KB_180033: Unable to configure IDENTIKEY Authentication Server with Thales nShield HSM: ServerNotRunning2/28/2017 9:30:46 AM
When configuring IDENTIKEY Authentication Server with Thales nShield HSM and using version 11.70 of the Thales client software, the IDENTIKEY configuration wizard fails with NCIPHER API ERROR: <56> : <ServerNotRunning>.
Problem symptoms / details.
The current version of IDENTIKEY Authentication Server (3.11R2) was designed to work with version 11.60 of nCSS, CipherTools and CodeSafe (=the Thales nShield client software).
Some Thales nShield HSMs require a more recent version the client software (e.g. 11.70) to be able to perform some actions.
As such, you may need to install a recent version of the Thales client software in the IDENTIKEY Authentication Server (>=11.70).
In that case, when performing the initial configuration of the IDENTIKEY Authentication Server, it will fail with the error below:
You have cross-checked the hardserver and know that it is running.
The IDENTIKEY Authentication Server libraries are linked with the version 11.60 of the Thales Ciphertools libraries.
For the Linux versions of the Thales software, Thales has made changes on the location of the TCP communication socket used by the hardserver. This change was done in hardserver 11.70 and later (hardserver installed with the Thales nCipher support software, Thales CipherTools or Thales Codesafe toolkit).
On Linux platforms where hardserver 11.70 or later is running, some additional steps are required to make IAS communicate properly with the hardserver: the hardserver needs to be configured to maintain backward compatibility with the legacy socket location.
To do this:
1. Create the file /etc/nfast.conf with the entry: NFAST_CREATEDEVNFAST=1
2. Perform an /opt/nfast/sbin/init.d-ncipher restart to get the socket backward compatibility applied
See Thales nCipher software package v11.70 release notes for more information.
After making the changes to the Thales hardserver configuration, restart the IDENTIKEY Authentication Server configuration wizard.
Applies to: IDENTIKEY Authentication Server, Thales HSM
KB 180033– 28/02/2017
© 2016 VASCO Data Security. All rights reserved.