Following ESXi host upgrades and reboots, the vSAN cluster reports "Inaccessible Objects" in the Skyline Health dashboard, when vSAN Data-At-Rest Encryption is in use.
search cancel

Following ESXi host upgrades and reboots, the vSAN cluster reports "Inaccessible Objects" in the Skyline Health dashboard, when vSAN Data-At-Rest Encryption is in use.

book

Article ID: 437980

calendar_today

Updated On:

Products

VMware vSAN

Issue/Introduction

The objects are not associated with any active Virtual Machines (VMs).

Running the following command on an affected ESXi host confirms the presence of inaccessible objects:

esxcli vsan debug object health summary get

Running:

esxcli vsan debug object list -u "Inaccessible object uuid"

May show the object in an APD/creating state.

 

In var/run/log/vmkerenel.log you may see logging similar to the below example: 

vmkernel: cpuXX:XXXXXXX)DOM: DOMOwnerGetEncrCtxFromExtAttr:3994: UUID_1:32.855Z cpuXX:XXXXXXX)DOM: DOMOwnerGetEncrCtxFromExtAttr:3994: UUID_2: Fetched encrCtx from extAttr with encrActiveKey:0, encrEnabled:0, encrCompliant:1, encrGenNum:0, encrPersisted:1, encrPerObjKey: 1

vmkernel: :32.855Z cpuXX:XXXXXXX)DOM: DOMOwnerGetEncrCtxFromExtAttr:3994: UUID_3: Fetched encrCtx from extAttr with encrActiveKey:0, encrEnabled:0, encrCompliant:1, encrGenNum:0, encrPersisted:1, encrPerObjKey: 1

 

Environment

vSAN ESA 8.x

Cause

In a certain situations a stale encryption metadata from previously deleted objects may persist in Cluster Metadata Management and Directory Service (CMMDS). Broadcom Engineering is aware of the issue and is working to resolve it in future releases.

Resolution

Open Support Request with Broadcom to help cleanup the stale metadata objects.

Additional Information

 

Powered by Wolken Software