Encrypted volume move fails with error "Internal error. Cannot generate encryption key"

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 666

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9.6+

Issue

With Onboard Key Management (OKM) enabled, performing a volume move on an encrypted volume fails with error:

Detailed Status: Creating volume: Internal error. Cannot generate encryption key. Verify the network configuration and the key manager servers are reachable.

This is displayed via a "volume move show" command

cluster:> vol move show -vserver SVM1 -volume vol1

                           Vserver Name: SVM1
                            Volume Name: vol1
                 Actual Completion Time: Mon Sep 14 15:30:21 2020
                        Bytes Remaining: -
                  Destination Aggregate: aggr1_node1
 Detailed Status: Creating volume: Internal error. Cannot generate encryption key. Verify the network configuration and the key manager servers are reachable.
           Estimated Time of Completion: -
                          Managing Node: Node3
                 Percentage Complete: -
                             Move Phase: failed
           Estimated Remaining Duration: -
                Replication Throughput: -
                       Duration of Move: 00:15:01
                       Source Aggregate: aggr1_node3
c
                     Start Time of Move: Mon Sep 14 15:15:20 2020
                             Move State: failed
             Is Source Volume Encrypted: true
     Encryption Key ID of Source Volume: 00000000000000000200000000000500xxxxxxxxxxxxxxxxxxxxxxxxxxx0000000000000000
        Is Destination Volume Encrypted: true
Encryption Key ID of Destination Volume: 00000000000000000200000000000500xxxxxxxxxxxxxxxxxxxxxxxxxxx0000000000000000