|Applies To||RSA Key Manager Appliance 2.7 SP1|
SafeNet Luna SA HSM
M-of-N is configured on SafeNet Luna partition
Activation and AutoActivation policies were enabled when SafeNet HSM partition was created
|Issue||Sick error after successful login on /KMS, key-manager.log shows "com.chrysalisits.crypto.LunaException: LunaSession: slot uninitialized"|
SafeNet command './vtl verify' works fine and shows list of slot(s) and partition(s)
"partition -show" command run on lunash:> prompt on Luna HSM shows Activation status as "no"
UNCONFIRMED: SafeNet command "hsm show" run on Lunash prompt on Luna SA shows "MofN activation status" as "Deactivated"
|Cause||Although Activation and AutoActivation were enabled when partition was created, note that enabling "Activation" policy allows Luna SA to cache partition login data (a login requires black PED key, PED PIN, and/or MofN green PED keys) so that clients can connect and re-connect without a need to re-insert PED keys (for login), and enabling "AutoActivation" policy allows Luna SA to automatically re-activate the partition after a short power outage (not to exceed a few minutes).|
|Resolution||Run the command "partition activate -partition <partitionname>" on lunash:> prompt on Luna SA to activate the partition after an extended power shutdown of the HSM. Activating partition will prompt on PED to insert black PED key, PED PIN, and/or M-of-N green PED keys. After completing activation process on the partition used by RKM, restart Tomcat on (all) RKM Appliance(s):|
service tomcat restart
Access to /KMS should now be successful.
In keyManagerServer.properties, make sure that provider.slot is set to the correct slot for your environment. This is located in /opt/KMS/conf/properties. If you need to change it, restart Tomcat for the change to take effect.
|Workaround||RKM Appliance and Luna HSM were powered up after a prescheduled maintenance where power was shutdown for some time (more than a few minutes)|
|Legacy Article ID||a56130|