Symantec Encryption Management Server employs scheduled backups, which may be encrypted to the Organization Key.
There may be some rare instances where a server backup is failing due to a mismatch of Organization Keys. This can happen if a server backup is being used for a different Symantec Encryption Management Server, or if an Organization Key has changed.
Another scenario is servers with one Organization Key are joined to a new cluster, which would have a different Organization Key.
In any of these cases, the backups may fail, due to mismatch of the Organization Key.
The following entries may appear in the backup log:
2016/06/18 11:59:39 +01:00 ERROR pgp/backup[18347]: MAIN: Failed to import keys (err=-11984): item not found
2016/06/18 11:59:39 +01:00 ERROR pgp/backup[18347]: MAIN: Initialization failed: item not found
The backup process is still trying to encrypt the backup to the original Organization Key, but the key is not matching what is currently listed in the database.
To verify that this is the cause of the problem:
Step 1: Connect to the server using ssh and run this command:
psql oviddb ovidr -c "SELECT keyid FROM key WHERE subject = 'org';"
This will display output similar to:
keyid
--------------------
0xA1F997D60FC5A7AD (1 row)
Step 2: Run the following command:
grep -C 2 "<keyid>" /etc/ovid/prefs.xml
This will display output similar to this:
<backup>
<encrypt-to>
<keyid>0x1EF40FEB05E2F75F</keyid>
</encrypt-to>
<deliver-to>
If the ID in step 1 and the value between the keyid tags in step 2 do not match, this is the cause of the error, please contact Symantec Support to help update this to the proper Key ID to ensure backups will then be successful.