メインコンテンツへスキップ

オンボードキーのインポートが失敗したためにONTAP ANDUの実行中に自動ギブバックが失敗する

Views:
53
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

環境

  • ONTAP 9.8以降
  • ONTAP無停止自動アップグレード
  • トラステッド・プラットフォーム・モジュール(TPM)を使用したマザーボードの交換
  • オンボード キー マネージャ

問題

  • ANDUアップグレード、 show key import failuresのEMSログ:

[node-02: wafl_exempt00: crypto.ssal.failed:alert]: SSAL operation failed: SSAL Unseal operation failed.
[node-02: wafl_exempt00: crypto.debug:info]: Onboard key hierarchy import failed: failed to create NKEK: 31.
[node-02: wafl_exempt00: crypto.okmrecovery.failed:alert]: ERROR: Import of the onboard key hierarchy failed: failed to import key hierarchy. Additional information: error: ssal unseal failed.

  • SKTRACE.GZにTSSエラーが表示される

2021-08-22T21:51:01Z 24880865537178 [0:0] SSAL_Error: tss_tpm_load:438 tss_execute failed
2021-08-22T21:51:01Z 24880865540576 [0:0] SSAL_Error: crypto_ssal_tpm_unseal:226 tss_tpm_load failed
2021-08-22T21:51:01Z 24880865638452 [0:0] SSAL_Error: tss_log_error:232 crypto_ssal_tpm_unseal: failed, rc 000b0009
2021-08-22T21:51:01Z 24880865640870 [0:0] SSAL_Error: tss_log_error:234 TSS_RC_BAD_CONNECTION - Failure communicating with lower layer
2021-08-22T21:51:01Z 24880865643199 [0:0] SSAL_Error: crypto_ssal_fs_unseal:167 The public portion of the blob should be NULL and of size 0

  • ボリューム暗号化キーを使用できないため、ギブバックが拒否されました

[node-01: cf_giveback: gb.sfo.veto.kmgr.keysmissing:error]: Giveback of aggregate aggr1_n02 failed due to unavailability of volume encryption keys for the encrypted volumes of the aggregate on the partner node node-02.
[node-01: cf_giveback: sfo.sendhome.subsystemAbort:alert]: The giveback operation of 'aggr1_n02' was aborted by 'keymanager'.

 

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.