Can't read encrypted tape on another LPAR
Article ID: 139293
Updated On:
Products
Tape Encryption
Issue/Introduction
Virtual tape created from the Vtape product (Vvvvvvv.VVE and Vvvvvvv.VOL data sets) has been copied from the SYSA NFS directory to the corresponding SYSB NFS directories. The tape data could be recalled from NFS cache successfully on the SYSB system, but trying to read the tape failed with:
BES1T0351I BESKEY=000000## CMP=xx
BES1T0352I UCB=xxxx Algorithm=xxxxxx KeyLabel=xxxxxx_KEY
BES1T0304E Key not available on this system - Tape cannot be decrypted
How can the encryption key be copied from the SYSA to the SYSB system?
Environment
Release : 14.5
Component : Tape Encryption
Resolution
The Encryption key can't be copied to the SYSB System.
In this environment the BES Database is used to store the encryption keys.
In order to read tapes on SYSB that were created on SYSA, the following methods can be used:
1. Start a second BES subsystem on SYSB with a copy of the keys Database from SYSA (containing the keys that were used to create the tape)
2. On the SYSA system create an unencrypted copy of the tape using the COPYCAT product, for example, and then copy this tape to SYSB.
Feedback
Yes
No
Powered by
