000029285 - RSA Data Protection Manager (DPM) - Node ID replication collision avoidance uses a value for node 1 after an upgrade

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029285
Applies ToRSA Product Set: RSA Data Protection Manager
RSA Product/Service Type: DPM Appliance / DPM Appliance (Virtual)
RSA Version/Condition: / / /
IssueAfter upgrading a cluster using tokenization and a setting of Node ID for replication collision avoidance to any version from through, the node ID value in new tokens will always be 1 instead of the node ID of each individual cluster member. This value is appended to the end of all token values on each node. This will give the appearance of all tokens being generated from the same node and can make it difficult to track down which node is generating a given token.
Sample token from node 2 before this issue:

Sample token from node 2 after this issue:

Note that the node ID value appended to the end of the token value no longer reflects the accurate node ID.
CauseWhen performing an upgrade, the cluster.order.number value in keyManagerServer.properties is reset to a value of 1. This is what drives the node ID setting for replication collision avoidance.
ResolutionThis issue is resolved for appliances in the hotfix.
To resolve this issue on DPM Server, you need to manually set the cluster.order.number value to equal the node ID value after the upgrade is complete.
  1. Edit keyManagerServer.properties to change the cluster.order.number setting to match the node ID. Here's a sample configuration file for node ID 2:
    provider.profile = level0
    use.container.credentials = false
    evaluation.mode = false
    securerandom.algorithm = HMACDRBG256
    #provider.slot = 1
    lockbox.ssvthreshold = 5
    cluster.order.number = 2
    applianceSetup = true

  2. Restart the application server for the change to take effect:
    service tomcat restart

NotesWe do not support or recommend changing cluster.order.number to any value other than the nodeID. For more information, see "RSA Data Protection Manager Appliance Administrators Guide" and refer to Chapter 2 "Deployment Types", Section "Cluster Deployment", subsection "Avoid Token Collision in a Cluster".