Takeover attempt was vetoed by Key Manager

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 179

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: core

Last Updated:

Applies to

ONTAP 9
FAS

Issue

Takeover operation is aborted with the below error:

::> storage failover show

Takeover Node Partner Possible State Description -------------- -------------- -------- ------------------------------------- node-01 node30n true Connected to node-02. Previous takeover attempt by node-02 was aborted because operation was vetoed. node-02 node30m true Connected to node-01. Previous takeover attempt was aborted because operation was vetoed.

The output of storage failover show-takeover command shows that the operation is vetoed by key manager:

cluster::> storage failover show-takeover

Node       Node Status           Aggregate      Takeover Status

---------- --------------------- -------------- -------------------------------

node-01    Optimized takeover

           by partner aborted.

                                 node-01_aggr1

                                                Failed: Operation was vetoed

                                                by keymanager. Check the event

                                                log.

                                                CFO aggregates Not attempted yet.

node-02    Optimized takeover

           of partner aborted.

                                                   Run the command

                                                   "storage failover

                                                   show-takeover -node

                                                   node-01" to

                                                   display the

                                                   relocation status of

                                                   the partner.

                                 -              -

All the encryption keys are restored on the node:

Cluster::*> security key-manager query

Node: Node-01 Key Manager: 10.216.XX.XXX Server Status: Available

Key Tag Key Type Restored ------------------------------------ -------- -------- NSE-AK yes Key ID: 00000000000000000200000000000100983cd5df1ff4663fa85d3bfb9ecbc6990000000000000000 fas2520-rtp-2a NSE-AK yes Key ID: 00000000000000000200000000000100ca6d2fea44c952726e602e17416257700000000000000000 fas2520-rtp-2a NSE-AK yes Key ID: 00000000000000000200000000000100d7b8fef5668a7e7383876f323eab6bf00000000000000000

Node: Node-02 Key Manager: 10.216.XX.XXX Server Status: Available

Key Tag Key Type Restored ------------------------------------ -------- -------- fas2520-rtp-2a NSE-AK yes Key ID: 00000000000000000200000000000100983cd5df1ff4663fa85d3bfb9ecbc6990000000000000000 fas2520-rtp-2a NSE-AK yes Key ID: 00000000000000000200000000000100ca6d2fea44c952726e602e17416257700000000000000000 fas2520-rtp-2a NSE-AK yes Key ID: 00000000000000000200000000000100d7b8fef5668a7e7383876f323eab6bf00000000000000000 6 entries were displayed.