メインコンテンツまでスキップ
NetApp Response to Russia-Ukraine Cyber Threat
In response to the recent rise in cyber threat due to the Russian-Ukraine crisis, NetApp is actively monitoring the global security intelligence and updating our cybersecurity measures. We follow U.S. Federal Government guidance and remain on high alert. Customers are encouraged to monitor the Cybersecurity and Infrastructure Security (CISA) website for new information as it develops and remain on high alert.

Entrust Key Control 5.5でNAE暗号化キーが生成されない

Views:
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
encryption<a>2009118744</a>
Last Updated:

環境

  • ONTAP 9.9.1
  • Entrustキーコントロール5.5および5.5.1
  • NetApp Aggregate Encryption ( NAE )

問題

暗号化キーを外部キーサーバに格納する必要がある場合、アグリゲートの作成時に次のエラーメッセージが表示されます。
 
Error: command failed: [Job 1000] Job failed: Failed to create aggregate "aggr_NAE" on "node-01". Reason: Cannot generate encryption key. Use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key manager servers are reachable.
 
外部キーサーバaggregate create はコマンドの実行前に使用できますが、上記のエラーが発生すると約4時間使用できなくなります。
 
バックアップ前:

::> security key-manager external show-status

Node  Vserver  Key Server                   Status
----  -------  -------------------------------------------  ---------------
node-01
    SVM1
        192.0.0.1:5696                 available
        192.0.0.2:5696                 available
        192.0.0.3:5696                 available
        192.0.0.4:5696                 available
node-02
    SVM1
   
        192.0.0.1:5696                 available
        192.0.0.2:5696                 available
        192.0.0.3:5696                 available
        192.0.0.4:5696                 available
8 entries were displayed.

 

バックアップ後:

::> security key-manager external show-status

Node  Vserver  Key Server                   Status
----  -------  -------------------------------------------  ---------------
node-01
    SVM1
        192.0.0.1:5696                 not-responding
                               Status Details: IO
        192.0.0.2:5696                 not-responding
                               Status Details: IO
        192.0.0.3:5696                 not-responding
                               Status Details: IO
        192.0.0.4:5696                 not-responding
                               Status Details: IO
node-02
    SVM1
        192.0.0.1:5696                 not-responding
                               Status Details: IO
        192.0.0.2:5696                 not-responding
                               Status Details: IO
        192.0.0.3:5696                 not-responding
                               Status Details: IO
        192.0.0.4:5696                 not-responding
                               Status Details: IO
8 entries were displayed.

 

には次のエラーがあります mgwd.log

Thu Mar 24 2022 15:00:00 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.1:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:26 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.2:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:00:52 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.3:5696". Cryptsoft error: "IO".
Thu Mar 24 2022 15:01:18 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 000000000000000002000000000005005e24a1fb85a507e61a68dcceb5c1523c0000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.4:5696". Cryptsoft error: "IO".

 

Scan to view the article on your device
CUSTOMER EXCLUSIVE CONTENT

Registered NetApp customers get unlimited access to our dynamic Knowledge Base.

New authoritative content is published and updated each day by our team of experts.

Current Customer or Partner?

Sign In for unlimited access

New to NetApp?

Learn more about our award-winning Support

 

  • この記事は役に立ちましたか?