Skip to main content
NetApp Knowledge Base

Entrust Key Control 5.5 fails to generate NAE encryption keys

Views:
27
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.9.1
  • Entrust Key Control 5.5 and 5.5.1
  • NetApp Aggregate Encryption (NAE)

Issue

The folllowing error message occur during aggregate creation when the encryption key should be stored on an external key server:
 
Error: command failed: [Job 1000] Job failed: Failed to create aggregate "aggr_NAE" on "node-01". Reason: Cannot generate encryption key. Use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key manager servers are reachable.
 
The external key servers are available before running aggregate create command but after failure mentioned above they become unavailable for about 4 hours.
 
Before:

::> security key-manager external show-status

Node  Vserver  Key Server                                   Status
----  -------  -------------------------------------------  ---------------
node-01
      SVM1
               192.0.0.1:5696                               available
               192.0.0.2:5696                               available
               192.0.0.3:5696                               available
               192.0.0.4:5696                               available
node-02
      SVM1
    
               192.0.0.1:5696                               available
               192.0.0.2:5696                               available
               192.0.0.3:5696                               available
               192.0.0.4:5696                               available
8 entries were displayed.

 

After:

::> security key-manager external show-status

Node  Vserver  Key Server                                   Status
----  -------  -------------------------------------------  ---------------
node-01
      SVM1
               192.0.0.1:5696                               not-responding
                                                            Status Details: IO
               192.0.0.2:5696                               not-responding
                                                            Status Details: IO
               192.0.0.3:5696                               not-responding
                                                            Status Details: IO
               192.0.0.4:5696                               not-responding
                                                            Status Details: IO
node-02
      SVM1
               192.0.0.1:5696                               not-responding
                                                            Status Details: IO
               192.0.0.2:5696                               not-responding
                                                            Status Details: IO
               192.0.0.3:5696                               not-responding
                                                            Status Details: IO
               192.0.0.4:5696                               not-responding
                                                            Status Details: IO
8 entries were displayed.

 

The following errors are present in mgwd.log:

Thu Mar 24 2022 15:00:00 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.1:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:26 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.2:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:52 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.3:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:01:18 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 000000000000000002000000000005005e24a1fb85a507e61a68dcceb5c1523c0000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.4:5696". Cryptsoft error: "IO".

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support