Skip to main content
NetApp Knowledge Base

No OKM in use: ANDU validation fails, Error: One or more encryption keys are unavailable

Last Updated:

Applies to

  • ONTAP 9
  • Automated non disruptive Upgrade (ANDU)
  • Encryption
  • Key Manager


  • OnBoard Keymanager (OKM) is NOT configured.
  • There are neither encrypted disks nor encrypted volumes.
  • When attempting to upgrade ONTAP, cluster image validation fails with: Error: One or more encryption keys are unavailable.:

cluster::> cluster image update -version <version>
Starting validation for this update...
It can take several minutes to complete validation...
Pre-update Check      Status     Error-Action
--------------------- ---------- --------------------------------------------
Encryption Keys       Error      Error: One or more encryption keys are
status                           unavailable.
                                 Action: Restore missing encryption keys
                                 before starting ANDU. To check missing keys,
                                 run "security key-manager key query
                                 -restored false". To restore onboard key
                                 manager keys, run "security key-manager
                                 onboard sync" command. To restore external
                                 key manager keys, run "security key-manager
                                 external restore" command. To restore Azure
                                 Key Vault keys, run the "security
                                 key-manager external azure restore"
                                 command. To restore Google Cloud Key
                                 Management Service keys, run the "security
                                 key-manager external gcp restore" command.

  • There are no unrestored keys:

::> security key-manager  key show -restored no
There are no entries matching your query.

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.