Search

Unable to create Volume with encryption
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Unable_to_create_Volume_with_encryption
Applies to ONTAP 9 NetApp Volume Encryption (NVE) NODAR Issue Error while creating new encryption volume: Error creating volume "Test01" on aggregate "AGGR1" in Vserver "DATA_SVM". Reason: This volume...Applies to ONTAP 9 NetApp Volume Encryption (NVE) NODAR Issue Error while creating new encryption volume: Error creating volume "Test01" on aggregate "AGGR1" in Vserver "DATA_SVM". Reason: This volume is hosted on nodes which does not support volume encryption.
OKM keys not restored after ONTAP cluster expansion
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/OKM_keys_not_restored_after_ONTAP_cluster_expansion
Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes. If using an external key manager, use the 'security key-manager external show-status' command t...Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes. If using an external key manager, use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key servers are reachable. If using the Onboard Key Manager, use the 'security key-manager key query -key-type SVM-KEK' command to verify that the same SVM-KEKs are present on both the local and remote clusters.
Error: command failed: This platform does not support data at rest encryption
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Error__command_failed__This_platform_does_not_support_data_at_rest_encryption
Applies to ONTAP 9.1 and later Onboard Key Manager (OKM) NetApp Volume Encryption (NVE) Issue When configuring Onboard Key Management (OKM) the following error is observed: ::> security key-manager on...Applies to ONTAP 9.1 and later Onboard Key Manager (OKM) NetApp Volume Encryption (NVE) Issue When configuring Onboard Key Management (OKM) the following error is observed: ::> security key-manager onboard enable Enter the cluster-wide passphrase for onboard key management: Re-enter the cluster-wide passphrase: Error: command failed: This platform does not support data at rest
Volume Encryption Conversion or creation fails "Reason: Node failed to allocate encryption resources."
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Volume_Encryption_Conversion_or_creation_fails_Reason__Node_failed_to_allocate_encryption_resources
Applies to NetApp Volume Encryption (NVE) ONTAP 9.3 and later Issue On busy systems, the command volume encryption conversion might return the following error: Error: command failed: Failed to start c...Applies to NetApp Volume Encryption (NVE) ONTAP 9.3 and later Issue On busy systems, the command volume encryption conversion might return the following error: Error: command failed: Failed to start conversion on volume "vol1" in Vserver "svm1". Reason: Node "node-01" failed to allocate encryption resources. Please retry later or reboot the node
NetApp Volume Encryption: Error when attempting to encrypt a volume - Internal error. Failed to generate volume key in kernel. Key manager returned ERROR_KEY_GEN_CRYPTO_FAILED. Crypto return code: 13
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Failed_to_generate_volume_key_in_kernel_Key_manager_returned_ERROR_KEY_GEN_CRYPTO_FAILED
Applies to ONTAP 9.2 Security ONTAP 9.3 ONTAP 9.4 ONTAP 9.1 NetApp Volume Encryption Issue Nodes have been recently added to the cluster. Attempting to encrypt a volume using NVE gives the following e...Applies to ONTAP 9.2 Security ONTAP 9.3 ONTAP 9.4 ONTAP 9.1 NetApp Volume Encryption Issue Nodes have been recently added to the cluster. Attempting to encrypt a volume using NVE gives the following error: Data ONTAP API Failed: Internal error. Failed to generate volume key in kernel. Key manager returned ERROR_KEY_GEN_CRYPTO_FAILED. Crypto return code: 13.
ANDU Rekey Progress Check error with NVE conversion
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/ANDU_Rekey_Progress_Check_error_with_NVE_conversion
Volume Encryption conversion or rekey is in progress and may be in a paused state ANDU validation does not complete, citing a rekey progress check error even if the -ignore-validation-warning true fla...Volume Encryption conversion or rekey is in progress and may be in a paused state ANDU validation does not complete, citing a rekey progress check error even if the -ignore-validation-warning true flag is used Volume Encryption Error Error: There are active volume encryption Rekey Progress Check rekeys or conversions in the cluster. Action: Use the "volume encryption rekey show" and "volume encryption conversion undergoing volume encryption rekey and
How to disable NAE aggregate-level encryption with an SVM root volume and MDV_CRS volume
https://kb.netapp.com/on-prem/ontap/OHW/OHW-KBs/How_to_disable_NAE_aggregate-level_encryption_with_an_SVM_root_volume_and_MDV_CRS_volume
Applies to ONTAP 9.6+ NetApp Aggregate Encryption (NAE) NetApp Volume Encryption(NVE) MetroCluster SVM root volume MDV_CRS volume (For MetroCluster) Description Customer wants to change the current NA...Applies to ONTAP 9.6+ NetApp Aggregate Encryption (NAE) NetApp Volume Encryption(NVE) MetroCluster SVM root volume MDV_CRS volume (For MetroCluster) Description Customer wants to change the current NAE aggregate with an SVM root volume and MDV_CRS volume to Non-NAE/NVE environment Customer wants to create NVE or Non-NVE volume freely on this Non-NAE aggregate
One or more nodes have onboard key management VEK keys that need to be restored
https://kb.netapp.com/on-prem/ontap/Ontap_OS/OS-KBs/One_or_more_nodes_have_onboard_key_management_VEK_keys_that_need_to_be_restored
See Solution when Command security key-manager key query shows that some of the VEK keys not restored. One or more nodes have onboard key management VEK keys that need to be restored.
How to recover from a lost passphrase while using onboard encryption and NVE within ONTAP
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/How_to_recover_from_a_lost_passphrase_while_using_onboard_encryption_and_NVE_within_ONTAP
The cluster passphrase used to configure OKM is unknown and there are encrypted volumes or disks. KB provide the procedure to recover a lost passphrase while using onboard encryption and NVE within ON...The cluster passphrase used to configure OKM is unknown and there are encrypted volumes or disks. KB provide the procedure to recover a lost passphrase while using onboard encryption and NVE within ONTAP.
What happens to information stored in OKM in case of disaster
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/What_happens_to_information_stored_in_OKM_in_case_of_disaster
When a node in the cluster goes down and looses one or more key ID, the cluster-wide passphrase will be used to restore them by syncing with RDB. In case of a disaster and loss of keys through the ent...When a node in the cluster goes down and looses one or more key ID, the cluster-wide passphrase will be used to restore them by syncing with RDB. In case of a disaster and loss of keys through the entirety of the cluster, onboard key-management information will be restored using the backup data gained when you run security key-manager backup show command.
Does optimized volume move work when converting a FabricPool NVE volume to NAE
https://kb.netapp.com/on-prem/ontap/DM/Encryption/Encryption-KBs/Does_optimized_volume_move_work_when_converting_a_FabricPool_NVE_volume_to_NAE
In a FabricPool configuration when the NVE volume is moved to an NAE aggregate, the same NVE key is used as the NAE unique key, so the tiered cloud data is not changed. If the volume move is performed...In a FabricPool configuration when the NVE volume is moved to an NAE aggregate, the same NVE key is used as the NAE unique key, so the tiered cloud data is not changed. If the volume move is performed with-in the same aggregate to convert NVE to NAE, then all the data on the cloud tier will be moved back to the performance tier.