When Customer tried to add a new disk to an existing vSAN DiskGroup it failed with the error A general system error occurred: Can't add disk to unencrypted disk group

root@esx01:~] esxcli vsan storage add -s naa.xxxxxxxxxxxxx -d naa.xxxxxxxxxxxxxx
Unable to add device: Can't add disk to unencrypted disk group

VMware vSAN 7.x 
VMware vSAN8.x OSA

vSAN data at rest encryption was enabled on this vSAN Cluster but the process never completed successfully.

The DG thinks it is not encrypted but at the cluster level it shows Data at Rest encryption is enabled.

esx01:~] esxcli vsan encryption info get
Attribute            Value
-------------------  -----
enabled              True
kekId                xxxxxxxxxxxxxxxxxxxxxxxxxxxxcf5f0a351:f8a20xxxxxxxx-xxxxxxxxxx-xxxxxxxxxx
hostKeyId            kmx:36 xxxxxxxxx-5a69-xxxx-b2b9-xxxxxxxxxxxxxxxxxxxxxxxxx
dekGenerationId      1
changing             True ----> it looks like encryption is still in progress and never completed successfully
eraseDisksBeforeUse  False

Workaround:

1. Please take a good Backup.
2. Scheduled a Change Window and Disable the Data At Rest Encryption at the cluster level.

3. Add new disk to the Existing Disk Group to add additional capacity

4. Once you have enough capacity, enable the Data at Rest Encryption again for the vSAN Cluster 

(Enable Data-At-Rest Encryption on Existing vSAN Cluster)