Skip to main content
We are redesigning the NetApp Knowledge Base site to make it easier to use and navigate. The new and improved site will be available the first week of October. Check out our video or read this KB article to know more about changes you’ll see on the site.
NetApp Knowledge Base

NSE: How to unconfigure the external key management before upgrading to Data ONTAP 9.3 or later

Last Updated:

Applies to

  • NetApp Storage Encryption (NSE)
  • Key Management Interoperability Protocol (KMIP)
  • ONTAP 9.2 and earlier Upgrading to ONTAP 9.3 or later


This article describes the procedure to upgrade a NSE system using an external key management (KMIP) server to ONTAP 9.3 or later.

  • A new KMIP client has been released in the ONTAP 9.3 code (KMIP2).
  • Keys that were created/stored using a KMIP1 client in pre-ONTAP 9.3 releases cannot be retrieved using the new KMIP2 client.
  • For more information, see the ONTAP 9.3 Release Notes.

Page 25:
Important: If you are upgrading to ONTAP 9.3 from a previous version, you must delete any existing KMIP server connections using the security key-manager delete-kmip-config command before upgrading, then reconfigure the KMIP server connections using the security key-manager setup command after the upgrade is completed.”

  • The following error message may be seen when upgrading a NSE system with external KMIP to ONTAP 9.3:

Error: External key management is configured on the cluster.
       Please unconfigure the external key management before
       upgrading to Data ONTAP 9.3.
       To unconfigure, run the command:
       "security key-manager delete-kmip-config"
ERROR: external keymanager check failed.
Install Failed.



Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support


******************************************************* *******************************************************