Remediate Cluster task fails( Encryption was enabled on disk level but disabled from cluster level)
search cancel

Remediate Cluster task fails( Encryption was enabled on disk level but disabled from cluster level)

book

Article ID: 388270

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

Symptoms:

  • vSAN health reports vSAN cluster configuration consistency issue
  • vSAN cluster shows below error in skyline health  after disabling the encryption "Remediate Cluster task fails (Encryption was enabled on disk level but disabled from cluster level)".
  • The encryption was enabled at disk level and disabled from cluster level. 

Command to check the encryption on disk level : esxcli vsan storage list | grep -i encryption 

To view the cluster level encryption status please follow the below steps : 

  1. Navigate to the vSAN host cluster in the vSphere Web Client.
  2. Click the Configure tab.
  3. Under vSAN, select General.
  4. In the vSAN is turned ON pane, click the Edit button.
  5. On the Edit vSAN settings dialog, check the Encryption check box.

 

Environment

VMware vSphere 7.x
VMware vSphere 8.x

Cause

The Issue will occur if vSAN encryption is disabled without selecting "Allow reduce redundancy" option for vSAN cluster running with minimum number of hosts and running low on storage space.

In "Allow Reduced Redundancy"  option, disk group recreation will be performed without evacuating the disk group.

The table shows the minimum host required for different RAID type. 

Failure to Tolerate RAID Type Minimum Hosts Required
0 RAID-1 3
1 RAID-1 3
2 RAID-1 5
3 RAID-1 7
1 RAID-5 4
2 RAID-6 6

 

Resolution

Steps to resolve the issue : 

  • Navigate to vSAN Cluster > Configure > Skyline health > Click on REMEDIATE  with Allow Reduce Redundancy.
  • Wait for the task to complete.

Note

Always back up your data before making any changes to encryption settings.
The cluster should be in a healthy state with no outstanding issues in skyline health that need resolution prior disabling encryption 

 

To be alerted when this article is updated, follow KB Subscribe to a Broadcom knowledge article

Additional Information