ONTAP Discussions

Reason: Node "XXX" failed to allocate encryption resources. Please retry later or reboot...

sc-jre

We are using NetApp 9.4 and would like to enable encryption at rest. After running the following command successfully:

 

security key-manager setup

 

We are presented with the following error when trying to either create a new or convert an existing volume with encryption enabled.

 

Reason: Node "XXX" failed to allocate encryption resources. Please retry later or reboot the node

 The documentation does not mention that a reboot may be required. Is there something we have missed or is there another problem. Previous posts on the forum suggest that rebooting the nodes will work. I am also not sure what the impact would be of rebooting one of our 2 nodes. Will the client have to reconnect ?

 

Any guidance on this issue is much appreciated.

 

PS: The support site seems to be down so I wasn't able to raise a support case for this.

 

1 ACCEPTED SOLUTION

sc-jre

After waiting for several hours the command completed successfully. We are still not quite sure what the root cause was or what changed to allow the command to complete successfully. In any case for now this has been resolved by waiting for 6 hours. We did try to run the command 1 and 2 hours afterwards the initial setup, but it still failed with the same error.

View solution in original post

7 REPLIES 7

TMAC_CTG

The answer is right there....reboot the node.

sc-jre

Before just going to reboot the node I want to understand the impact. Will I need to shut down any clients before rebooting the nodes? Should I reboot one node at a time ?

TMAC_CTG

You do this:

Make sure that auto-giveback is enabled
storage failover modify -auto-giveback true -node *

 

Then perform Takeover/giveback both ways

storage failover takeover -ofnode <node1>

 

Node 1 will reboot and auto-giveback.

Wait for <node1> to be online for at least 8 minutes. Then go the other way

 

storage failover takeover -ofnode <node2>

 

Node 2 will reboot and auto-giveback.

 

If set up properly, any SAN connection will survive and so will NFS v3 and any CIFS SMB v3.0 continuously-available shares

When using stateful protocols like NFSv4 and any other CIFS, it usually just works and the connection just needs to re-establish.

paul_stejskal

What problem are you having with the Support site? If you need to raise a case, you can always call in. 1-888-4NETAPP is the USA number you can call.

manistorage

Hi,

Reboot is not required to setup, external encryption server. looking at the message we need to check if the controllers can talk to the external  key server.

Run - cfiler01::*> security key-manager external show-status   -- validate the communication to the key manger server.

 

can you also look for the error in EMS log.

 

Regards,

Mani

TMAC_CTG

There are cases, especially in earlier releases like 9.4 where a reboot is sometimes required. I have personally hit this myself and rebooting each node absolutely fixed it and enabled encryption. 

this does not seem to be much of an issue with 9.5 and higher

 

 

sc-jre

After waiting for several hours the command completed successfully. We are still not quite sure what the root cause was or what changed to allow the command to complete successfully. In any case for now this has been resolved by waiting for 6 hours. We did try to run the command 1 and 2 hours afterwards the initial setup, but it still failed with the same error.

View solution in original post

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

NetApp Insights to Action
I2A Banner
Public