crypto.export.failed error detected post-motherboard replacement
Applies to
- ONTAP 9.10.1P15
- Replace Motherboard
- Onboard Key Manager (OKM)
Issue
crypto.export.failederror detected post-motherboard replacement.
[node01: svc_queue_thread: crypto.export.failed:alert]: ERROR: Export of key with key ID 00000000000000000000000000000000000000000000000000000000000000000000000000000000 failed. Additional information: error creating a base hierarchy blob.
security key-manager key show -detailshowNSE-AKandSVM-KEKat partner node as no restored.
::> security key-manager key show -detail
Node: node1
Key Store: onboard
Key ID Key Tag Used By Stored In Restored
------ --------------- ---------- ------------------------------------ --------
00000000000000000
node1 NSE-AK local-cluster yes
00000000000000000
c5 VEK local-cluster yes
00000000000000000
f1 VEK local-cluster yes
00000000000000000
SVM2 SVM-KEK local-cluster yes
00000000000000000
SVM1 SVM-KEK local-cluster yes
Node: node2
Key Store: onboard
Key ID Key Tag Used By Stored In Restored
------ --------------- ---------- ------------------------------------ --------
00000000000000000
node2 NSE-AK local-cluster no
00000000000000000
svm2 SVM-KEK local-cluster no
00000000000000000
avm1 SVM-KEK local-cluster no
Error: One or more nodes have the Onboard Key Manager keys that need to be restored. Run the "security
key-manager onboard sync" command to restore the onboard key hierarchy on those nodes.