This is an error generated by the FIPS OpenSSL libraries that NICI uses.
We do not anticipate this error will occur. At this time we do not have any specific workaround for this error code.
If returned when trying to initialize NICI on a Windows platform, this error typically means that NICI is not installed.
This error is returned when a security domain key (such as a tree key) is not found on the system. The API is CCS_GetPartitionKey. See Section 5.0, Understanding the NICI Keys for more information.
This is an error in NICI’s internal random number generator as defined by FIPS 140. NICI will try to recover, and returns this error if it can’t. The solution is to retry, reload, or restart the application. We don’t anticipate this error will occur.
This error condition was introduced with the FIPS 140-certified NICI. Upon loading or being instantiated by a process, NICI runs a set of tests for module integrity as well as cryptographic process integrity. If one of these tests fails, NICI puts itself in an inoperable state and returns this error. The typical cause of this problem is module verification failure. The solution is to reinstall NICI, or to uninstall and then reinstall NICI.
We don’t anticipate seeing this error anymore. This error was introduced in NICI version 2.0.1. The most likely cause is installation of a weak NICI version on a strong NICI installed base. The solution is to install strong NICI.
Novell® is shipping the strong NICI worldwide, and stopped shipping the import-restricted version with limited key sizes.
Similar to error -1497, this is typically caused by the lack of NICI license materials or configuration files. Reinstalling NICI typically solves the problem. If it does not, first try removing the NICI registry key on Microsoft Windows, deleting the Linux /etc/nici.cfg configuration file, and then installing NICI. Reinstalling NICI does not remove existing keys. If this doesn’t solve the problem and you won’t lose data by deleting the NICI configuration files and keys, then delete the NICI configuration directory together with the registry on Microsoft Windows or the Linux configuration file, and reinstall NICI.
Typical causes:
Lack of NICI licensing materials (.nfk file copied to the nicifk file). NICI on servers (DHost, or equivalent environment on other platforms) must have a NICI foundation key file in order to initialize key materials. NICI license materials are part of a Novell eDirectory™ license. NICI does not operate without a NICI licensing materials, or a proper configuration file. The solution is to install a license (this can be the installation of the same license), or copy the .nfk file from the license diskette to the nicifk file, then reboot the server or restart the DHost process.
Lack of or corrupted NICI configuration files. A corrupted NICI configuration file is not fixable; it must be deleted. An effort was made to minimize this problem starting with NICI version 1.3.x. It is less likely for this to occur with NICI 2.x or later.
Cryptography module downgrade.
We don’t anticipate this error will occur. This error is not unique to Novell eDirectory 8.6.0, but was first reported during Novell eDirectory version 8.6.0 upgrade testing, probably because servers are not rebooted during the Novell eDirectory version 8.6.0 upgrade, but directory services is restarted. The problem is duplicated in other environments by restarting directory services (without rebooting and allowing NICI to reinitialize) on servers listed in the W0 object.
Workarounds:
Avoid restarting directory services on the servers listed in the W0 object without also initializing NICI.
Restart the server identified by the W0 object before requesting the security domain key (A restart allows NICI to reinitialize, but you still need to be careful not to restart directory services).
Upgrade to NICI version 2.4 or later.