Checking the installation
This section describes what to do if you have an issue with the module or the software.
The facilities described below are only available if the software has been installed successfully. |
Checking operational status
Enquiry utility
Run the enquiry
utility to check that the module is working correctly.
You can find the enquiry
utility in the bin
subdirectory of the nCipher
directory.
This is usually:
-
C:\Program Files\nCipher\nfast
for Windows -
/opt/nfast
for Linux
If the module is working correctly, the enquiry
utility returns a message similar to the following:
nShield Solo
Server:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
version serial #
remote server port ####
...
module type code 0
product name nFast server
...
Module ##:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
module type code 7
product name #######/#######/#######
...
rec. LongJobs queue ##
SEE machine type Power PCSXF
supported KML types DSAp1024s160 DSAp3072s256
hardware status OK
nShield Solo XC
Server:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
module type code 0
product name nFast server
...
version serial #
remote server port ####
Module ##:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
module type code 12
product name #######/#######/#######
...
rec. LongJobs queue ##
SEE machine type Power PCELF
supported KML types DSAp1024s160 DSAp3072s256
hardware status OK
nShield 5s
Server:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
module type code 0
product name nFast server
...
Module ##:
enquiry reply flags none
enquiry reply level Six
serial number ############-####
mode operational
version #.#.#
speed index ###
rec. queue ##..##
...
module type code 14
product name #######/#######
...
rec. LongJobs queue ##
SEE machine type None
supported KML types DSAp1024s160 DSAp3072s256
active modes none
hardware status OK
If the mode is operational the module has been installed correctly.
If the mode is initialization or maintenance, the module has been installed correctly, but you must change the mode to operational. See the User Guide for your module and operating system for more about changing the module mode.
If the output from the enquiry
command says that the module is not found, first restart your computer, then re-run the enquiry
command.
Under Windows 7 and Windows 2008 R2 and higher versions, ensure that the power saving features are disabled.
See Installing the module for more information.
Otherwise, if your system enters Sleep mode, the nShield Solo module may not be found when running enquiry .
If this happens, you need to reboot your system.
|
nFast server (hardserver)
Communication can only be established with a module if the nFast server is running.
If the server is not running, the enquiry
utility returns the message:
NFast_App_Connect failed: ServerNotRunning
Restart the nFast server, and run the enquiry
utility again.
See the User Guide for more about how to restart the nFast server.
Mode switch and jumper switches
The mode switch on the back panel controls the mode of the module. See the User Guide for more about checking and changing the mode of an HSM. You can set the physical mode override jumper switch on the circuit board of the nShield Solo to the On position, to prevent accidental operation of the mode switch. If this override jumper switch is on, the nShield Solo and nShield XC Solo XC will ignore the position of the mode switch (see Back panel and jumper switches).
You can set the remote mode override jumper switch on the circuit board of the nShield Solo and nShield Solo XC to the On position to prevent mode change using the nopclearfail command.
This should be done if, for example, the security policies of your organization require the physical mode switch to be used to authorize mode changes.
|
Log message types
By default, the hardserver writes log messages to:
-
The event log in Windows Operating Systems.
-
log/logfile
in thenCipher
directory (normallyopt/nfast/log
directory) on Linux. The environment variableNFAST_SERVERLOGLEVEL
determines what types of message you see in your log. The default is to display all types of message. For more information onNFAST_SERVERLOGLEVEL
, see the User Guide.NFAST_SERVERLOGLEVEL
is a legacy debug variable.
Information
This type of message indicates routine events:
nFast Server service: about to start
nFast Server service version starting
nFast server: Information: New client clientid connected
nFast server: Information: New client clientid connected - privileged
nFast server: Information: Client clientid disconnected
nFast Server service stopping
Client
This type of message indicates that the server has detected an error in the data sent by the client (but other clients are unaffected):
nFast server: Detected error in client behaviour: message
Serious error
This type of message indicates a serious error, such as a communications or memory failure:
nFast server: Serious error, trying to continue: message
If you receive a serious error, even if you are able to recover, contact Support.
Serious internal error
This type of message indicates that the server has detected a serious error in the reply from the module. These messages indicate a failure of either the module or the server:
nFast server: Serious internal error, trying to continue: message
If you receive a serious internal error, contact Support.
Start-up errors
This type of message indicates that the server was unable to start:
nFast server: Fatal error during startup: message nFast Server service version failed init.
nFast Server service version failed to read registry
Reinstall the server as described in the User Guide for your module type. If this does not solve the problem, contact Support.
Utility error messages
BadTokenData error
The PCIe module
(not the Solo XC module)
is equipped with a rechargeable backup battery for maintaining Real-Time Clock (RTC) operation when the module is powered down.
This battery typically lasts for two weeks.
If the module is without power for an extended period, the RTC time is lost.
When this happens, attempts to read the clock (for example, using the ncdate
or rtc
utilities) return a BadTokenData
error status.
The correct procedure in these cases is to reset the clock and leave the module powered up for at least ten hours to allow the battery to recharge. No other nonvolatile data is lost when this occurs. See the Solo User Guide for more about resetting the clock.
The Solo XC module is equipped with a battery with a ten year life for maintaining RTC operation when the module is powered down. The RTC will not require resetting after the module has been shut down for extended periods. The battery is not rechargeable.
Solo XC only: Reboot the Solo XC for the firmware upgrade to take effect.
Linux bare metal environments: With the module in Maintenance mode, run the following command to reboot the Solo XC:
nopclearfail -S -m<module_number>
Linux virtual environment hosts and Windows:
Reboot the system that is hosting the Solo XC.
On all platforms:
Wait for the Solo XC to reboot.
The module has completed rebooting when running enquiry
no longer shows the module as Offline.