扩展ONTAP集群后、OKM密钥未还原

最后更新
另存为PDF

Views:: 12

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core<a>NVE</a><a>OKM</a><a>NetApp 卷加密</a><a>板载密钥管理器</a><a>集群扩展</a><a>节点加入</a><a>存储安全</a>

Last Updated:

适用场景

ONTAP 9
板载密钥管理器(OKM)
NetApp存储加密(NSE)
NetApp 卷加密 (NetApp Volume Encryption, NVE)

问题描述

将新节点添加到集群后、您可能会遇到以下情况：

security key-manager key show 命令报告以下错误：

Error: One or more nodes have onboard key management keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.

disk encrypt modify命令失败并EMS报告：

[node01: disk_admin: disk.encryptCmdFailed:error]: Encrypting disk <disk> failed disk encrypt modify command with error status Authentication key not found. (0xe).

聚合创建失败、并出现以下错误：

Failed to create aggregate "aggr_name" on "Node-01". Reason: Cannot generate encryption key. If using an external key manager, use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key servers are reachable. If using the Onboard Key Manager, use the 'security key-manager key query -key-type SVM-KEK' command to verify that the same SVM-KEKs are present on both the local and remote clusters.