https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/296885#M218477 <P>I did follow the similar steps but had the issue. I had to remove all the KTS/KMS installation start from scratch which fixed the issue but this time i added only one server first and then added the other.</P> Fri, 29 May 2020 14:14:54 GMT RajeshBodolla 2020-05-29T14:14:54Z https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/294160#M217094 <P>I am enabling HDFS data at rest encryption in CDH 6.3 and while adding the KMS service, i noticed that&nbsp;/var/lib/kms-keytrustee/keytrustee/.keytrustee/ is actually doesn't exist on all the KMS hosts when trying to synchronise the KMS hosts private keys. Has anyone come across such issue and what is the way forward for this?</P> Thu, 16 Apr 2020 18:15:03 GMT https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/294160#M217094 RajeshBodolla 2020-04-16T18:15:03Z https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/294434#M217254 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/24123">@RajeshBodolla</a>&nbsp;The general steps which I used to follow for Reinstall KTS from scratch this below, might be you are missing something.&nbsp;</P><P>&nbsp;</P><PRE>1. Stop the KMS service<BR />2. Delete the KMS service from the Cloudera Manager UI<BR />3. Then remove all the contents under "rm -rf /var/lib/kms-keytrustee/"<BR /><BR />Note - Make sure that the hidden directory is also removed '/var/lib/kms-keytrustee/keytrustee/.keytrustee'<BR /><BR />4. Now sync the Active and passive KTS using the following steps:<BR />a. Stop the Key Trustee Server service (Key Trustee Server service &gt; Actions &gt; Stop).<BR />b. Run the following command on the Active Key Trustee Server:<BR />$ sudo rsync -zav --exclude .ssl /var/lib/keytrustee/.keytrustee <A href="mailto:root@keytrustee02.example.com:/var/lib/keytrustee/" target="_blank">root@keytrustee02.example.com:/var/lib/keytrustee/</A>.<BR /><BR />Note - Replace keytrustee02.example.com with the hostname of the Passive Key Trustee Server.<BR /><BR />c. Run the following command on the Passive Key Trustee Server:<BR /><BR />$ sudo ktadmin init<BR /><BR />d. Start the Key Trustee Server service (Key Trustee Server service &gt; Actions &gt; Start).<BR />e. Enable synchronous replication (Key Trustee Server service &gt; Actions &gt; Setup Enable Synchronous Replication in HA mode).<BR />f. Restart the Key Trustee Server service (Key Trustee Server service &gt; Actions &gt; Restart).<BR /><BR />Once this is done, now recreate the KMS service using the steps in the following link<BR /><BR />https://www.cloudera.com/documentation/enterprise/latest/topics/key_trustee_kms_ha.html</PRE> Tue, 21 Apr 2020 16:13:03 GMT https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/294434#M217254 GangWar 2020-04-21T16:13:03Z https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/296885#M218477 <P>I did follow the similar steps but had the issue. I had to remove all the KTS/KMS installation start from scratch which fixed the issue but this time i added only one server first and then added the other.</P> Fri, 29 May 2020 14:14:54 GMT https://community.cloudera.com/t5/Support-Questions/var-lib-kms-keytrustee-keytrustee-keytrustee-is-empty/m-p/296885#M218477 RajeshBodolla 2020-05-29T14:14:54Z