Key restore with EKM fails with No Cryptographic Object found

Last updated

May 20, 2025
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 280

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:: 5/20/2025, 7:03:20 AM

Applies to

ONTAP 9
Clustered External Key Managers (EKM)
NetApp Volume Encryption (NVE)
NetApp Aggregate Encryption (NAE)

Issue

Giveback vetoed due to key manager after primary key server fails.
Takeover fails with "Failed: Operations was vetoed by keymanager. Check the event log." and key restore fails with the below error.
External keys cannot be restored giving the error:

::*> security key-manager external restore -node <node>



Warning: Unable to list entries on node <node>. KMIP "Get" command failed

         on external key server "x.x.x.x:5696". Cryptsoft error:

         "Response status: OPERATION_FAILED. Reason: ITEM_NOT_FOUND. Message:

         No Cryptographic Object found with given Unique Identifier".

Error: show failed: KMIP "Get" command failed on external key server

       "x.x.x.x:5696". Cryptsoft error: "Response status:

       OPERATION_FAILED. Reason: ITEM_NOT_FOUND. Message: No Cryptographic

       Object found with given Unique Identifier".