Dell Unity: Fornetix KMIP 服务器无法启用(戴尔可纠正)

Summary: 尝试配置外部 Fornetix Key Management Interoperability Protocol (KMIP) 服务器以保存和存储 Unity 系统密钥D@RE失败。 显示以下错误代码:0x7140900D并显示相应的错误消息“KMIP 服务器启用操作未成功完成”。 Fornetix KMIP 服务器软件是必需的,因为 VMware ESXi 8.x 主机正在使用中,并且它在环境中的虚拟机上运行。终端用户最初尝试从戴尔购买 Dell CloudLink KMIP 软件,因为它也支持 VMware 环境。 自 2023 年 3 月起,CloudLink 软件不再可供购买。 Dell Unity e-Lab Navigator 兼容性表中批准的其他 KMIP 服务器软件无法在 VMware 环境中运行。 ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

已尝试从命令行和 Unisphere 中启用 KMIP。显示有关未将 3DES 加密协议添加到主 Fornetix CA 证书的各种错误。这是将证书从 Fornetix KMIP 服务器导入到 Unity 存储所必需的。

3DES 错误已解决,但 KMIP 服务器仍无法启用。

配置尝试期间的 Unisphere 错误是: 
The KMIP server enablement operation did not complete successfully.  Please review the event logs and health status of the system. (Error Code:0x7140900d)
Unisphere 错误:

KMIP 服务器配置失败期间出现 Unisphere 错误
Unisphere 仅在事件日志中显示以下内容:每次尝试失败后显示“用户 <域/用户> 已尝试启用 KMIP,但未成功”。
 

Cause

审查了 Unity c4_sade_sm.log的日志输出,其中显示 Unity 存储产品不支持 Fornetix KMIP 服务器。  
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Secure Transport Configuration successfully saved.
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Vendor id = Fornetix
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Unsupported KMIP server
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Retry with updated cipher suites failed: 15
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Ktp_set_transport_config_from_klb failed, status 15
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Setup succeeded
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Successfully wrote content to cert /EMC/CBE/KMIPCer/CACertification.pem
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Successfully wrote content to cert /EMC/CBE/KMIPCer/clientCertification.p12
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key TLS Mode Output: 0
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Matched TLSv1.0
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Current KMIP TLS protocols: 7
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Server alias name: server0
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP server URI: https://x.x.x.x:5696 [x.x.x.x] 
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP TLS protocols: 7
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Key Secure Transport Configuration successfully saved.
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Vendor id = Fornetix
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Unsupported KMIP server
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Server alias name: server0
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP server URI: https://x.x.x.x:5696 [x.x.x.x] 
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key KMIP TLS protocols: 7
Std:INFO PKGE KMS 100C0 : KMS: TKP: Key Connection with default BSAFE cipher suites to previously support

Resolution

戴尔工程部门已介入并确认 Unity 存储不支持 Fornetix KMIP 服务器软件。

Dell e-Lab Navigator Matrix 显示 Unity 产品未列出 Fornetix。 
当前支持的 Dell Unity KMIP e-Lab 矩阵

Additional Information

在以下文档中,从第 10 页开始,查找有关配置支持的 KMIP 服务器的常规步骤:
DELL EMC UNITY:静态数据加密 详细回顾

Affected Products

Dell EMC Unity
Article Properties
Article Number: 000226719
Article Type: Solution
Last Modified: 18 Jul 2024
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.