OKM in use: ANDU Validation Error: One or more encryption keys status are unavailable

Last updated

Feb 13, 2025
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,122

Visibility:: Public

Votes:: 1

Category:: ontap-9

Specialty:: core

Last Updated:: 2/13/2025, 7:19:30 AM

Applies to

ONTAP 9
Automated non disruptive update (ANDU)
Onboard Key Manager (OKM)

Issue

OKM is configured - this can be confirmed if command security key-manager onboard show-backup does output a backup.
Automatic Non-disruptive Upgrade (ANDU) validation fails with the error:

cluster::> cluster image update -version <version>

Starting validation for this update...

It can take several minutes to complete validation...

...

Pre-update Check      Status     Error-Action

--------------------- ---------- --------------------------------------------

Encryption Keys       Error      Error: One or more encryption keys are

status                           unavailable.

                                 Action: Restore missing encryption keys

                                 before starting ANDU. To check missing keys,

                                 run "security key-manager key query

                                 -restored false". To restore onboard key

                                 manager keys, run "security key-manager

                                 onboard sync" command. To restore external

                                 key manager keys, run "security key-manager

                                 external restore" command. To restore Azure

                                 Key Vault keys, run the "security

                                 key-manager external azure restore"

                                 command. To restore Google Cloud Key

                                 Management Service keys, run the "security

                                 key-manager external gcp restore" command.

ANDU validation keeps on failing after running: security key-manager onboard sync