跳转到主内容
Effective December 3 - NetApp adopts Microsoft’s Business-to-Customer (B2C) identity management to simplify and provide secure access to NetApp resources. For accounts that did not pre-register (prior to Dec 3) access to your NetApp data may take up to 1 hour as your legacy NSS ID is synchronized to the new B2C identity. To learn more, Read the FAQ and Watch the video.

由于板载密钥导入失败,在 ONTAP andu 期间自动交还失败

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
encryption
Last Updated:

适用场景

  • ONTAP 9.8
  • ONTAP 自动无中断升级
  • 板载密钥管理器

问题描述

  • ANDU 从 9.6 升级到 9.8
  • node-02 的 EMS 日志显示密钥导入失败

Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.ssal.failed:alert]: SSAL operation failed: SSAL Unseal operation failed.
Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.debug:info]: Onboard key hierarchy import failed: failed to create NKEK: 31.
Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.okmrecovery.failed:alert]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: error: ssal unseal failed.

  • SKTRACE.GZ 中出现 TSS 错误

2021-08-22T21:51:01Z 24880865537178 [0:0] SSAL_Error: tss_tpm_load:438 tss_execute failed
2021-08-22T21:51:01Z 24880865540576 [0:0] SSAL_Error: crypto_ssal_tpm_unseal:226 tss_tpm_load failed
2021-08-22T21:51:01Z 24880865638452 [0:0] SSAL_Error: tss_log_error:232 crypto_ssal_tpm_unseal: failed, rc 000b0009
2021-08-22T21:51:01Z 24880865640870 [0:0] SSAL_Error: tss_log_error:234 TSS_RC_BAD_CONNECTION - Failure communicating with lower layer
2021-08-22T21:51:01Z 24880865643199 [0:0] SSAL_Error: crypto_ssal_fs_unseal:167 The public portion of the blob should be NULL and of size 0

  • 由于卷加密密钥不可用,交还被否决

Sun Aug 22 17:56:47 -0400 [node-01: cf_giveback: gb.sfo.veto.kmgr.keysmissing:error]: Giveback of aggregate aggr1_n02 failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node node-02.
Sun Aug 22 17:56:47 -0400 [node-01: cf_giveback: sfo.sendhome.subsystemAbort:alert]: The giveback operation of 'aggr1_n02' was aborted by 'keymanager'.

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support