9. Use the
storage encryption disk show
at the clustershell prompt, to review the output.
This command does not work if NVE (NetApp Volume Encryption) is configured
10. Use the security key-manager query to display the key IDs of the authentication keys that are stored on the
key management servers.
◦
If the
Restored
column =
yes
and all key managers report in an available state, go to
Complete the
replacement process
.
◦
If the
Restored
column = anything other than
yes
, and/or one or more key managers is not available,
use the
security key-manager restore -address
command to retrieve and restore all
authentication keys (AKs) and key IDs associated with all nodes from all available key management
servers.
Check the output of the security key-manager query again to ensure that the
Restored
column =
yes
and all key managers report in an available state
11. If the Onboard Key Management is enabled:
a. Use the
security key-manager key show -detail
to see a detailed view of all keys stored in
the onboard key manager.
b. Use the
security key-manager key show -detail
command and verify that the
Restored
column =
yes
for all authentication keys.
If the
Restored
column = anything other than
yes
, use the
security key-manager setup
-node
Repaired
(Target)
node
command to restore the Onboard Key Management settings.
Rerun the
security key-manager key show -detail
command to verify
Restored
column =
yes
for all authentication keys.
12. Connect the console cable to the partner node.
13. Give back the node using the
storage failover giveback -fromnode local
command.
14. Restore automatic giveback if you disabled it by using the
storage failover modify -node local
-auto-giveback true
command.
Option 3: Restore NSE/NVE on systems running ONTAP 9.6 and later
Steps
1. Connect the console cable to the target node.
2. Use the
boot_ontap
command at the LOADER prompt to boot the node.
3. Check the console output:
If the console
displays…
Then…
The login prompt
Go to Step 7.
Waiting for giveback…
a. Log into the partner node.
b. Confirm the target node is ready for giveback with the
storage
failover show
command.
23