OKM in use: ANDU Validation Error: One or more encryption keys status are unavailable
Applies to
- ONTAP 9
- Automated non disruptive update (ANDU)
- Onboard Key Manager (OKM)
Issue
- OKM is configured - this can be confirmed if command
security key-manager onboard show-backup
does output a backup. - Automatic Non-disruptive Upgrade (ANDU) validation fails with the error:
cluster::> cluster image update -version <version>
Starting validation for this update...
It can take several minutes to complete validation...
...
Pre-update Check Status Error-Action
--------------------- ---------- --------------------------------------------
Encryption Keys Error Error: One or more encryption keys are
status unavailable.
Action: Restore missing encryption keys
before starting ANDU. To check missing keys,
run "security key-manager key query
-restored false". To restore onboard key
manager keys, run "security key-manager
onboard sync" command. To restore external
key manager keys, run "security key-manager
external restore" command. To restore Azure
Key Vault keys, run the "security
key-manager external azure restore"
command. To restore Google Cloud Key
Management Service keys, run the "security
key-manager external gcp restore" command.
- ANDU validation keeps on failing after running:
security key-manager onboard sync