How to replace a single KMS server that has failed
Article ID: 326780
Updated On:
Products
VMware vSAN
Issue/Introduction
To assist with replacing a failed KMS server
Symptoms:
Customer has a single KMS server and not a recommended KMS server cluster for redundancy.
Single KMS server is offline due to hardware or network failure of the host it resides.
Symptoms:
Customer has a single KMS server and not a recommended KMS server cluster for redundancy.
Single KMS server is offline due to hardware or network failure of the host it resides.
Environment
VMware vSAN 7.0.x
VMware vSAN 6.x
VMware vSAN 6.x
Cause
Single KMS server failed
Resolution
Always set up a KMS cluster for redundancy.
In the event of a single KMS failure and the KMS vendor determines a replacement is required follow the below steps to get the KMS server replaced.
1) Make sure the KMS vendor is engaged to assist
2) Deploy a new KMS server with KMS vendors guidance
3) Create a new KMS cluster
For 6.7 Select the vCenter in the left hand pane > Configure > Key Management Server > Add > complete the wizard
For 7.0 Select the vCenter in the left hand pane > Configure > Key Providers > Add Standard Key Provider and complete the wizard setup
4) Point vSAN to the new KMS cluster
For 6.7 Select vSAN cluster > Configure > Services > Encryption > Edit
For 7.0 Select vSAN cluster > Configure > Services > Data-At-Rest-encryption > Edit
In the event of a single KMS failure and the KMS vendor determines a replacement is required follow the below steps to get the KMS server replaced.
1) Make sure the KMS vendor is engaged to assist
2) Deploy a new KMS server with KMS vendors guidance
3) Create a new KMS cluster
For 6.7 Select the vCenter in the left hand pane > Configure > Key Management Server > Add > complete the wizard
For 7.0 Select the vCenter in the left hand pane > Configure > Key Providers > Add Standard Key Provider and complete the wizard setup
4) Point vSAN to the new KMS cluster
For 6.7 Select vSAN cluster > Configure > Services > Encryption > Edit
For 7.0 Select vSAN cluster > Configure > Services > Data-At-Rest-encryption > Edit
Additional Information
Feedback
Yes
No
Powered by
