External Key Management servers that are clones will not report when querying keys

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 242

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:

Applies to

ONTAP 9.7P4
External Key manager

Issue

When performing a "key-manager query" the clone KMIP servers will not report.

In the below example, KMIP Server x.x.x.2 is configured as the master and the remaining two KMIP servers are configured as clones. When a query is performed, only x.x.x.2 reports whereas all should be reporting:

Cluster::*> key-manager show -status
  (security key-manager show)

Node                    Port    Registered Key Manager       Status
----------------------  ------  ---------------------------  ---------------
Cluster-01           6001    x.x.x.1                 available
Cluster-01           6001    x.x.x.2                 available    <----- Master
Cluster-01           6001    x.x.x.3                 available

Cluster::*> key-manager query 
  (security key-manager query)

          Node: Cluster-n01
   Key Manager: x.x.x.2
Server Status: available

Key Tag                               Key Type  Restored
------------------------------------  --------  --------
Cluster                             NSE-AK    yes
    Key ID: 00000000000000000200000000000XXXXXXXXXXXXXXXXXXXXXXX0000000000000000

If any listed keys have "no" in the "Restored" column, run "security key-manager restore" to restore those keys.