Volume Encryption Keys (VEKs) report as not restored for non-existent volumes
Applies to
- ONTAP 9.7
- Onboard Key Management (OKM)
- Upgrade Advisor
Issue
- When running
>> security key-manager key show -restored no
, some Volume Encryption Keys (VEKs) are reported as not restored
Cluster::> security key-manager key show -restored no
Node: Cluster-01
Key Store: onboard
Used By
--------
VEK Key ID: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
- Performing
>> security key-manager onboard sync
is successful (no errors) but does not show VEKs as restored - All other encryption key types are restored, only VEKs are not
- This check is sometimes recommended by Upgrade Advisor before performing an ONTAP upgrade
- ONTAP Upgrade Prechecks do not have any warnings related to encryption
- VEKs referenced as not restored are not in use by any volume currently on the cluster