Entrust Key Control 5.5でNAE暗号化キーが生成されない

最後の更新
PDFとして保存

Views:: 8

Visibility:: Public

Votes:: 0

Category:: ontap-9

Specialty:: encryption<a>2009118744</a>

Last Updated:

環境

ONTAP 9.9.1
Entrustキーコントロール5.5および5.5.1
NetApp Aggregate Encryption （ NAE ）

問題

暗号化キーを外部キーサーバに格納する必要がある場合、アグリゲートの作成時に次のエラーメッセージが表示されます。

Error: command failed: [Job 1000] Job failed: Failed to create aggregate "aggr_NAE" on "node-01". Reason: Cannot generate encryption key. Use the 'security key-manager external show-status' command to verify that the network configuration is correct and the key manager servers are reachable.

外部キーサーバaggregate create はコマンドの実行前に使用できますが、上記のエラーが発生すると約4時間使用できなくなります。

バックアップ前：

::> security key-manager external show-status

Node Vserver Key Server Status ---- ------- ------------------------------------------- --------------- node-01 SVM1 192.0.0.1:5696 available 192.0.0.2:5696 available 192.0.0.3:5696 available 192.0.0.4:5696 available node-02 SVM1 192.0.0.1:5696 available 192.0.0.2:5696 available 192.0.0.3:5696 available 192.0.0.4:5696 available 8 entries were displayed.

バックアップ後：

::> security key-manager external show-status

Node Vserver Key Server Status ---- ------- ------------------------------------------- --------------- node-01 SVM1 192.0.0.1:5696 not-responding Status Details: IO 192.0.0.2:5696 not-responding Status Details: IO 192.0.0.3:5696 not-responding Status Details: IO 192.0.0.4:5696 not-responding Status Details: IO node-02 SVM1 192.0.0.1:5696 not-responding Status Details: IO 192.0.0.2:5696 not-responding Status Details: IO 192.0.0.3:5696 not-responding Status Details: IO 192.0.0.4:5696 not-responding Status Details: IO 8 entries were displayed.

には次のエラーがあります mgwd.log。

Thu Mar 24 2022 15:00:00 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.1:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:00:26 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.2:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:00:52 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 00000000000000000200000000000500520bf82c26d7c453a8f96a0df10250850000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.3:5696". Cryptsoft error: "IO". Thu Mar 24 2022 15:01:18 +01:00 [kern_mgwd:info:2511] 0x829b7b600: 0: ERR: keymanager_mgwd::tables::keymanager_import_external_key: [run]:409: Failed to lookup Key ID: 000000000000000002000000000005005e24a1fb85a507e61a68dcceb5c1523c0000000000000000 from kmip for Vserver: [SVM1/4294967295], err: KMIP "Get" command failed on external key server "192.0.0.4:5696". Cryptsoft error: "IO".