000017120 - Unable to install RSA Certificate Manager on a migrated nCipher Security World

Document created by RSA Customer Support Employee on Nov 19, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017120
Applies ToCertificate Manager 6.7
Win 2003 Server
nCipher HSM, where the security works is pre-exisiting Security World, with existing pkcs11 keys.
IssueWhen running nfkmcheck the following results appear:
C:\nfast\bin>nfkmcheck
nfkmcheck: information: World is in strict FIPS 140-2 mode (see manual)
nfkmcheck: information: Module #1 Slot #0 Operator Cardset `OCS1' #1
nfkmcheck: information: Key mscapi container-xxxxxxx arbitrary data object (not a key)
nfkmcheck: information: Key mscapi container-xxxxxxxarbitrary data object (not a key)
nfkmcheck: information: Key mscapi container-xxxxxxx arbitrary data object (not a key)
nfkmcheck: information: Key mscapi container-xxxxxxx arbitrary data object (not a key)
11:41:36 ERROR: Key file bearing AppName pkcs11, Ident uxxxxxx contains different key pkcs11 uxxxxxxx
nfkmcheck: fatal error: NFKM_findkey failed: HostDataInvalid
nfkmcheck: fatal error occurred - not all checks carried out !

Unable to install RCM on a migrated nCipher Security World

When installing RCM 6.7 the following message appears when trying to configure the Install Directory Server;


Configuration of Install Directory Server (e:\RSA_CM\ids\bin\xudad.exe -setup -d2 -f ids.log ids.conf) failed tieht return code [17]. Please refer to the log file [e:\RSA_CM\ids\bin\ids.log] for more information, and contact technical support if the cause of the problem remains unclear.



The ids.log contains the following:


Reading configuration parameters.
    Reading configuration from file [ids.conf]

 

Checking network.


Confirming existence of target directories:
    e:\RSA_CM\ids\conf
    e:\RSA_CM\ids\ssl\private
    e:\RSA_CM\ids\ssl\certs
    e:\RSA_CM\ids\db


Bootstrapping XUDA from schema file:
    e:\RSA_CM\ids\dist\schema.conf
 


*** Unable to load crypto provider : pkcs11v2,c:\nfast\toolkits\pkcs11\cknfast.dll ***
[XrcUNABLE: unspecified failure]

*** Operation failed. ***
[XrcUNABLE: unspecified failure]
configuration parameter is undefined [installMode]
CauseDuring the migration of the security world, the key label names got truncated. This caused an issue with key identification
ResolutionEnsure that during the security world migration, all the information is kept in the corect format.
This can also happen if the hardserver process on solaris is not running.
Legacy Article IDa40309

Attachments

    Outcomes