000012516 - After a fresh RKM Appliance dual-node cluster installation  /KMS on secondary appliance goes to initialization page

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012516
Applies ToRSA Key Manager Appliance 2.7
Chrysalis-ITS Luna HSM
IssueAfter a fresh RKM Appliance dual-node cluster installation, /KMS on secondary appliance goes to initialization page
/KMS on the primary appliance works fine
Going to /KMS on the secondary appliance shows the initialization page where master password, database credentials, and other information is gathered for a new installation:

RSA Key Manager Server V2.7 Installation

Master Password

Enter the master password that will be used to encrypt keys in the keystore. This password must be supplied each time the Key Manager Server is started.

Passwords must be at least 7 characters in length and they must contain a mix of alpha and numeric characters.

Password:

Confirm:

 

Database Credentials

Provide the database credentials for obtaining connections to the Datastore.

User Id:

Password:



 

Administrator Identity

Enter the name of the Key Manager Server administration Identity

Identity Name:

Authentication

Type:

 

Internal Configuration

Password:

Confirm:

 

Unattended Restart

Lockbox admin password is mandatory.

Enable Unattended Restart:    

Lockbox Admin Password:    

 

Server CA (PEM Format)

Certificate File:

 

Discovery

Sun Integration:


HSM client was properly installed on both primary and secondary appliances prior to initializing them.
CauseRKM Appliance was configured with a Hardware Security Module (HSM) for protecting KEK (Key Encryption Key).  The HSM client was properly configured on both appliances.  RKM Appliance 2.7.x installation process does not account for HSM and hence /opt/KMS/conf/properties/hardwareMasterKey.properties is not automatically transferred from primary appliance to the secondary during initialization (though all other /opt/KMS/conf/properties/*.properties files are transferred properly).
ResolutionConfirm that /opt/KMS/conf/properties/hardwareMasterKey.properties has not been copied (as is) from primary to the secondary appliance.  If confirmed, manually copy hardwareMasterKey.properties from primary to the secondary appliance.  The restart Tomcat, use the command "service tomcat restart" on the secondary appliance.  After a restart of Tomcat, accessing /KMS should work fine.
WorkaroundFresh installation of a dual-node cluster of RKM Appliance using HSM.  Installation and initialization was done using the option to install primary and secondary at the same time.
Legacy Article IDa56760

Attachments

    Outcomes