无法在内核中生成集群密钥加密密钥

适用场景

• ONTAP 9
• 板载密钥管理器(OKM)

问题描述

•  更改 OKM密码短语失败、并显示以下错误：

Error: command failed: Internal error. Failed to generate cluster key encryption key in kernel. Key manager returned: 18. Crypto return code: 30.

• EMS中报告了以下事件：

[Node-01: svc_queue_thread: crypto.debug:info]: Onboard key hierarchy creation failed: NKEK key creation failed: 30.

• 在节点重新启动期间、会出现以下事件：

TPM is not initialized and is getting reset
SSAL: tss_tpm_reset:1037
SSAL: tss_tpm_clear:908 Entry
SSAL: tss_tpm_clear:917 Exit
SSAL: tss_tpm_createprimary:816
SSAL: tss_tpm_evictcontrol:760
SSAL: tss_tpm_flush:319
SSAL: tss_tpm_nvdefinespace:611 nvIndex 16777216
SSAL: tss_tpm_nvwrite:708 nvIndex 16777216
Failed to retrieve keys
WARNING: /etc/rc: /usr/sbin/okm_init failed (77); authentication keys might not be available

[Node-01:crypto.okmrecovery.failed:ALERT]: Import of the Onboard Key Manager (OKM) hierarchy has failed: no onboard keys found. Additional information: Onboard keys not found.

• 尝试同步OKM失败、并显示以下错误：

::> security key-manager onboard sync

Error: command failed: The Onboard Key Manager has failed to sync on the local node "Node-01", error: "Internal error". Failed to setup the Onboard Key Manager on node "Node-01"