检测到 crypto.export.failed 错误

最后更新
另存为PDF

Views:: 4

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: hw

Last Updated:

适用于

ONTAP 9.10.1P15
主板更换
ONTAP 升级
板载密钥管理器 (OKM)

问题描述

crypto.export.failed 错误检测到。

[node01: svc_queue_thread: crypto.export.failed:alert]: ERROR: Export of key with key ID 00000000000000000000000000000000000000000000000000000000000000000000000000000000 failed. Additional information: error creating a base hierarchy blob.

security key-manager key show -detail 显示 NSE-AK 和 SVM-KEK 在合作伙伴节点上为未还原。

::> security key-manager key show -detail

Node: node1 Key Store: onboard Key ID Key Tag Used By Stored In Restored ------ --------------- ---------- ------------------------------------ -------- 00000000000000000 node1 NSE-AK local-cluster yes 00000000000000000 c5 VEK local-cluster yes 00000000000000000 f1 VEK local-cluster yes 00000000000000000 SVM2 SVM-KEK local-cluster yes 00000000000000000 SVM1 SVM-KEK local-cluster yes

Node: node2 Key Store: onboard Key ID Key Tag Used By Stored In Restored ------ --------------- ---------- ------------------------------------ -------- 00000000000000000 node2 NSE-AK local-cluster no 00000000000000000 svm2 SVM-KEK local-cluster no 00000000000000000 avm1 SVM-KEK local-cluster no

Error: One or more nodes have the Onboard Key Manager keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.