Skip to main content
NetApp Knowledge Base

Supplied passphrase and backup data are not able to successfully import keys during maintenance

  1. Last updated
  2. Save as PDF
Views:
446
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
CORE
Last Updated:

Applies to

ONTAP 9

Onboard Key Manager

Issue

During a maintenance that requires use of option 10 at the special boot menu, the user performs the steps required for recovery, and is shown a successful message indicating that the data supplied was correct. Afterwards the node begins to boot fully into ONTAP, however an encryption key import error is seen during bootup. An example of this process and error is show below:

(1)  Normal Boot.
(2)  Boot without /etc/rc.
(3)  Change password.
(4)  Clean configuration and initialize all disks.
(5)  Maintenance mode boot.
(6)  Update flash from backup config.
(7)  Install new software first.
(8)  Reboot node.
(9)  Configure Advanced Drive Partitioning.
(10) Set Onboard Key Manager recovery secrets.
(11) Configure node for external key management.
Selection (1-11)? 10

This option must be used only in disaster recovery procedures. Are you sure? (y or n): y

Enter the passphrase for onboard key management:
Enter the passphrase again to confirm:

Enter the backup data:
--------------------------BEGIN BACKUP--------------------------

[...]
---------------------------END BACKUP---------------------------

Trying to recover keymanager secrets....
Setting recovery material for the onboard key manager

Successfully recovered keymanager secrets.

***********************************************************************************
* Select option "(1) Normal Boot." to complete recovery process.
*
* Run the "security key-manager onboard sync" command to synchronize the key database after the node reboots.
***********************************************************************************

[...]

Aug 07 08:22:57 [cluster1-01:crypto.okmrecovery.failed:ALERT]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: key unwrapping failed

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.