板载密钥管理器同步在主板更换后失败

最后更新
另存为PDF

Views:: 18

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

适用于

下面列出的 ONTAP 版本没有修复错误 ID 1573150
- 9.8P19 和 9.8P20
- 9.9.1P16 和 9.9.1P17
- 9.10.1P13 和 9.10.1P14
- 9.11.1P8 至 9.11.1P11
- 9.12.1P2 至 9.12.1P6
- 9.13.1 和 9.13.1P1
TPM 5.63
板载密钥管理器 (OKM)

问题描述

主板 (PCM) 已更换
已按照还原板载密钥管理加密密钥或如何从 ONTAP 启动菜单还原板载密钥管理器服务器配置中的步骤成功完成操作；但是，会产生以下警告：

WARNING! TPM is not initialized but OKM's key hierarchy is already protected with TPM

其他可能的错误包括：

Feb 28 14:45:52 [cluster1:crypto.ssal.failed:ALERT]: SSAL operation failed: SSAL Unseal operation failed

Feb 28 14:45:52 [cluster1:crypto.okmrecovery.failed:ALERT]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: error: ssal unseal failed

::> event log show -message-name gb.sfo.veto.kmgr.keysmissing
<date><time> <node-name> ERROR gb.sfo.veto.kmgr.keysmissing: Giveback of aggregate <aggr-name> failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node <node-name>.

回馈后，OKM 同步失败，原因如下：

::> security key-manager onboard sync

Error: command failed: The Onboard Key Manager has failed to sync on the local node "cluster1-02", error: "Internal error". Failed to setup the Onboard Key Manager on node "cluster1-02"