Cached keys in sponsor host are removed right after the cluster is formed

book

Article ID: 158748

calendar_today

Updated On:

Products

Encryption Management Server Gateway Email Encryption

Issue/Introduction

Immediately after you create a server cluster, cached keys on the host server are removed and are not replicated.

Cause

The timeout value for cached keys has expired.

After one or more servers are joined to the host server during the creation of a server cluster, one of the services checks the cached key timeout setting as it restarts. If the current date minus the keys’ create date exceeds the defined timeout value, the service flushes the key cache. You will have to repopulate it.

Resolution

This key-cache expiration issue is corrected using the command line of the Symantec Encryption Management Server to edit the key-cache timeout field in the prefs.xml file.

The prefs.xml file is located in the /etc/ovid directory.

In the prefs.xml file, the <key-lookup-cache-timeout></key-lookup-cache-timeout> field needs to be set to something greater than the default 24 hours (1440 minutes).

Warning: Accessing the Symantec Encryption Management Server command line for read-only purposes (such as to query the database, or to view settings, services, logs, processes, disk space, and so on) is supported. However, performing configuration modifications or customizations using the command line may void your Symantec Support agreement unless the following procedures are followed.

Changes made to the Symantec Encryption Management Server using the command line must be:

  • Authorized in writing by Symantec Technical Support or published as an approved and documented process on the Symantec Knowledge Base.
  • Implemented by a Symantec Partner, reseller or Symantec Technical Support.
  • Summarized and documented in a text file in /var/lib/ovid/ on the Symantec Encryption Management Server itself.
     

Changes made through the command line may not persist through reboots and may be incompatible with future releases. Symantec Technical Support may also require reverting any custom configurations on the Symantec Encryption Management Server back to a default state when they troubleshoot new issues.

For assistance on changing the prefs.xml file, submit a request to Technical Support.