Skip to main content
NetApp Knowledge Base

External Key Management servers that are clones will not report when querying keys

Views:
229
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.7P4
  • External Key manager

Issue

When performing a "key-manager query" the clone KMIP servers will not report. 

In the below example, KMIP Server x.x.x.2 is configured as the master and the remaining two KMIP servers are configured as clones. When a query is performed, only x.x.x.2 reports whereas all should be reporting:

Cluster::*> key-manager show -status
  (security key-manager show)

Node                    Port    Registered Key Manager       Status
----------------------  ------  ---------------------------  ---------------
Cluster-01           6001    x.x.x.1                 available
Cluster-01           6001    x.x.x.2                 available    <----- Master
Cluster-01           6001    x.x.x.3                 available

Cluster::*> key-manager query 
  (security key-manager query)

          Node: Cluster-n01
   Key Manager: x.x.x.2
Server Status: available

Key Tag                               Key Type  Restored
------------------------------------  --------  --------
Cluster                             NSE-AK    yes
    Key ID: 00000000000000000200000000000XXXXXXXXXXXXXXXXXXXXXXX0000000000000000

If any listed keys have "no" in the "Restored" column, run "security key-manager restore" to restore those keys.

 

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.