SED Data Key Assignment Fails with Error 0xe Using Default Manufacturer Secure ID

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 78

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

Ontap 9.x
Onboard Key Manager (OKM)

Issue

Customer lost passphrase and unable to perform security key-manager onboard sync
Following How to recover from a lost passphrase while using onboard encryption and NVE within ONTAP the disk wont change from "data" to "open"
Running storage encryption disk show command shows "0x0"

::> storage encryption disk show -fields disk,fips-key-id

disk fips-key-id ------ -------------- 1.0.0 0x0 1.0.1 0x0 1.0.2 0x0 1.0.3 0x0 1.0.4 0x0 1.0.19 0x0 1.0.20 0x0 1.0.21 0x0 1.0.22 0x0 1.0.23 0x0 10 entries were displayed.

But storage encryption disk show you still see "data" instead of "open"

::*> storage encryption disk show Disk Mode Data Key ID -------- ---- ---------------------------------------------------------------- 1.0.0 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.1 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.2 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.3 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.4 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.19 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.20 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.21 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.22 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 1.0.23 data 000000000000000002000000000001000FC0A4132E37E3777B854E578823E6D8 10 entries were displayed.

EMS logs shows below after storage encryption disk modify -data-key-id 0x0 -disk *

8/12/2025 15:20:16 AK-01 ERROR disk.encryptCmdFailed: Encrypting disk 0n.22 failed disk encrypt modify command with error status Could not authenticate with disk. (0xe).

8/12/2025 15:23:00 AK-01 ERROR nse.op.failed: Control failure on self-encrypting drive 0n.19; security provider: Locking, authority: User1, during operation "opal_change_user1_pin_sm".