM only).
NOTE If the value of Application Count is shown as “UNAVAILABLE”, your HSM firmware doesn’t support live application counting. In such a case, it is advisable to upgrade the HSM firmware to the latest version. Please refer to Checking and Upgrading HSM Firmware.
Duplicate Container or Key Instances
It is possible that following a key restore operation, there may be more than one instance of the same container or key within a particular keyset.
Problem: Duplicate key or container instance showing in keyset management utility (see Duplicate Container Error).
Figure 1: Duplicate Container Error
Cause: This is caused by performing a key restore whilst the same keys are already in existence on the selected keyset. ProtectToolkit-M does not replace existing keys during a key restore. Multiple instances of the same key will cause the keyset management utility to show the keyset as being invalid.
Solution: Close any applications that are using ProtectToolkit-M.
The user must delete the duplicate object using the Keyset Management Utility.
To delete a duplicate key object
1.Launch the Keyset Management Utility from the Start menu by selecting Start > Programs > SafeNet > ProtectToolkit M > gmksm.
2.From the displayed list select the Keyset which contains the duplicate object.
3.Right-click the object to open the object menu and select Remove Container or Delete KeyPair.
Application Error
Problem: An application which was functioning correctly prior to ProtectToolkit-M installation is now not working.
Cause: This may be caused by the replacement of the default “RSA SChannel” provider. During installation, ProtectToolkit-M changes the default provider to be the “Safenet RSA SChannel” provider. In some cases this provider is incompatible with certain applications.
Solution: Restore the default previous provider. To ascertain which provider was used prior to ProtectToolkit-M installation, open the file “uninst.ini”, found in your ProtectToolkit-M installation directory. The last line of the file will detail the name of the provider prior to the installation.
You must edit your registry and change the required value. Do not perform this if you are uncertain on how to alter the Windows registry. Obtain advice from your system administrator, or alternatively uninstall the ProtectToolkit-M product to see if this fixes the problem.