Entruste Key Control 5.5无法生成NAE加密密钥
适用场景
- ONTAP 9.9.1
- Entrust. Key Control 5.5和5.5.1
- NetApp 聚合加密( NAE )
问题描述
Error: command failed: [Job 1000] Job failed: Failed to create aggregate "aggr_NAE" on "node-01". Reason: Cannot generate encryption key. Use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key manager servers are reachable.
aggregate create
命令之前、可以使用外部密钥服务器、但在发生上述故障后、这些服务器将在大约4小时内不可用。::> security key-manager external show-status
Node Vserver Key Server Status
---- ------- ------------------------------------------- ---------------
node-01
SVM1
192.0.0.1:5696 available
192.0.0.2:5696 available
192.0.0.3:5696 available
192.0.0.4:5696 available
node-02
SVM1
192.0.0.1:5696 available
192.0.0.2:5696 available
192.0.0.3:5696 available
192.0.0.4:5696 available
8 entries were displayed.
之后:
::> security key-manager external show-status
Node Vserver Key Server Status
---- ------- ------------------------------------------- ---------------
node-01
SVM1
192.0.0.1:5696 not-responding
Status Details: IO
192.0.0.2:5696 not-responding
Status Details: IO
192.0.0.3:5696 not-responding
Status Details: IO
192.0.0.4:5696 not-responding
Status Details: IO
node-02
SVM1
192.0.0.1:5696 not-responding
Status Details: IO
192.0.0.2:5696 not-responding
Status Details: IO
192.0.0.3:5696 not-responding
Status Details: IO
192.0.0.4:5696 not-responding
Status Details: IO
8 entries were displayed.
中存在以下错误 mgwd.log
:
Thu Mar 24 2022 15:00:00 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.1:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:26 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.2:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:52 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.3:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:01:18 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 000000000000000002000000000005005e24a1fb85a507e61a68dcceb5c1523c0000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.4:5696". Cryptsoft error: "IO".