Multi-tenancy recovery of a failed VCM

Ensure that there is network connectivity between the tenant and their VCM. The commands needed to do this will depend on your network and operating system, but you should ideally send ICMP echo requests and ensure that a reply is received, as in the example below where the VCM has an IP address of 192.168.0.107.

If you are unable to send and receive packets to and from the VCM, ensure that you have followed all the steps in network configuration and use standard network debugging tools to fix any network issues before continuing.

If the HSM is running close to its maximum capability, you may experience timeouts in some administrative actions. Testing has shown that on a high-speed HSM this normally only occurs with at least 10 active VCMs all running at their maximum capacity.

As mentioned in the release notes, it is not recommended to run a multi-tenant HSM at such extreme load, but if you do so and experience some failure then it is very helpful to temporarily reduce the load on some VCMs while you attempt to recover. The load can then be restored once the failure is resolved. If you are a tenant, you will need to ask the service provider to do this for you.

A failed VCM can sometimes be recovered using the retry command. In the example below, the failed VCM is shown as module 1 in the enquiry command.

If a retry command does not restore the VCM, then try restarting the tenant hardserver. The example below is for a Linux operating system.

On a Windows operating system use the Windows Control Panel to restart the nfast server service or use the following commands

If none of the procedures above have recovered the VCM, then you may be able to recover it by clearing the VCM with the following sequence of commands. In the example, the failed VCM appears as module 1 in the enquiry command.

If none of these methods work then contact Entrust Support.