提供的密码短语和备份数据无法在维护期间成功导入密钥

适用场景

ONTAP 9

板载密钥管理器

问题描述

在需要使用特殊启动菜单中的选项10进行维护期间、用户将执行恢复所需的步骤、并显示一条成功的消息、指示提供的数据正确无误。之后、节点开始完全启动到ONTAP 、但在启动期间会出现加密密钥导入错误。下面显示了此过程和错误的示例：

(1)  Normal Boot.
(2)  Boot without /etc/rc.
(3)  Change password.
(4)  Clean configuration and initialize all disks.
(5)  Maintenance mode boot.
(6)  Update flash from backup config.
(7)  Install new software first.
(8)  Reboot node.
(9)  Configure Advanced Drive Partitioning.
(10) Set Onboard Key Manager recovery secrets.
(11) Configure node for external key management.
Selection (1-11)? 10

This option must be used only in disaster recovery procedures. Are you sure? (y or n): y

Enter the passphrase for onboard key management:
Enter the passphrase again to confirm:

Enter the backup data:
--------------------------BEGIN BACKUP--------------------------

[...]
---------------------------END BACKUP---------------------------

Trying to recover keymanager secrets....
Setting recovery material for the onboard key manager

Successfully recovered keymanager secrets.

***********************************************************************************
* Select option "(1) Normal Boot." to complete recovery process.
*
* Run the "security key-manager onboard sync" command to synchronize the key database after the node reboots.
***********************************************************************************

[...]

Aug 07 08:22:57 [cluster1-01:crypto.okmrecovery.failed:ALERT]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: key unwrapping failed