Entruste Key Control 5.5无法生成NAE加密密钥

最后更新
另存为PDF

Views:: 1

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: encryption<a>2009年118744</a>

Last Updated:

适用场景

ONTAP 9.9.1
Entrust. Key Control 5.5和5.5.1
NetApp 聚合加密（ NAE ）

问题描述

如果加密密钥应存储在外部密钥服务器上、则在创建聚合期间会显示以下错误消息：

Error: command failed: [Job 1000] Job failed: Failed to create aggregate "aggr_NAE" on "node-01". Reason: Cannot generate encryption key. Use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key manager servers are reachable.

在运行aggregate create 命令之前、可以使用外部密钥服务器、但在发生上述故障后、这些服务器将在大约4小时内不可用。

之前：

::> security key-manager external show-status

Node Vserver Key Server Status ---- ------- ------------------------------------------- --------------- node-01 SVM1 192.0.0.1:5696 available 192.0.0.2:5696 available 192.0.0.3:5696 available 192.0.0.4:5696 available node-02 SVM1 192.0.0.1:5696 available 192.0.0.2:5696 available 192.0.0.3:5696 available 192.0.0.4:5696 available 8 entries were displayed.

之后：

::> security key-manager external show-status

Node Vserver Key Server Status ---- ------- ------------------------------------------- --------------- node-01 SVM1 192.0.0.1:5696 not-responding Status Details: IO 192.0.0.2:5696 not-responding Status Details: IO 192.0.0.3:5696 not-responding Status Details: IO 192.0.0.4:5696 not-responding Status Details: IO node-02 SVM1 192.0.0.1:5696 not-responding Status Details: IO 192.0.0.2:5696 not-responding Status Details: IO 192.0.0.3:5696 not-responding Status Details: IO 192.0.0.4:5696 not-responding Status Details: IO 8 entries were displayed.

中存在以下错误 mgwd.log：

Thu Mar 24 2022 15:00:00 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.1:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:00:26 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.2:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:00:52 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.3:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:01:18 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 000000000000000002000000000005005e24a1fb85a507e61a68dcceb5c1523c0000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.4:5696". Cryptsoft error: "IO".