Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

back

CipherTrust Intelligent Protection

Troubleshooting

search

Please Note:

Troubleshooting

This section provides resolution to issues that you may encounter/face while working with the CipherTrust Intelligent Protection (CIP) solution.

DDC Scan

IssueAction
The Enable Remediation toggle button is disabled in DDC scan configuration1. Open the Transparent Encryption application on the CipherTrust Manager GUI. The Clients page is displayed.
2. Under Client Name, check whether the CTE client is registered with a hostname or an IP address.
3. Open the Data Stores page (Data Discovery and Classification > Data Stores). This page shows the configured data stores.
4. Under Name, check whether the data store is added with a hostname or an IP address.
5. Make sure that both the resources (the data store and the CTE client) are configured using an IP address or a hostname.
Scan failed in the Validating phaseTo resolve this issue, make sure that:
• GuardPoint status is Active.
classification_status of GuardPoint is Ready.
rekeyed_status of LDT GuardPoint is Rekeyed.
• The classification profile used in the scan and CTE policy is same.
• The CTE client should match the DDC data store hostname/IP address.
• Both the resources (the data store and the CTE client) are configured using an IP address or a hostname.
Scan failed with Target errorOne of the possible reasons for Target error could be hostname duplication. Follow below steps to resolve hostname duplication:
1. Uninstall the DDC agent (ER2) package from the CTE client.
2. Change the hostname of the CTE client.
3. Install the DDC agent (ER2) package on the CTE client.
4. Configure the DDC agent at the CTE client.
5. Create the Data Store in DDC.
DDC scan failed in multi-node TDP
java.sql.SQLException: ERROR 726 (43M10)
Inconsistent namespace mapping properties. Cannot initiate connection as SYSTEM:CATALOG is found but client does not have phoenix.schema.isNamespaceMappingEnabled enabled.
This issue occurs if you copy hbase-site.xml to either Namenode or Masternode only.
To resolve this issue, copy hbase-site.xml to all the secondary nodes where the Spark services are running.
Target path not set on the Windows CTE agent: Must be a valid Windows or Unix absolute pathInstall the DDC agent (ER2) package at the CTE agent.

DDC Configuration

IssueAction
Invalid Livy URI path on entering the default Livy URI in Hadoop services on the CipherTrust Manager.1. Verify TDP configurations on the Ambari UI.
2. Refer to Knox > Advanced Topology.
3. Check for entry of the Livy Server in <services>. If the entry is not present, add the following:
<role>LIVYSERVER</role>
<url>http://<IP/hostname>:8999</url>
Invalid HDFS folder: the folder does not existMake sure that HDFS folder should exist.

TDP Service

IssueAction
Scan failed with Error processing scan1. Check the Services settings on TDP.
2. Access TDP using the Ambari UI.
3. Check the Spark2 configurations:
Spark2 > Configs > Advanced > Advanced livy2-conf > livy.server.csrf_protection.enabled should be false.
Spark2 > Configs > Advanced > Custom livy2-conf > livy.server.session.state-retain.sec should be 24h.
Spark2 > Configs > Advanced > Custom spark2-defaults > spark.yarn.appMasterEnv.ZK_URL_DDC should be <hostname>:2181.
4. Check the HBase configurations:
HBase > Configs > Advanced > Advanced hbase-site > ZooKeeper Znode Parent should be /hbase.
Refer to Configure TDP for details.
Scan failed with Error Launching Livy jobTo resolve this issue, try the following:
• Check that the hbase-site.xml file is saved at /etc/spark2/<3.1.(version)>/0/.
• If not, copy the hbase-site.xml file from /etc/hbase/<3.1.(version)>/0/hbase-site.xml to /etc/spark2/<3.1.(version)>/0/ to complete the scan.
• Assign the desired permissions for /user in HDFS by running the command:
-sudo -u hdfs hadoop fs -chmod 0777 /user
TDP services are not workingTo resolve this issue:
1. Go to the Ambari UI.
2. In the left pane, click the three dots (...) next to the Services tab.
3. Click Start All services.
4. Review the /etc/hosts entries. Make sure that the TDP IP address and hostname are correct.
Note: Reboot the CTE agent if the TDP IP address or hostname is changed.
If you reboot TDP or Start/Restart All services:
1. Check that the Knox service is up.
2. Click Actions > Start Demo LDAP.

PQS

IssueAction
PQS_query version not resolved on the CTE agent
Data governance exception with the error:
[schema version query failed on PQS. Error: connection::connect: http::request = failed with exception: Error resolving address] in [check_schema_version].
This issue could be due to the CTE agent is not able to resolve the hostname of PQS server.
The following steps can help to resolve this issue:
1. Make sure that the TDP IP address and hostname are correct.
2. Reboot the CTE agent if the TDP IP address or hostname is changed.
Location of the hosts file:
Linux: /etc/hosts
Windows: C:\Windows\System32\drivers\etc\hosts
PQS not configured or status is not Ready state 15: NCERRBadRequest: Bad HTTP requestCheck the Ambari server UI all services should be green and working. If not, start/restart all services.

Windows Agent

IssueAction
GuardPoint does not have UUID.• Check the CTE agent installation.
• Make sure that LDT on CIFS (File Header Support - FHS) capability is turned off.
Note: This resolution is only applicable for local.