vCenter KMS status Key State Red Other Status Green In vSAN Skyline Health
search cancel

vCenter KMS status Key State Red Other Status Green In vSAN Skyline Health

book

Article ID: 385388

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

KMS server logs show errors when an incorrect username authenticates, preventing trust from vCenter or hosts.

Existing vSAN cluster using Data-At-Rest Encryption, and the vSAN Skyline Health check begins indicating vCenter and all hosts are connected to Key Management Servers alarm.
The only Red indicator under vCenter KMS status is Key State; the others are green.


 

Shallow rekey fails with "General vSAN error. There was an issue generating keys with KMS cluster #########"



Attempting to enable Encryption Mode (or crypto safe mode) on the host fails with "A general runtime error occurred. Cannot generate key. CreateKey failed on key provider #########, error code: QLC_ERR_NO_BATCH_COUNT; Failed. Check log for details."

Environment

  • vSAN 7.x
  • vSAN 8.x
  • SDDC Manager 5.x
  • vCenter Server 7.x
  • vCenter Server 8.x

Cause

At some point, the [email protected] or KMS username was entered in the Username field for optional password authentication while editing the KMS in vCenter. This entry is then stored in the vCenter database and cannot be cleared through the UI.

Resolution

Open a case with VMware by Broadcom Support to resolve this issue. Creating and managing Broadcom cases

Powered by Wolken Software