Key Management Reading Time: 3 minutes

CipherTrust Manager Clustering Error

Last updated on

In this blog, we’ll discuss the issues of clustering encountered during CipherTrust Manager installation and configuration.

Error

  1. A generic connection error occurred while creating the cluster. This type of error typically occurs when the host is invalid. Please retry using a valid IP or hostname. Code 8: NCERRInternalServerConnectFailed
  2. Failed self-connection check. This type of error typically occurs when the host is invalid. Please retry using a valid IP or hostname. Code 8: NCERRInternalServerConnectFailed

Description

Let’s consider that we have 4 CipherTrust Manager nodes (thales01.ec.com, thales02.ec.com, thales03.ec.com, thales04.ec.com)  to add to a cluster. As per the procedure, we’ll have to select one of the nodes to create a cluster and, after that, add all the remaining nodes to that cluster. Usually, we have two options for calling out each of the appliances.

We can either mention the hostname of the CipherTrust manager or the IP address. It is, however, recommended to use the hostname instead of the IP address from a networking standpoint. The errors mentioned above are encountered during the cluster creation process when the hostname of the CipherTrust Manager is entered.

Cause

The primary reason for these errors is that the CipherTrust Manager cannot recognize the hostname. A user might encounter this issue despite setting up a DNS and a proper hostname.

Cluster
cluster error

Solution

Let us assume we are creating a cluster from thales01.ec.com and adding all other nodes from this server. To resolve this error, please follow the below-mentioned steps:

  1. On thales01.ec.com, navigate to DNS hosts under Admin settings.

    CipherTrust Manager Admin settings

  2. First, add all 4 CipherTrust Manager hostnames.

    CipherTrust Manager hostnames

  3. Navigate to clustering and try creating the cluster again with the hostname of the primary node (thales01.ec.com).

    clustering

  4. After creating a cluster, we will add other nodes by using their hostname from thales01.ec.com. To complete this process successfully, we’ll first have to add the primary node (thales01.ec.com) on each of the secondary nodes (thales02.ec.com,thales03.ec.com, thales04.ec.com) and then add the secondary node itself

    under Admin settings-> DNS Hosts. The concept behind adding the same is for both nodes to recognize themselves as well as each other.

  5. Once the cluster is created, all the nodes have been added, and the testing has been completed, you can delete all the DNS hosts added on each of the CipherTrust Manager appliances and check that clustering is functioning properly.

Free Downloads

Datasheet of Encryption Consulting Services

Encryption Consulting is a customer focused cybersecurity firm that provides a multitude of services in all aspects of encryption for our clients.

Download

About the Author

Yathaarth Swaroop is a Consultant at Encryption Consulting, working with PKIs, HSMs and working as a consultant with high-profile clients.

You might also be interested in

Simplifying the Audit and Remediation of Keys and Certificates
Simplifying the Audit and Remediation of Keys and Certificates December 12, 2023
Encryption is easy, key management is also easy?
Encryption is easy, key management is also easy? December 11, 2022
Understanding and Generating Certificate Signing Requests (CSRs) using Luna Cloud HSM – A Comprehensive Guide
Understanding and Generating Certificate Signing Requests (CSRs) using Luna Cloud HSM – A Comprehensive Guide June 22, 2023
AWS KMS vs Thales CCKM – Which Key Management System is Right for You?
AWS KMS vs Thales CCKM – Which Key Management System is Right for You? July 14, 2023

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo