RMS Provisioning hangs when using nCipher NetHSM

So here is a new one that I ran into yesterday. I had a customer that called in and was having problems provisioning his RMS V1 server in his production environment. He was using nCipher HSMs to store the keys. This worked great in his development environment, but for some reason during the 'Provisioning Logging..." step of the process, we would just hang.

We would see this if we ran a debug view, and it would freeze:

00000997 149.84358215 [3940] 2008-03-19T09:57:21:0990 - PrivateKeyStore(data source=sqlserver;integrated security=SSPI;persist security info=False;packet size=4096;database=DRMS_Config_rms_domain_com_80;Pooling=false;)
00000998 149.86886597 [3940] 2008-03-19T09:57:22:0021 - DrmsSqlStorage connection String:  data source=sqlserver;integrated security=SSPI;persist security info=False;packet size=4096;database=DRMS_Config_rms_domain_com_80;Pooling=False
00000999 149.88598633 [3940] 2008-03-19T09:57:22:0037 - Stored procedure spa_GetPolicy finished with return code 0

The answer:

Some background. When the customer setup his security realm in production he specified FIPS compatibility, which he did not do in the dev environment. What this means is that an 'Operator Card' has to be inserted into the module in order to store the keys. Typically you would get prompted to 'Insert an Operator Card', but because RMS has no UI that can display this (we may be supressing the dialog), we will happily sit there until you figured it out...or until IIS decides to kill the process.

The same issue exists in WS08 for RMS, so be aware that if you have FIPS level compatibility turned on, you either need to use ModAuth or go insert your operator card into the HSM to provision RMS.


Comments (0)

Skip to main content