Troubleshooting Encryption License Key and FMD Encryption License Key

Cannot back up or restore a key.

Verify the following:

• The Encryption License Key and FMD Encryption License Key software licenses are valid and installed.
• You have the Security Administrator (View & Modify) role.
• If you backup and restore data encryption keys with a key management server, the connection to the key management server is available.
• If you backup and restore data encryption keys with a key management server, the number of keys which you can back up on the key management server is not exceeded.
• If you backup and restore data encryption keys with a key management server, a time-out has not occurred due to the increase in the number of keys on the key management server.
• The latest key is restored (the key will not be updated after a secondary backup has been performed).

Cannot create or delete data encryption keys.

Make sure that:

• The Encryption License Key and FMD Encryption License Key software licenses are valid and installed.
• You have the Security Administrator (View & Modify) role.
• If you have backed up and restored data encryption keys with a key management server, that the connection to the key management server is available.

Cannot enable encryption for a parity group.

Make sure that:

• The Encryption License Key and FMD Encryption License Key software licenses are valid and installed.
• All LDEVs in the parity group are in the blocked status.
• The accelerated compression feature is disabled if the parity group consists of FMD DC2 or FMD HD drives.

Cannot disable encryption for a parity group.

Make sure that all LDEVs in the parity group are in the blocked status.

Server configuration test failed.

Check the following key management server connection settings:

• Host name
• Port number
• Client certificate file
• Root certificate file

If the communication failure is due to the length of time to connect to the server, try changing these settings:

• Timeout
• Retry interval
• Number of retries

The Edit Encryption wizard operation failed, but the status of encryption (enable or disable) has changed.

The change of the status succeeds, but the format of the volume fails. Confirm the message, remove the error, and format volumes again.

The storage system failed to get the key encryption keys or the encryption keys from the key management server when the storage system was turned on, and all volumes are blocked. The SIM code 661000 or 661001 is returned.

Complete the following tasks:

1. Make sure that the SVP is operating.
2. Restore the connection to the key management server.
3. In the Edit Encryption Environmental Settings window, click Check for Server Configuration Test, and make sure that the connection test completes correctly.
4. Contact customer support to restart the storage system.
5. After the storage system is restarted, make sure that all blocked volumes are restored.

Editing encryption environmental settings has failed with the error (00002-058578).

If it is the first time you are configuring encryption environmental settings in the Edit Encryption Environmental Settings window and it fails (error message 00002-058578), complete the following tasks:

1. Wait a few minutes, and then click File Refresh All to reread the configuration information.
2. Initialize the encryption environmental settings.
3. Configure the encryption environmental settings again.

If it is not the first time you are configuring encryption environmental settings in the Edit Encryption Environmental Settings window and it fails (error message 00002-058578), complete the following tasks:

1. Wait a few minutes, and then click File Refresh All to reread the configuration information.
2. Configure the encryption environmental settings again.

Server configuration test has succeeded, but the following error is displayed:

10126-105022 The connected key management server does not support the required functions.

A required function for the setting of the key management server is not supported with the connected key management server. See System requirements, and update the software of the key management server to the latest version.

The Edit Encryption Wizard operation failed though the Free key (Encryption key with the Free attribute) exists. The error below is displayed.

03005-108104 There are not enough Free keys.

The Edit Encryption Environmental Settings wizard executed prior to the Edit Encryption wizard might have failed because of disk board failure. Confirm in the Task window that the Edit Encryption Environmental Settings wizard failed and if so, move the cause of error. Then retry the Edit Encryption Environmental Settings wizard and the Edit Encryption wizard after initializing the Encryption Environmental Setting.

After a Free key (Encryption key with the Free attribute) was deleted, SIM code 660100 or 660200 was returned.

The number of Free keys (Encryption key with the Free attribute) might be smaller than the threshold for maintenance. Create the maximum number of Free keys.

Failed to initialize the encryption environmental settings.

Complete the following tasks:

1. Check if the back-end director (VSP G1x00, VSP F1500), controller (VSP G/F350, VSP G/F370), or disk board (VSP G/F700, VSP G/F900) for encryption is blocked.
2. If it is blocked, open the Encryption Keys window, and check the attributes.
3. If KEK, CEK, or KEK and CEK are listed under the Attribute column, create Free keys up to the maximum number for each attribute.
4. Contact customer support to ask for the restoration of the blocked back-end director, controller, or disk board.