Troubleshooting

This guide covers the following HSMs:

  • nShield Connect

  • nShield 5c

It describes what to do if you have an issue with your HSM, or your Security World Software.

Checking operational status

Use the following methods to check the operational status of the module.

Enquiry utility

Run the enquiry utility to check that your module is working correctly. The enquiry utility is in the bin subdirectory of the nCipher directory. This is usually:

  • C:\Program Files\nCipher\nfast for Windows.

  • /opt/nfast for Linux.

If the module is working correctly, the enquiry utility returns the message:

Server:
 enquiry reply flags  none
 enquiry reply level  Six
 serial number        ####-####-####
 mode                 operational
 version              #-#-#
 speed index          ######
 rec. queue           ####..####
 ...
 version serial       #
 remote port (IPv4)   ####

Module ##:
 enquiry reply flags  none
 enquiry reply level  Six
 serial number        ####-####-####
 mode                 operational
 version              #-#-#
 speed index          #####
 rec. queue           ##..###
 ...
 rec. LongJobs queue  ##
 SEE machine type     PowerPCELF
 supported KML types  DSAp1024s160 DSAp3072s256
 hardware status      OK

If the output from the enquiry utility does not show mode operational, you can use the Status LED to discover the status of the module.

Status LED

The blue Status LED indicates the operational status of the module.

Status LED Description

Off.

Status: Power off or Standby mode

There is either no power supply to the module or the module is in Standby mode. If you suspect that there is no power supply, check that the module is properly connected and switched on.

If you believe the module’s power supply unit has failed, contact Support.

On, occasionally blinks off.

Status: Operational mode

The module is in Operational mode and accepting commands. The more frequently the Status LED blinks off, the greater the load on the module.

Flashes two short pulses, followed by a short pause.

Status: Initialization mode

Existing Security World data on the module has been erased.

The module is automatically placed in Initialization mode after a Security World is created. For more information, see the User Guide for your HSM.

On, occasionally blinks off.

Status: Operational mode

The module is in Operational mode and accepting commands. The more frequently the Status LED blinks off, the greater the load on the module.

Status: Initialization mode

Existing Security World data on the module has been erased.

The module is automatically placed in Initialization mode after a Security World is created. For more information, see the User Guide for your HSM.

Flashes two long pulses followed by a pause.

(nShield Connect only)

Status: Maintenance mode

Used for reprogramming the module with new firmware.

The module only goes into Maintenance mode during a software upgrade.

Blue LED.

(nShield 5c only)

Status: Maintenance mode

Used for reprogramming the module with new firmware.

The module only goes into Maintenance mode during a software upgrade.

Flashes SOS, the Morse code distress code (three short pulses, three long pulses, three short pulses).

After flashing SOS, the Status LED flashes a Morse code letter which identifies the error.

(nShield Connect only)

Status: Error mode

If the module encounters an unrecoverable error, it enters Error mode. In Error mode, the module does not respond to commands and does not write data to the bus.

For internal security modules running firmware 2.6.1.2 and above, the error code is also reported by the enquiry utility in the hardware status field of the Module and under hardware errors in the hardserver log.

If a command does not complete successfully, the module normally writes an error message to the log file and continues to accept further commands. It does not enter Error mode.

For information about error codes, see the User Guide for your HSM.

Flashes BIOS code.

(nShield 5c only)

Status: Error mode

If the module encounters an unrecoverable error, it enters Error mode. In Error mode, the module does not respond to commands and does not write data to the bus.

The error code is also reported by the enquiry utility in the hardware status field of the Module and under hardware errors in the hardserver log.

If a command does not complete successfully, the module normally writes an error message to the log file and continues to accept further commands. It does not enter Error mode.

For information about error codes, see the User Guide for your HSM.

Audible warning

An audible warning sounds for some critical errors relating to the PSUs on the module. The orange warning LED (see Orange warning LED) accompanies the audible warning.

The warning sounds when only one of the two PSUs is powered and turned on. Check that:

  • The rocker switch on both PSUs is in the on position.

  • Both PSUs are connected to the mains supply.

If the audible warning continues, there might be a fault with one or both PSUs. Before investigating further, switch off the audible alarm by navigating to the 1-2-5-3 Critical Errors screen. The orange warning LED remains on until you resolve the issue.

For more information about identifying and replacing a failed PSU, see the nShield Power Supply Unit Installation Sheet for your HSM.

Orange warning LED

If the orange warning LED is on, the module has encountered a critical error (for example, overheating or PSU failure) that may require immediate action. To find the cause of a critical error, navigate to System information > View h/w diagnostics > Critical Errors.

Checking the physical security of the module

The physical security measures implemented on the module include tamper detection. This warns you of tampering in an operational environment. For more information about tamper detection, including the tamper warning messages, see the Physical Security Checklist or the User Guide for your HSM.

Display screen

When the module is in Maintenance or Initialization mode, there is a color-coded footer at the bottom of the display screen. There is no footer when the module is in Operational mode.

Footer color Text in footer Meaning

Yellow

Initialization

The system is rebooting or waiting for an Administrator Card to be inserted.

Blue

Maintenance

An administrative task is being performed. This mode is only entered during firmware upgrades.

Red

HSM Failed

The internal module has failed. See Orange warning LED for more information.

Do not interrupt power to the module during a firmware upgrade.
The blue Status LED flashes to indicate the status of the internal security module.

Power button

The Power button, in combination with the display screen, indicates the general status of the module.

The display screen turns off automatically if the front panel buttons are inactive for more than three minutes. Use the touch wheel to turn the display screen back on.
Power button Display screen Status

On

On, displaying menus and dialogs

The module is operational.

On

On, displaying messages but not displaying labels for the navigation buttons

The module is running an upgrade. A color-coded footer indicates the specific status: yellow for initialization, red (maintenance) for upgrade.

On, flashes occasionally

On, displaying messages but not displaying labels for the navigation buttons

The module is performing start-up.

Mostly off, flashes occasionally

Off

The module is in Standby mode (that is, it has been powered down from the front panel using the Power button). Press the Power button to turn it on.

Flashes regularly

On, with “Critical Error” message

The module is unable to start-up or has failed. The error message describes the problem. If you can remedy the problem, do so, and press the Power button to restart the module. Otherwise, contact Support.

Flashes irregularly

Off

A low-level critical error has occurred.

Ethernet LEDs

There are four Ethernet LEDs, two for each of the two Ethernet ports on the module. The Ethernet LEDs indicate the status of the connection with other Ethernet devices.

Ethernet LEDs Status

Flashes regularly

The status of the Ethernet link is currently unknown (the Ethernet LEDs flash when the module is powering up).

Off

There is no Ethernet link. The Ethernet cable is either not connected to the module or the cable is not connected to a functioning Ethernet device.

On, green only

Indicates a 10Mb or 100Mb Ethernet link.

On, green and orange

Indicates a 1Gb Ethernet link.

Module overheating

If the internal module of the HSM exceeds the safe operating temperature, the unit stops operating and displays the SOS-T error message on the Status LED. See Status LED for details of the SOS-T error message.

Log messages for the module

To view log messages from the main menu of the module:

  1. Select System > System information.

  2. Select either:

    • View system log.

    • View hardserver log.

The client can store logs, and can configure them to contain different types of message.

Information

This type of message indicates routine events:

nFast Server service: about to start
nFast Server service version starting
nFast server: Information: New client clientid connected
nFast server: Information: New client clientid connected - privileged
nFast server: Information: Client clientid disconnected
nFast Server service stopping

Notice

This type of message is sent for information only:

nFast server: Notice: message

Client

This type of message indicates that the server has detected an error in the data sent by the client (but other clients are unaffected):

nFast server: Detected error in client behaviour: message

Serious error

This type of message indicates a serious error, such as a communications or memory failure:

nFast server: Serious error, trying to continue: message

If you receive a serious error, even if you are able to recover, contact Support.

Serious internal error

This type of message indicates that the server has detected a serious error in the reply from the module. These messages indicate a failure of either the module or the server:

nFast server: Serious internal error, trying to continue: message

If you receive a serious internal error, contact Support.

Start-up errors

This type of message indicates that the server was unable to start:

nFast server: Fatal error during startup: message nFast Server service version failed init.
nFast Server service version failed to read registry

Reinstall the Security World software, see Install the Security World software. If reinstallation does not solve the problem, contact Support.

Fatal errors

This type of message indicates a fatal error for which no further reporting is available:

nFast server: Fatal internal error

or

nFast server: Fatal runtime error

If you receive either of these errors, contact Support.

Utility error messages

This type of message might indicate an error status when you run a command line utility.

BadTokenData error in nShield modules

Some nShield modules are equipped with a rechargeable backup battery for maintaining Real Time Clock (RTC) operation when the module is powered down. This battery normally lasts for up to two weeks if no power is supplied to the HSM.

If the module is without power for an extended period, the RTC time is lost. When this happens, attempts to read the clock (for example, using the ncdate or rtc utilities) return a BadTokenData error status.

The correct procedure in this case is to leave the HSM powered up for at least 10 hours to recharge the battery, and then reset the clock. No other nonvolatile data is lost when this occurs.

Storage error

This type of message might indicate that the HSM is running out of disc space. It is possible that the logs generated by the HSM are taking up disc space. This type of error can be fixed using the nShield Log Service. This service runs in the background and will automatically retrieves and removes audit logs from the HSM. To learn more about this service, see nShield Audit Log Service