无法在内核中生成集群密钥加密密钥

最后更新
另存为PDF

Views:: 20

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

适用于

ONTAP 9
板载密钥管理器 (OKM)

问题

更改 OKM 密码失败，出现错误：

Error: command failed: Internal error. Failed to generate cluster key encryption key in kernel. Key manager returned: 18. Crypto return code: 30.

EMS 中的板载密钥层次结构创建失败：

[Node-01: svc_queue_thread: crypto.debug:info]: Onboard key hierarchy creation failed: NKEK key creation failed: 30.

在重新启动节点期间，会看到 crypto.okmrecovery.failed 警报：

TPM is not initialized and is getting reset SSAL: tss_tpm_reset:1037 SSAL: tss_tpm_clear:908 Entry SSAL: tss_tpm_clear:917 Exit SSAL: tss_tpm_createprimary:816 SSAL: tss_tpm_evictcontrol:760 SSAL: tss_tpm_flush:319 SSAL: tss_tpm_nvdefinespace:611 nvIndex 16777216 SSAL: tss_tpm_nvwrite:708 nvIndex 16777216 Failed to retrieve keys WARNING: /etc/rc: /usr/sbin/okm_init failed (77); authentication keys might not be available

[Node-01:crypto.okmrecovery.failed:ALERT]: Import of the Onboard Key Manager (OKM) hierarchy has failed: no onboard keys found. Additional information: Onboard keys not found.

尝试同步 OKM 时失败，出现错误：

::> security key-manager onboard sync Error: command failed: The Onboard Key Manager has failed to sync on the local node "Node-01", error: "Internal error". Failed to setup the Onboard Key Manager on node "Node-01"