000035556 - Error 'Unable to load: crypto_providers:pkcs11v2,C:\Program Files\SafeNet\LunaClient\win32\cryptoki.dll.' when starting services of RSA Certificate Manager

Document created by RSA Customer Support Employee on Sep 23, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035556
Applies ToRSA Product: RSA Certificate Manager
RSA Version: 6.9 Build 560
Platform (Other): SafeNet Luna SA
IssueUnable to start services of RSA Certificate Manager after applying drop-in build 560 to version 6.9 build 558. The following error shows and services do not start:

Unable to load: crypto_providers:pkcs11v2,D:\Program Files\SafeNet\LunaClient\win32\cryptoki.dll. [4]

Prior to applying build 560, RSA Certificate Manager services started and worked fine in the same environment.
CauseSafeNet Luna SA Client was configured with 3 slots. Token was present in two slots (slot 1 and slot 2); however, there was no token present in slot 3 (HA virtual card slot).  The partition corresponding to slot 3 was marked 'Inactive' in Luna Client configuration.  A function in RSA BSAFE MES library, embedded in RSA Certificate Manager, failed to load the PKCS#11 library with error 10008 ('Token Not Present') as it attempted to retrieve token from slot 3 (that did not have a token).
ResolutionThis issue is planned to be fixed in a future build of RSA Certificate Manager 6.9.
WorkaroundUpdate Luna SA configuration to either activate the partition corresponding to the slot with no token, or remove the partition altogether if it's not being used.  Then restart RSA Certificate Manager services.
NotesThe following Luna SA commands can be useful when troubleshooting or checking status of partitions/slots on Luna SA HSM:

vtl listSlots
vtl haAdmin show
vtl verify