CONTAP-523342: Upgrade from 9.11 to 9.15 can get interrupted
Issue
- The /cfcard/kmip/certs/client.key file is needed to allow ONTAP to communicate with external key servers.
- When upgrading from 9.11 to 9.15 with an external key manager configured on the admin Vserver, the /cfcard/kmip/certs/client.key file can get corrupted.
- Because the /cfcard/kmip/certs/client.key file is corrupted and can't be read, ONTAP can't communicate with external key servers and upgrade is interrupted.
- There are several ways to determine if this defect is the cause of the upgrade interruption:
- Run the 'security key-manager external show-status' command:
- The 'status' is 'unknown' and the 'Status Details' are 'BAD_KEY_FILE'.
- The string "BAD_KEY_FILE" appears in the /mroot/etc/log/mlog/kmip2_client.log file.