Troubleshooting

This section provides guidance for diagnosing and resolving common issues that may be encountered during the installation, configuration, or operation of the Reconnect HSM or KeySafe 5 system.

Interface link remains down after network configuration

  1. Verify the network configuration:

    (cli)netcfg

    • Confirm that:

      • The gateway address is present and correct.

      • The subnet mask matches the network.

  2. If the gateway and IP configuration are correct and the interface status remains down, inspect the physical network connection.

    Example output showing link-down status:

(cli)netstatus
Active Profile: SINGLE
Interface: Management (eno1)
MAC: 00:60:e0:b3:eb:51
Status: down
Addresses:
IP: 10.X.X.X/24
Scope: 0
Broadcast: 10.X.X.X
Cfg Source: static

  3. Verify the type of transceiver installed in the associated port.

    The nShield 5C 10G device supports SFP+ transceivers. It does not support SFP-T transceivers.

nShield 5C 10G not appearing in KeySafe 5 Web GUI

  1. Review the KeySafe 5 agent logs by executing the following command in the HSM’s CLI. Successful logs indicate agent startup, configuration updates, and successful message bus connectivity.

    (cli)ks5agent log
    An example of agent logs showing successful connection:

Dec 10 19:04:32 nshield-64DB-8D35-0405 audit[158675]: SYSCALL arch=c000003e syscall=257 success=no exit=-13 a0=ffffffffffffff9c a1=772642228753 a2=80000 a3=0 items=0 ppid=158652 pid=158675 auid=4294967295 uid=100006 gid=100001 euid=100006 suid=100006 fsuid=100006 egid=100001 sgid=100001 fsgid=100001 tty=(none) ses=4294967295 comm="keysafe5-agent" exe="/opt/nfast/sbin/keysafe5-agent" subj=keysafe5-agent key=(null)
Dec 10 19:04:32 nshield-64DB-8D35-0405 keysafe5-agent[158675]: enabled journal logging
Dec 10 19:04:32 nshield-64DB-8D35-0405 keysafe5-agent[158675]: Updated agent config: Hostname:hsm_64DB-8D35-0405, Version:1.5.0-e4687903, MessageBus:{URL: tls://10.194.148.22:18084, tls: true}, LoggerConfig:{level:Info, format:JSON, file.enabled:false, file.path:/opt/nfast/log/keysafe5-agent.log, journal.enabled: true}, UpdateInterval:1m0s, HealthInterval:1m0s, RecoveryInterval:5s, KmdataNetworkMount:false, KmdataPollInterval:1s, CodeSafeUpdateInterval:3m0s, CodeSafeCachePeriod:1h0m0s
Dec 10 19:04:32 nshield-64DB-8D35-0405 keysafe5-agent[158675]: Starting agent

  2. If the agent logs indicate message bus connection errors like the following, stop and restart the KeySafe 5 server using the steps below.

    An example of message bus connectivity errors:

Dec 10 19:04:38 nshield-64DB-8D35-0405 keysafe5-agent[158675]: Error starting agent: message bus connection error: failed to create NATS connection for publishing: nats: no servers available for connection

    How to restart a Linux KeySafe 5 server:

    /opt/nfast/scripts/init.d/keysafe5-server stop
/opt/nfast/scripts/init.d/keysafe5-server start

    How to restart a Windows KeySafe 5 server:

    1. Launch the Services window.

    2. Right-click nShield KeySafe 5, then select Stop and Start.