Trying to Enable Encryption with an External Key Manager, DD OS 7.1 (KeySecure)

Summary: Encryption key management using KeySecure configuration is not completed, with errors such as "Failed to synchronize keys."

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

KeySecure server logs do not show the Data Domain attempting communication. The firewall port was opened. An error is showing:

Error message : Failed to synchronize keys, error code = 5308

The Data Domain file system (FS) ddfs.info logs shows the following:

9/21 18:40:22.025 (tid 0x7f032e42cd50): INFO: dd_km_plugin_finalize_intern_keysecure: KeySecure is not configured, will not finalize
09/21 18:40:30.019 (tid 0x7f032e42cd50): ERROR: dd_km_plugin_init_intern_keysecure: KeySecure plugin initialization failure. Error : -75
09/21 18:40:38.010 (tid 0x7f032e42cd50): ERROR: dd_km_plugin_get_active_key_by_class_keysecure: Failed to synchronize keys. Status: -75
09/21 18:40:38.010 (tid 0x7f032e42cd50): NOTICE: [cp_keys_enable_ext_key_mgr] Error [Failed to synchronize keys] in retrieving the active key
09/21 18:40:48.000 (tid 0x7f032e42cd50): ERROR: KeySecure is not configured correctly. Response status : -75
09/21 18:40:48.000 (tid 0x7f032e42cd50): ERROR: [dd_keysecure_plugin_get_dd_err] KMIP returned error[-75]
09/21 18:40:56.181 (tid 0x7f032e42cd50): ERROR: KeySecure is not configured correctly. Response status : -75
09/21 18:40:56.181 (tid 0x7f032e42cd50): ERROR: [dd_keysecure_plugin_get_dd_err] KMIP returned error[-75]

Cause

When an external certificate authority is being used, import all the certificates in the certificate chain to the Data Domain. The certificate for the intermediate Certificate Authority (CA) must be imported in the DD as trusted for KeySecure.

Resolution

Consult the DD OS and Gemalto's SafeNet KeySecure Integration Guide to verify all steps have been followed. (Log in to Dell Support as a registered user is required to view this document.) If the issue still exists, get instructions on importing the intermediate CA for KeySecure SSL certificate from the local network security team.

Affected Products

Data Domain
Article Properties
Article Number: 000183757
Article Type: Solution
Last Modified: 28 Mar 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.