[Opendnssec-develop] Enforcer died during production KSK rollover .nl
Antoin Verschuren
antoin.verschuren at sidn.nl
Fri Oct 22 08:32:23 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 22-10-10 08:40, Roland van Rijswijk wrote:
> Hi guys,
>
> On 21 okt 2010, at 19:15, Jakob Schlyter wrote:
>
>> On 21 okt 2010, at 18.10, Antoin Verschuren wrote:
>>
>>> The error for the enforcer was: CKR_TOKEN_NOT_PRESENT
>>
>> Was the HSM on-line and enabled when the error occurred?
>
>
> To add to that: we are using the same brand HSMs as SIDN; I've seen this problem occur but only once and was unable to reproduce it. Unfortunately, there is nothing more sensible I can say about it :(
And to add to that:
We've obviously tested our procedures in a test enviroment multiple
times, and did not get this error. Now that I hear from you that you get
the same error with the same HSM, and that it's a pkcs11 error, I'm
beginning to think it might also be an HSM issue, and we should perhaps
look at the HSM vendor ? Only difference between the test and production
setup is that the production setup is more idle, meaning that it runs
untouched for a longer period of time, where we touch the test
enviroment more often to practice our procedures.
Antoin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iQEcBAEBAgAGBQJMwUwXAAoJEDqHrM883AgnLkkH/i9R2h4FUwNv6f4m0smIGv9A
GkQ02V1aVEWcLzkR3FmQ4xYUa/ltXNhvcVX4XFL6Vcd3PrBQqfrwGN7WsA1Ep9Eo
y1OcvaVz7IDnvGF7KxnPR4lb+EBlriYoOJcq3pMa+GhF5G5jQThVpqu9AiJZRC2e
9OiRaTg5nL7anlRac/XDjrpHZygj8zOg+Up7bHC/VjWZSzO+JU3x4wN+eF9aM0pd
3sRmdy2tLEj7UKF4aG2ldLdeMeO9xd4x9qwd+cn/pb7K/PvXy9S0el/1IYMDCm0s
h82NtmiG7gZdbu0jgYpCSeSvybANekqn4TP1+GoHw9T12hHvvMBbBcjkESZSzVw=
=pEjQ
-----END PGP SIGNATURE-----
More information about the Opendnssec-develop
mailing list