跳转到主内容

由于板载密钥导入失败,在 ONTAP andu 期间自动交还失败

Views:
3
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core<a>2008886895</a>
Last Updated:

适用场景

  • ONTAP 9.8 及更高版本:
  • ONTAP 自动无中断升级
  • 使用可信平台模块(TPM)更换主板
  • 板载密钥管理器

问题描述

  • ANDU 从 9.6 升级到 9.8
  • node-02 的 EMS 日志显示密钥导入失败

Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.ssal.failed:alert]: SSAL operation failed: SSAL Unseal operation failed.
Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.debug:info]: Onboard key hierarchy import failed: failed to create NKEK: 31.
Sun Aug 22 17:51:01 -0400 [node-02: wafl_exempt00: crypto.okmrecovery.failed:alert]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: error: ssal unseal failed.

  • SKTRACE.GZ 中出现 TSS 错误

2021-08-22T21:51:01Z 24880865537178 [0:0] SSAL_Error: tss_tpm_load:438 tss_execute failed
2021-08-22T21:51:01Z 24880865540576 [0:0] SSAL_Error: crypto_ssal_tpm_unseal:226 tss_tpm_load failed
2021-08-22T21:51:01Z 24880865638452 [0:0] SSAL_Error: tss_log_error:232 crypto_ssal_tpm_unseal: failed, rc 000b0009
2021-08-22T21:51:01Z 24880865640870 [0:0] SSAL_Error: tss_log_error:234 TSS_RC_BAD_CONNECTION - Failure communicating with lower layer
2021-08-22T21:51:01Z 24880865643199 [0:0] SSAL_Error: crypto_ssal_fs_unseal:167 The public portion of the blob should be NULL and of size 0

  • 由于卷加密密钥不可用,交还被否决

Sun Aug 22 17:56:47 -0400 [node-01: cf_giveback: gb.sfo.veto.kmgr.keysmissing:error]: Giveback of aggregate aggr1_n02 failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node node-02.
Sun Aug 22 17:56:47 -0400 [node-01: cf_giveback: sfo.sendhome.subsystemAbort:alert]: The giveback operation of 'aggr1_n02' was aborted by 'keymanager'.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.