Remediate Cluster task fails( Encryption was enabled on disk level but disabled from cluster level)
Article ID: 388270
Updated On:
Products
Issue/Introduction
Symptoms:
- vSAN health reports vSAN cluster configuration consistency issue
- vSAN cluster shows below error in skyline health after disabling the encryption
"Remediate Cluster task fails (Encryption was enabled on disk level but disabled from cluster level)". - The encryption was enabled at disk level and disabled from cluster level.
Command to check the encryption on disk level : esxcli vsan storage list | grep -i encryption
To view the cluster level encryption status please follow the below steps :
- Navigate to the vSAN host cluster in the vSphere Web Client.
- Click the Configure tab.
- Under vSAN, select General.
- In the vSAN is turned ON pane, click the Edit button.
- On the Edit vSAN settings dialog, check the Encryption check box.
Environment
VMware vSphere 7.x
VMware vSphere 8.x
Cause
The Issue will occur if vSAN encryption is disabled without selecting "Allow reduce redundancy" option for vSAN cluster running with minimum number of hosts and running low on storage space.
In "Allow Reduced Redundancy" option, disk group recreation will be performed without evacuating the disk group.
The table shows the minimum host required for different RAID type.
| Failure to Tolerate | RAID Type | Minimum Hosts Required |
| 0 | RAID-1 | 3 |
| 1 | RAID-1 | 3 |
| 2 | RAID-1 | 5 |
| 3 | RAID-1 | 7 |
| 1 | RAID-5 | 4 |
| 2 | RAID-6 | 6 |
Resolution
Steps to resolve the issue :
- Navigate to vSAN Cluster > Configure > Skyline health > Click on REMEDIATE with Allow Reduce Redundancy.
- Wait for the task to complete.
Note:
Always back up your data before making any changes to encryption settings.
The cluster should be in a healthy state with no outstanding issues in skyline health that need resolution prior disabling encryption
To be alerted when this article is updated, follow KB Subscribe to a Broadcom knowledge article
Additional Information
Feedback
