ONTAP Upgrade Causes TPM Disablement and Passphrase Failure

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 93

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: CORE

Last Updated:

Applies to

AFF/FAS/ASA
ONTAP 9
Onboard Key Manager (OKM) with Self-Encrypting Drives/NetApp Storage Encryption (SED/NSE)
Trusted Platform Module (TPM)

Issue

After upgrading ONTAP from 9.16.1P1 DAR to 9.16.1P8 NODAR image, the following emergency alerts generate:

[cluster-01:statd:callhome.nse.ak.check.failed:EMERGENCY]: Callhome for AuthenticationKeyCheckFailed, disk "0n.1".
[cluster-02:statd:callhome.nse.ak.check.failed:EMERGENCY]: Callhome for AuthenticationKeyCheckFailed, disk "0n.10".

Attempts to synchronize the Onboard Key Manager (OKM) using the available passphrase fail:

::> security key-manager onboard sync
Error: command failed: Cluster-wide passphrase is incorrect.

Further disk encryption modification attempts (setting data-key-id to 0x0) also fail with authentication errors:

ERROR disk.encryptCmdFailed: Encrypting disk 0n.0 failed disk encrypt modify command with error status Could not authenticate with disk. (0xe)