Skip to main content
NetApp Knowledge Base

One or more nodes have onboard key management VEK keys that need to be restored

Views:
1,008
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9
  • Onboard Key Manager (OKM)
  • NetApp Volume Encryption (NVE)
  • NetApp Aggregate Encryption (NAE)
  • Volume Encryption Key (VEK)

Issue

After converting existing volumes from using NetApp Volume Encryption to NetApp Aggregate Encryption, the following is observed:

  • Command security key-manager key query, shows that some of the VEK keys are not restored:

Key Tag        Key Type    Restored
-------------  ---------   --------
Key ID: <key>  VEK         false

  • Command security key-manager key show (deprecated  in ONTAP 9.6) shows the following error:

Error: One or more nodes have onboard key management keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.

 

CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support