Skip to main content
NetApp Knowledge Base

ONTAP 9 giveback operation was vetoed by keymanager

  1. Last updated
    Sep 24, 2024
  2. Save as PDF
Views:
1,858
Visibility:
Public
Votes:
1
Category:
ontap-9
Specialty:
core
Last Updated:
9/24/2024, 1:01:07 PM

Applies to

  • ONTAP 9
  • Onboard Key Manager (OKM)
  • NetApp Volume Encryption (NVE)
  • NetApp Storage Encryption (NSE)
  • Giveback operation
  • NDU pause operation

Issue

  •   Storage failover show-giveback command indicates the giveback is vetoed due to keymanager

::*> storage failover show-giveback
               Partner
Node           Aggregate         Giveback Status
-------------- ----------------- ---------------------------------------------
<node1>
               CFO Aggregates    Done
               aggr1
                                 Failed: Operation was vetoed by keymanager.
                                 Check the event log

  • Event log show may have gb.sfo.veto.kmgr.keymissing errors

::*> event log show -node * -event gb*
Time                Node             Severity      Event
------------------- ---------------- ------------- ---------------------------
<Time>           <node>           ERROR         gb.sfo.veto.kmgr.keysmissing: Giveback of aggregate aggr1 failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node

ALERT  crypto.import.failed: ERROR: Import of key with key ID <key> failed. Additional information: wrapping key not found.
ALERT  sfo.sendhome.subsystemAbort: The giveback operation of '<aggr>' was aborted by 'keymanager'

  • Security key-manager key show -detail may have NSE-AK keys that are not restored

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.