No OKM in use: ANDU validation fails, Error: One or more encryption keys are unavailable

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 489

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:

Applies to

ONTAP 9
Automated non disruptive Upgrade (ANDU)
Encryption
Key Manager

Issue

OnBoard Keymanager (OKM) is NOT configured.
There are neither encrypted disks nor encrypted volumes.
When attempting to upgrade ONTAP, cluster image validation fails with: Error: One or more encryption keys are unavailable.:

cluster::> cluster image update -version <version> Starting validation for this update... It can take several minutes to complete validation... ... Pre-update Check Status Error-Action --------------------- ---------- -------------------------------------------- Encryption Keys Error Error: One or more encryption keys are status unavailable. Action: Restore missing encryption keys before starting ANDU. To check missing keys, run "security key-manager key query -restored false". To restore onboard key manager keys, run "security key-manager onboard sync" command. To restore external key manager keys, run "security key-manager external restore" command. To restore Azure Key Vault keys, run the "security key-manager external azure restore" command. To restore Google Cloud Key Management Service keys, run the "security key-manager external gcp restore" command.

There are no unrestored keys:

::> security key-manager key show -restored no There are no entries matching your query.