Filter
Top Products
Learning About Problems
EncrypTight User Guide 239
NOTE
Always check the status of the PEPs in the Policy View after deploying policies, refreshing status, or
renewing keys. All PEPs should show a Consistent indicator .
This section includes the following topics:
● “Policy Errors” on page 239
● “Status Errors” on page 240
● “Renew Key Errors” on page 240
Policy Errors
Symptom Explanation and possible solutions
Policies are not executing as
expected.
Check the policy priorities for uniqueness. Do not give multiple
policies the same priority.
Check the policy priorities to make sure the relative ordering is
correct. Policies are executed from highest to lowest priority.
Policy and network configuration in
ETPM is not saved.
Data is not saved until you add at least one PEP in ETEMS.
Follow the workflow outlined in the EncrypTight User Guide.
A policy deployment operation times
out and the policies are marked with
the yellow Pending indicator . If
you then refresh status, all policies
will be marked with the red
Inconsistent indicator .
If you attempt to deploy a policy file to ETEP PEPs that is
larger than the maximum size for the model, the ETEP PEP
generates an error and rejects the policy file. The error is
recorded in the ETKMS log file. However, ETPM does not
detect the error.
As a workaround, reduce the number of network sets or
networks used in the policy and try to redeploy until all of the
policies are marked with a green Consistent indicator. For
more information about policies and the operational limits of
ETEP PEPs, see the EncrypTight User Guide.
Policy deployment fails and ETPM
displays the following message:
Failed to complete Deployment
The deployment operation failed on
a ETKMS - connection timed out:
ETKMS <ETKMS IP Address>
This message appears when the ETKMS with the specified IP
address cannot be reached. If you have a primary and a
backup ETKMS, this error does not indicate that the overall
policy deployment failed. If the failure is with the primary
ETKMS, the backup ETKMS takes over policy and key
deployment to the PEPs. If the failure is with the backup
ETKMS, the primary ETKMS continues to deploy policies and
keys to the PEPs.
Check the status indicator in the Policy view of the ETPM for
all PEPs. If the status shows a indicator, the PEPs received
the appropriate policies and keys; otherwise, the PEPs did not
receive the policies and keys and immediate action is required
to prevent network outages.