When I tried to re-initialize an HSM, with the smart card shell GUI tool, that contained already multiple domain keys it fails to do so, I got some counter errors.
When not setting up key domains it works fine and also it works fine when using the default SO-pin. But when using (additional) key domains it will fail over and over again.
I solved my problem it by using the default SO-pin and changed the SO-pin afterwards.
I’m unable to reproduce that behavior. Can you define the exact steps and send the APDU trace from the SCSH trace tab ?
Sorry for my late response, I was out of the office.
Now I’m working again with this HSM but a big problem occurs. I can import EC private keys but when I verify the signed data with the public key it always fails. I tried this with several imported keys.
When doing exactly the same with my other HSM it’s working fine.
When I verify the public keys and certificates, they are the same on both HSMs. Of course I can’t see the private key 
Is there anything you want me to test/verify @sc-hsm before I try to reinitialize the HSM again?
I just found out that signing with pkcs11-tool with a label of the key doesn’t work. It will always take the first private key to sign.
When selecting the key via the id it’s working fine
