Please Note:

Troubleshooting

This section describes how to handle the issues that you might face when using CTE with the CipherTrust Manager.

Connection Issues

Symptoms	Possible Cause and Remediation
• Client status is Error • Configuration changes are not pushed to the client • Requests like Browse file system are failing	Analyze the CTE logs, identify connection failure reasons, and rectify them: 1. Look for the issues in the `/var/log/vormetric/server_comms.log` file on the CTE agent. This file contains information about the CipherTrust Manager's communication with the client. 2. Identify the cause of the issue. 3. Restart `vmd` to get the latest `init`.

Registration Issues

Symptoms Possible Cause and Remediation

Registration fails with conflict errors Conflict errors occur when a client with the given name already exists on the CipherTrust Manager. To fix these issues:
• Delete the existing client entry from the CipherTrust Manager.
• Unenroll the existing client if you want to register it with another CipherTrust Manager.
NOTE: A conflict error might occur even if no CTE client with the given name exists on the CipherTrust Manager. To resolve the issue:
1. Check for the client name under Client-Management: Clients in the API playground.
2. Delete the client from the list.
3. Retry registration with the same name.

Reregistration fails with capabilities related errors Capabilities cannot be disabled during reregistration with the CipherTrust Manager. To disable the CTE Agent capabilities, delete the client from the CipherTrust Manager and register again with these capabilities disabled.

Symptoms	Possible Cause and Remediation
Registration fails with conflict errors	Conflict errors occur when a client with the given name already exists on the CipherTrust Manager. To fix these issues: • Delete the existing client entry from the CipherTrust Manager. • Unenroll the existing client if you want to register it with another CipherTrust Manager. NOTE: A conflict error might occur even if no CTE client with the given name exists on the CipherTrust Manager. To resolve the issue: 1. Check for the client name under `Client-Management: Clients` in the API playground. 2. Delete the client from the list. 3. Retry registration with the same name.
Reregistration fails with capabilities related errors	Capabilities cannot be disabled during reregistration with the CipherTrust Manager. To disable the CTE Agent capabilities, delete the client from the CipherTrust Manager and register again with these capabilities disabled.

Backup and Restore Issues

Symptoms Possible Cause and Remediation

Reregistration issues after CipherTrust Manager is restored on a new CipherTrust Manager appliance

Symptoms	Possible Cause and Remediation
Reregistration issues after CipherTrust Manager is restored on a new CipherTrust Manager appliance	After the backup of a CipherTrust Manager is restored to another CipherTrust Manager, CTE client reregistration does not work as expected. To work around this issue: Before taking the backup, disable or stop the LDT GuardPoints on the current CipherTrust Manager. Back up the CipherTrust Manager. Restore the backup to another CipherTrust Manager. Check for the client name under `Client-Management: Clients` in the API playground. Delete the client from the list. Reregister the CTE client with the restored CipherTrust Manager.

After the backup of a CipherTrust Manager is restored to another CipherTrust Manager, CTE client reregistration does not work as expected. To work around this issue:

Before taking the backup, disable or stop the LDT GuardPoints on the current CipherTrust Manager.
Back up the CipherTrust Manager.
Restore the backup to another CipherTrust Manager.
Check for the client name under Client-Management: Clients in the API playground.
Delete the client from the list.
Reregister the CTE client with the restored CipherTrust Manager.

Licensing Issues

Symptoms	Possible Cause and Remediation
• Registration fails with licensing errors • LDT feature cannot be used • CTE configurations are read-only	Registration can fail if the number of purchased licenses are consumed or the validity of a license is expired. This is applicable for all types of licenses: the base license (CTE - TransparentEncryption), the CTE for Kubernetes license (CTE - KubernetesProtection), and the add-on license (CTE - LiveDataTransformation). • To enable LDT at the time of registration (or later), make sure that you have a valid base license and a valid add-on LDT license. • After a license is expired: – A new client cannot be registered. – Existing operations on registered clients remain in tact. Their existing security configurations are pushed as and when required.

Symptoms

Possible Cause and Remediation

• Registration fails with licensing errors
• LDT feature cannot be used
• CTE configurations are read-only

Registration can fail if the number of purchased licenses are consumed or the validity of a license is expired. This is applicable for all types of licenses: the base license (CTE - TransparentEncryption), the CTE for Kubernetes license (CTE - KubernetesProtection), and the add-on license (CTE - LiveDataTransformation).
• To enable LDT at the time of registration (or later), make sure that you have a valid base license and a valid add-on LDT license.
• After a license is expired:
– A new client cannot be registered.
– Existing operations on registered clients remain in tact. Their existing security configurations are pushed as and when required.

Configuration Issues

Symptoms	Possible Cause and Remediation
Mismatched log levels between the CipherTrust Manager configuration and client logs	Try these: • Check the configuration in the linked profile on the CipherTrust Manager. • Validate the vmd configuration on the CTE client by running: `vmsec vmdconfig`

Suggest A Change

Troubleshooting

Connection Issues

Registration Issues

Backup and Restore Issues

Licensing Issues

Configuration Issues