Dear listmembers, During a regular enforcerd wake up a new ZSK was created, according to the regular scheme. Immediately after this wake up the critical issue 'CKR_OBJECT_HANDLE_INVALID' was logged, see below this message. Signing the involved zone wasn't possible. Signing of other zones was not impacted.
Workaround: restart ODS. But this is the third time this happened, and although for a different zone in exactly the same circumstances. The first and second time we used this configuration: - RedHat 5 - ODS v1.3.5 - HSM Luna SA4 This third time we used the new configuration: - Ubuntu 14.04 - ODS v1.4.7 - HSM Luna SA6 Questions: - did anyone notice this before - what can be the cause of this error - what can I do to fix this Some relevant logging: Apr 5 20:49:11 myhost ods-enforcerd: Created key in repository ... Apr 5 20:49:11 myhost ods-enforcerd: Created ZSK size: 1024, alg: 8 with id******** in repository: ... and database. [...] Apr 5 20:49:12 myhost ods-enforcerd: Sleeping for 3600 seconds. Apr 5 20:49:12 myhost ods-signerd: [hsm] C_GetAttributeValue: CKR_OBJECT_HANDLE_INVALID Apr 5 20:49:12 myhost ods-signerd: [hsm] unable to get key: hsm failed to create dnskey Apr 5 20:49:12 myhost ods-signerd: [zone] unable to publish dnskeys for zone myzone: error creating dnskey Apr 5 20:49:12 myhost ods-signerd: [tools] unable to read zone myzone: failed to publish dnskeys (General error) Apr 5 20:49:13 myhost ods-signerd: [worker[3]] CRITICAL: failed to sign zone myzone: General error Kind regards, Anne (A.) van Bemmmelen [cid:[email protected]] SIDN | Meander 501 | 6825 MD | PO Box 5022 | 6802 EA | ARNHEM | The Netherlands T +31 (0)26 352 55 00 | M +31 (0)6 150 633 96 [email protected]<mailto:[email protected]> | www.sidn.nl<http://www.sidn.nl/> | Key-ID: 0xB8A5F0B2
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
