Introduction

This page includes a list of issues and error messages that may be seen and steps to resolve the errors.

Library Encryption page not visible in iManage Control Center

If the Library Encryption option doesn't appear in the Network & Security section of the navigation pane, check that the user is assigned to a global role that has the Key Management privilege enabled.

To add or to check the role setting of Key Management, sign in as an NRTADMIN who's assigned to a role that has Role Management enabled in iManage Control Center:

1. Select Access > Roles.

2. Select Global Management from the Roles list.

3. Select an existing role, or create a new global role.

4. In the Privileges section, select Edit.

5. Set Key Management to Yes.

6. Select Save.

7. In the Users tab, select Assign to Users, and then select the required users.

8. Select Add.

The Library Encryption option will be visible for users the next time they sign in, or after refreshing their browser.

Figure: Library Encryption option in iManage Control Center

Add / Edit Encryption Key dialog box

These error messages apply to the Add Encryption Key and Edit Encryption Key dialogs.

Figure: Add Encryption Key dialog

Required fields are missing

Required fields (identified with an asterisk) must have a value entered. This message identifies the field requiring the correction.

Key name exceeds the length limit

Issue: The specified key name entered is too long.

Solution: Correct the name to be less than or equal to the maximum.

• Minimum length: 1

• Maximum length: 255

• Spaces allowed: Yes

• Unicode allowed: Yes

• Special characters allowed: Yes

The Key name is missing

Issue: A key name wasn’t entered.

Solution: Enter a key name.

Key identifier URL format is invalid

Issue: The Key identifier is a URL for the Azure key vault. The value entered isn't a valid URL format.

Solution: Check the URL and enter it again. Make sure the URL includes forward slashes (/) only, no relative URLs. It must contain "https://", a domain name, and must not include any spaces.

The URL is provided by Azure at the time the value is created and should be copied or written down to ensure accuracy.

An example format is: https://ajubalaw.vault.azure.net/keys/ajubalaw-1/da93550d9b344d04a212dd06b7e7f4dc

Duplicate key holder information

Issue: Some of the key holder's information is duplicated with the other key holder.

Solution: Make sure each of the Client secret, Application (client) ID, and Key identifier values is different than the other key holder's values.

• Key identifiers are the same: Keys must be stored in separate Azure key vaults. Make sure each of the key identifier values is different than the other key holder's value.

• App (client) IDs are the same: Keys must be stored in separate Azure key vaults. Make sure each of the application (client) ID values is different than the other key holder's value.

• Key identifiers and App IDs are the same: Keys must be stored in separate Azure key vaults. Make sure each of the key identifier and application (client) ID are different than the other key holder's values.

Insufficient key vaults have been registered and enabled

Issue: There are not enough Azure key vaults registered for the iManage Work system to confirm the customer-supplied encryption key.

Solution: Key vaults must be registered in pairs, and each of the pairs must contain a copy of the same customer-supplied encryption key. More than one pair of key vaults may be registered. Registration permits the iManage Work system to safely access the stores.

There are several cases that can cause this error. Check the condition and the suggestion to correct it.

• No key vaults have been added: No key vaults have been registered yet. Contact iManage Support and provide the two Azure key vault URLs.

• Only one key vault has been added and enabled: One key vault has been added and enabled, although two key vaults are required. Contact iManage Support and provide the additional Azure key vault URL that matches the existing Azure key vault.

• There are some key vaults added but all of them are disabled: Key vaults have been added, but one or more of them are disabled. Contact iManage Support and specify which Azure key vaults to enable.

Key vaults have not been registered

Issue: The specified Azure vault hasn't been registered and enabled.

Solution: Supply the specified Azure key vault DNS name to iManage Support.

Keys referenced inside the vaults are not the same

Issue: The keys in key vault 1 and key vault 2 don’t match each other.

Solution: Check each of the key vaults and make sure they contain copies of the same customer-supplied encryption key. There’s no need to contact iManage Support.

The two keys specified are not copies of each other

Issue: The keys in each key vault are the same. To validate this, the system generates a random key and then encrypts a small string with that key. That key is wrapped and then the process is reversed using the key from the other vault by unwrapping the key and using the upwrapped key to decrypt the string. If the system can’t decrypt the string or if two strings don't match, this error is displayed.

Solution: Confirm the keys are in fact the same. Check each of the key vaults and make sure they contain copies of the same customer-supplied encryption key. There's no need to contact iManage Support.

Key has invalid primary key address

Issue: The specified key holder's key identifier is invalid or can’t be accessed.

Solution: Check the key identifier and try again.

Failed to validate application client ID or secret

Issue: The combination of the specified key holder's application (client) ID and the client secret is invalid.

Solution: Check both of those values and try again.

Duplicate key name

Issue: The key name entered is a duplicate of another Key name.

Solution: Make sure the key name entered is unique.

Revoked key

Issue: The specified key is revoked.

Solution: If this isn't intended, check the cause of the revocation. One revoked key still allows encryption and decryption to occur normally. However, to minimize risk, both keys need to be healthy. If both keys are revoked or unavailable, encryption and decryption won't occur.

Unexpected error

Issue: An unspecified error has occurred.

Solution: This error can be caused by an incorrect configuration in an Azure vault, such as invalid key vault permissions, a disabled key, or an expired key. Check those values and try again.

Apply key to library dialog

Required selection

Issue: No libraries were selected when attempting to apply this key.

Solution: Select at least one library. Some libraries may already be selected because the same active key had been previously applied to them. Multiple libraries can use the same key.

The key is applied to all available libraries

Issue: The specified key has already been applied to all available libraries. The condition occurs when attempting to apply a key that has already been applied to all available libraries. If this isn’t intended, use another key and try again. This can be seen when two iManage Work system administrators attempt to apply the same key at the same time.

Solution: Refresh the iManage Control Center page, check the key status, and try again.

Unhealthy key

Issue: The specified key can’t be applied to a library.

Solution: A key with a unhealthy status was attempted to be applied to a library. A key can’t be applied to a library if its health changes unexpectedly, or the key has been revoked after someone attempts to apply it to a library.

Applying a key that has already been applied

Issue: The specified key has already been applied to all available libraries. The condition occurs when attempting to apply a key that has already been applied on the selected libraries.

Solution: If this isn't intended, use another key and try again. This can also be seen when two iManage Work system administrators attempt to apply the same key at the same time. Refresh the iManage Control Center page, check the key status, and try again.

Key is unavailable

Issue: The specified key is unavailable.

Solution: This may be caused by:

• The Azure key vault is unavailable. Check that the Azure vault is working properly and that it is configured correctly.

• The Key identifier is invalid. Check the Key identifier in the Azure vault and try again.

• Incorrect permissions in the Azure vault. Check the permissions in the Azure vault and try again.

Unhealthy source primary key

Issue: The specified source primary key has recently changed to a revoked, unavailable, or mismatched state.

The existing source keysource can’t be replaced. The key either:

• Both key stores are revoked and/or are currently unavailable, or

• The two source key stores contain keys that don’t match each other (also called a mismatched state).

Solution: Check the source key status, and try again. To complete the replacement, the source key can’t be in a mismatched state, and at least one of the key stores must be healthy.

• A revoked key is one that the key store owner has explicitly changed the key store's status to prevent it from being read.

• An unavailable key is a key store that can’t be read. This may be caused by a lack of network access, or the key store configuration.

• Mismatched keys are when the keys in the two key stores don’t match.

Unhealthy destination primary key

Issue: The specified destination primary key has recently changed to a revoked, unavailable, or mismatched state.

The existing destination key can’t be used to replace an active key. In this situation, either:

• At least one key store has been revoked or is currently unavailable, or

• The two destination key stores contain keys that don’t match each other (also called mismatched keys).

Solution: Check the destination key status, and try again. To complete the replacement, the destination key can’t be in a mismatched state, and both key stores must be healthy.

• A revoked key is one that the key store owner has explicitly changed the key store's status to prevent it from being read.

• An unavailable key is a key store that can’t be read. This may be caused by a lack of network access, or the key store configuration.

• Mismatched keys are when the keys in the two key stores don’t match.

Unexpected Error

Issue: An unspecified error has occurred.

Solution: Try the last operation again. If that doesn’t correct the issue, contact your iManage Work system administrator.

Key Details page

The key is unavailable

Issue: The specified key is unavailable.

Solution: This error may be caused by a network issue, such as not being able to contact the Azure key vault, or is a configuration issue with the Azure key vault. Check that the Azure vault is working properly and that it is configured correctly.

The key is revoked

Issue: The specified key is revoked.

Solution: The specified key has been revoked by the customer. If this isn’t intended, check the cause of the revocation.

If one key is revoked, encryption and decryption still occur. However, to minimize risk, both keys need to be healthy. If both keys are revoked or unavailable, encryption and decryption won’t occur.

The key is mismatched

Issue: The keys in key vault 1 and key vault 2 don’t match each other.

Solution: The keys in the two vaults don't match. Check each of the key vaults and make sure they contain copies of the same customer- supplied encryption key. There’s no need to contact iManage Support.

Library Encryption page

Unhealthy key

Issue: One or more keys are invalid or have warnings. This is a listing that some of the primary encryption keys added to iManage Control Center that have errors or warnings associated with them.

Solution: Review the list and address each issue before continuing. See the individual error messages on this page for more information