HyTrust KMIP server fails key import during boot if key count is greater than 1000

Last updated

Aug 15, 2024
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 62

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:: 8/15/2024, 12:10:08 PM

Applies to

ONTAP
KMIP
HyTrust KeyControl

Issue

On clusters who have greater than 1000 volumes, the key import on boot will fail with the following error:

==============================================================================================

May 14 07:21:25]: 0x808c09000: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:95: Error: distro/kmip_io.c: 403: error: 10: msg: KMIP_xmit:KMIP_recv

[May 14 07:21:25]: 0x808c09000: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:95: Error: src/kmip_cmd.c: 2674: error: 10: msg: KMIP_CMD_xmit:KMIP_xmit

[May 14 07:21:25]: 0x808c09000: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:95: Error: distro/kmip_umsg.c: 536: error: 10: msg: cmd_locate

[May 14 07:21:25]: 0x808c09000: 0: ERR: kmip2::kmipCmds::KmipConnection: [cryptsoftErrorCb]:95: Error: src/kmipCmds/KmipLocateCmd.cc: 108: error: 10: msg: KMIP_CMD_locate

[May 14 07:21:25]: 0x808c09000: 0: DEBUG: kmip2::kmipCmds::KmipLocateCmd: [doCmdImp]:125: KMIP Locate failed!

[May 14 07:21:25]: 0x808c09000: 0: ERR: kmip2::import_keys: [getAesXtsKeys]:276: Caught KmipException: KmipLocateException: IO (10) while importing keys from the external key server 10.216.33.200:5696

==============================================================================================