Giveback during ANDU is vetoed due to External Key Manager
Applies to
- ONTAP 9.8
- NetApp Volume Encryption (NVE)
- ONTAP Automatic Non-Disruptive Upgrade
- External Key Server
Issue
- ONTAP Automatic Non-Disruptive upgrade in progress
- Giveback of data aggregates to a node fails due to missing keys on partner node
cf_giveback: gb.sfo.veto.kmgr.keysmissing:error]: Giveback of aggregate <aggregate> failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node <partner_node>.
- Running
security key-manager external restore -node <target_node> -key-server <key_server_IP>
fails with error:
Warning: Unable to list entries on node <node>. KMIP "get" command failed on external key server "<key_server_IP>". Cryptsoft error: "Response status: OPERATION _FAILED. Reason: PERMISSION_DENIED.