Troubleshooting

If you are having an issue with Secret Server loading after enabling HSM or seeing errors like CKR_FUNCTION_FAILED, please follow these steps to resolve the race condition happening during the PKCS #11 login.

For Secret Server Version 11.7.35 and Greater:

1. Add Settings to web-appSettings.config:

• Locate the web-appSettings.config file in the root of Secret Server.

• Add the following setting: <add key="DelayBackgroundStartupMilliseconds" value="5000" />

  You can add the value 5000, the equivalent of 5 seconds, but you may need to increase the value depending on the server hardware and web environment.

2. Run the iisreset command.

For Secret Server Version Less Than 11.7.35:

1. Download the Version with the DelayBackgroundStartupMilliseconds Setting:

   Ensure you have the version 11.7.35 or greater of Secret Server.

2. Add Settings to web-appSettings.config:

   • Locate the web-appSettings.config file in the root of Secret Server.

   • Add the following settings:

   <add key="PreventBackgroundThreads" value="true" />

   <add key="DelayBackgroundStartupMilliseconds" value="5000" />

   You can add the value 5000, the equivalent of 5 seconds, but you may need to increase the value depending on the server hardware and web environment.

3. Run the iisreset command.

4. Upgrade Secret Server:

   1. Navigate to the Secret Server upgrade section.

   2. Select the version with the DelayBackgroundStartupMilliseconds setting (version 11.7.35 and greater).

   3. Upgrade the Secret Server to the selected version.

5. Update Settings Post-Upgrade:

   1. Once the upgrade is finished, change PreventBackgroundThreads to false in the web-appSettings.config file.

   2. Run the iisreset command.

6. This will pick up the new delay setting and delay the background workers so the web node can log in to the PKCS #11 library first.

If you are still having issues, increase the delay value and retry.