vSAN cluster partitioned with ERROR "Data-in-transit encryption is disabled on the vSAN cluster but is enabled on this host"
search cancel

vSAN cluster partitioned with ERROR "Data-in-transit encryption is disabled on the vSAN cluster but is enabled on this host"

book

Article ID: 409681

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

vSAN cluster is in a network partitioned stated with the following error "Data-in-transit encryption is disabled on the vSAN cluster but is enabled on this host"

Environment

VMware vSAN (all versions)

Cause

If Data-in-transit encryption is enabled at the host level but not at the cluster level and a new host or witness is added to the cluster this host will be network partitioned as Data-in-transit encryption is not enabled on it. 

Resolution

Activate Data in transit encryption on the vSAN cluster.

  1. In the Hosts and Clusters inventory, select the vSphere cluster that uses vSAN as storage.

  2. Click the Configure tab and under vSAN, click Services.

  3. Click the Data ServicesEdit button.

  4. In the vSAN Services dialog box, activate the toggle switch of Data-In-Transit encryption, configure rekey interval and click Apply

Disabled Data in transit encryption form the hosts that have it enabled 

  1. Connect to the hosts with SSH.

  2. Perform esxcli vsan network security set -e false on host.

  3. Check 'Data-in-Transit Encryption status' is false by performing command

[root@esxihost:~] esxcli vsan network security get
   Sub-Cluster UUID: ########-####-####-############
   Data-in-Transit Encryption status: false
   Rekey Interval (in minutes): 1440

This will ensure that Data in Transport Encryption is disabled and now in alignment with Cluster settings.

 

Powered by Wolken Software