跳转到主内容

对更换配置了 TPM 芯片和 OKM 的主板进行故障排除

Views:
81
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

问题描述

如果ONTAP 9.8及更高版本上将TPM主板更换为启用了TPM芯片OKM平台、而在OKM基础架构中未更新TPM芯片生成的密封、则会出现以下问题描述。  错误ID1416279 是一个请求、用于自动执行此过程。

1. 更换配有 TPM 芯片,安装了 TPM 许可证并使用加密数据(非根)卷的 FAS 或 AFF 主板时,如果覆盖交还否决, NVE 卷将脱机。您将看到 g.sfa.vent.kmgr.keysmising 事件:

::> event log show  -message-name gb.sfo.veto.kmgr.keysmissing
<date><time> <node-name> ERROR gb.sfo.veto.kmgr.keysmissing: Giveback of aggregate <aggr-name> failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node <node-name>.

2.更换配有TPM芯片、安装了TPM许可证并使用加密根卷 的FAS 或AFF 主板时、系统在配置TPM且根卷已加密的情况下无法启动(错误ID 1480977)。  启动后,您将看到错误:

Jun 08 12:05:30 [node1:crypto.okmrecovery.failed:ALERT]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: error: ssal unseal failed.

 

 


 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.
Scan to view the article on your device