OKM keys not restored after ONTAP cluster expansion

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 1,037

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
Onboard Key Manager (OKM)
NetApp Storage Encryption (NSE)
NetApp Volume Encryption (NVE)

Issue

After new Nodes were added to a Cluster you may experience the following:

security key-manager key show command reports the following error:

Error: One or more nodes have onboard key management keys that need to be restored. Run the "security key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.

disk encrypt modify command fails and EMS reports:

[node01: disk_admin: disk.encryptCmdFailed:error]: Encrypting disk <disk> failed disk encrypt modify command with error status Authentication key not found. (0xe).

Aggregate creation failing with the below errors:

Failed to create aggregate "aggr_name" on "Node-01". Reason: Cannot generate encryption key. If using an external key manager, use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key servers are reachable. If using the Onboard Key Manager, use the 'security key-manager key query -key-type SVM-KEK' command to verify that the same SVM-KEKs are present on both the local and remote clusters.