Dell Unity: Fornetix KMIP server fails to enable (Dell Correctable)
Summary: Attempts to configure an external Fornetix Key Management Interoperability Protocol (KMIP) server to save and store Unity system D@RE keys fails. The following error code is seen: 0x7140900D and a corresponding error message "The KMIP server enablement operation did not complete successfully." Fornetix KMIP server software was required because VMware ESXi 8.x hosts are in use, and it runs on a virtual machine in the environment. The end user had tried to acquire Dell CloudLink KMIP software from Dell initially as it also supports VMware environments. CloudLink software is no longer available to purchase as of March 2023. The other KMIP server software approved in the Dell Unity e-Lab Navigator Compatibility Matrix does not run in a VMware environment. ...
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
KMIP enablement was attempted from both the command line and in Unisphere. Various errors were shown about not having the 3DES encryption protocol added to the primary Fornetix CA certificate. This is required to import the certificate from the Fornetix KMIP server to the Unity storage.
The 3DES errors were resolved, but the KMIP server would still not enable.
The Unisphere error during the configuration attempt was:
Unisphere only showed the following in the event log: "User <domain/user> has attempted unsuccessfully to enable KMIP" after each failed attempt.
The 3DES errors were resolved, but the KMIP server would still not enable.
The Unisphere error during the configuration attempt was:
The KMIP server enablement operation did not complete successfully. Please review the event logs and health status of the system. (Error Code:0x7140900d)Unisphere error:
Unisphere only showed the following in the event log: "User <domain/user> has attempted unsuccessfully to enable KMIP" after each failed attempt.
Cause
The log output from the Unity c4_sade_sm.log was reviewed which showed that the Fornetix KMIP server is unsupported for Unity storage products.
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Secure Transport Configuration successfully saved. Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Vendor id = Fornetix Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Unsupported KMIP server Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Retry with updated cipher suites failed: 15 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Ktp_set_transport_config_from_klb failed, status 15 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Setup succeeded Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Successfully wrote content to cert /EMC/CBE/KMIPCer/CACertification.pem Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Successfully wrote content to cert /EMC/CBE/KMIPCer/clientCertification.p12 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key TLS Mode Output: 0 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Matched TLSv1.0 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Current KMIP TLS protocols: 7 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Server alias name: server0 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP server URI: https://x.x.x.x:5696 [x.x.x.x] Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP TLS protocols: 7 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Key Secure Transport Configuration successfully saved. Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Vendor id = Fornetix Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Unsupported KMIP server Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Server alias name: server0 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP server URI: https://x.x.x.x:5696 [x.x.x.x] Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP TLS protocols: 7 Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Connection with default BSAFE cipher suites to previously support
Resolution
Dell Engineering was engaged and confirmed that Fornetix KMIP server software is not supported for Unity storage.
The Dell e-Lab Navigator Matrix shows that Fornetix is not listed for Unity products.
The Dell e-Lab Navigator Matrix shows that Fornetix is not listed for Unity products.
Additional Information
Find general steps on configuring supported KMIP servers in the following document starting on page 10:
DELL EMC UNITY: DATA AT REST ENCRYPTION A Detailed Review
DELL EMC UNITY: DATA AT REST ENCRYPTION A Detailed Review
Videos
Dell e-Lab Navigator Matrix latest KMIP supported server list for all supported products is available using the hyperlink. Search for KMIP and choose the KMIP Encryption Device document.
The following KB shows the current status of End of Life Dell products.
Dell End-of-Life Product List for Converged Infrastructure and Storage
**There is an attached spreadsheet showing CloudLink was end of sales in March 2023.
Attachment name: EMCSoftwareReleaseandEndofServiceLifeNotifications_pkb_en_US_1.xlsx
The following KB shows the current status of End of Life Dell products.
Dell End-of-Life Product List for Converged Infrastructure and Storage
**There is an attached spreadsheet showing CloudLink was end of sales in March 2023.
Attachment name: EMCSoftwareReleaseandEndofServiceLifeNotifications_pkb_en_US_1.xlsx
Affected Products
Dell EMC UnityArticle Properties
Article Number: 000226719
Article Type: Solution
Last Modified: 18 Jul 2024
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.