Troubleshooting Security Key Errors on Dell PowerEdge™ RAID Controllers
Article Summary: This article provides information on troubleshooting security key errors on Dell PowerEdge RAID controllers
Issue 1: Security key implementation
The Dell PowerEdge RAID Controller (PERC) H710, H710P, and H810 cards support Self-Encrypting Disks (SED) for protection of data against loss or theft of SEDs. Protection is achieved by the use of encryption technology on the drives. There is one security key per controller. You can manage the security key under Local Key Management (LKM). The key can be escrowed in to a file using Dell OpenManage. The security key is used by the controller to lock and unlock access to encryption-capable physical disks.
Issue 2: Secured foreign import errors
A foreign configuration is a RAID configuration that already exists on a replacement physical disk that you install in a system. A secured foreign configuration is a RAID configuration that was created under a different security key.
There are two scenarios in which a secured foreign import fails:
The passphrase authentication fails-A VD secured with a security key different from the current controller
security key cannot be imported without authentication of the original passphrase used to secure them. Supply
the correct passphrase to import the secured foreign configuration. If you have lost or forgotten the passphrase,
the secured foreign disks remain locked (inaccessible) until the appropriate passphrase is entered or if they are
instant secure erased.
The secured VD is in an offline state after supplying the correct passphrase-You must check to determine why
the virtual disk failed and correct the problem. See the topic Troubleshooting.
Issue 3: Failure to select or configure non self-encrypting disks (Non-SED)
A virtual disk can be either secured or unsecured depending on how it was configured when created. In order to create a secured virtual disk, the controller must have a security key present and must be composed of SEDs only. In order to select/configure non-SED, you must create an unsecured virtual disk. You can create an unsecured virtual disk even if there is a security key present.
Select the Secure VD option as No in the Create New VD menu. See the topic Creating Virtual Disks for steps on how to create an unsecured virtual disk.
Issue 4: Failure to delete security key
A security key is used to lock or unlock access to a security-enabled component. This key is not utilized in the actual encryption of data. If a security key is present, both secured and unsecured virtual disks may exist.
To delete the security key, you must have a previously established security key present on the controller and there
cannot be any configured secured disks. If there are configured secured disks, remove or delete them.
Issue 5: Failure to instant secure erase task on physical disks
Instant Secure Erase is the process of securely erasing all data permanently on an encryption-capable physical disk and resetting the security attributes. It is used in a couple of scenarios such as deleting a foreign configuration in the event of a forgotten or lost passphrase or unlocking a disk that had been previously locked.
Instant Secure Erase can be executed only on encryption-capable disks as long as the disks are not hot spares and are not configured (part of a virtual disk). Ensure that the conditions are met and see the topic Instant Secure Erase.
Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.
Article ID: SLN156513
Last Date Modified: 08/04/2015 11:10 AM
Rate this article
Easy to understand
Was this article helpful?
Send us feedback
Feedback shows invalid character, not accepted special characters are <> () \
Sorry, our feedback system is currently down. Please try again later.