000024142 - Being prompted to enter PIN when issuing certificate off of an nCipher based CA

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024142
Applies ToRSA Certificate Manager 6.6
Sun Solaris 2.8
nCipher nForce 150SCSI
IssueBeing prompted to enter PIN when issuing certificate off of an nCipher based CA
Provided nCipher OCS PIN when starting RSA Certificate Manager (RCM), and able to issue certificates without the need to enter nCipher OCS PIN again.  However, after some period of time (varies from a few minutes to a couple of days) after RCM startup, the RCM administrator is prompted to enter nCipher OCS PIN again when issuing a certificate.
The system logs show the following SCSI errors:

Oct 5 12:17:51 <hostname> SCSI transport failed: reason 'incomplete': retrying command
  ....
Oct 5 12:19:59 <hostname> got SCSI bus reset
  ....
Oct 5 12:19:59 <hostname> SCSI transport failed: reason 'timeout': giving up
  ....
Oct 5 13:22:09 <hostname> got SCSI bus reset
Oct 5 13:22:09 <hostname> genunix: [ID 222333 kern.info] NOTICE: glm1: fault detected in device; service still available
Oct 5 13:22:09 <hostname> genunix: [ID 111222 kern.info] NOTICE: glm1: got SCSI bus reset
Oct 5 13:22:09 <hostname> scsi: [ID 111333 kern.warning] WARNING: /pci@1f,4000/scsi@3,1/st@5,1 (st26):
Oct 5 13:22:09 <hostname> SCSI transport failed: reason 'timeout': giving up
The nCipher logs show the following errors:

2007-10-05 12:17:59 nFast server: Serious error, trying to continue: Command (PauseForNotifications code s2210) did not complete in reasonable time on device #1 /dev/nfast05., tag 6D4EF9E0h
2007-10-05 12:18:01 nFast server: Serious error, trying to continue: Command (NoOp code s42210) did not complete in reasonable time on device #1 /dev/nfast05., tag 6D4EF9E1h
2007-10-05 12:18:01 nFast server: Notice: Device #1 /dev/nfast05. failed internal checking NoOp (HardwareFailed)
  ....
2007-10-05 12:19:12 nFast server: Serious error, trying to continue: Command (NoOp code s42210) did not complete in reasonable time on device #1 /dev/nfast05., tag 6D4EF9F8h
2007-10-05 12:19:12 nFast server: Notice: Device #1 /dev/nfast05. failed internal checking NoOp (HardwareFailed)
2007-10-05 12:19:18 nFast server: Serious error, trying to continue: Device #1 /dev/nfast05. no longer responding to commands
2007-10-05 12:19:18 nFast server: Serious error, trying to continue: Device #1 /dev/nfast05. appears to be broken - disabling
2007-10-05 12:19:18 nFast server: Notice: Device #1 /dev/nfast05. failed internal checking NoOp (HardwareFailed)
  ....
2007-10-05 12:19:18 nFast server: Notice: Device #1 /dev/nfast05. failed internal checking NoOp (HardwareFailed)
2007-10-05 12:19:18 nFast server: Notice: Device #1 /dev/nfast05. failed PauseForNotifications (CrossModule,#1-HardwareFailed)
2007-10-05 12:19:59 nFast server: Serious error, trying to continue: Operating system call failed: SCSI read command to device /dev/nfast05. failed, I/O error
Replacing the Sun Solaris motherboard, that hosted the SCSI Interface, did not resolve the issue
CauseThe nCipher nForce Hardware Security Module (HSM) has become faulty
ResolutionReplace the faulty nCipher nForce HSM with a new unit.  Contact nCipher Support (http://www.ncipher.com/support/tech/) to ensure that the new HSM being installed has an appropriate level of firmware compatible with the version of nCipher support software installed on the system.
Legacy Article IDa37488

Attachments

    Outcomes