PCM replacement not clear when using NVE and OKM

### Page URL

https://docs.netapp.com/us-en/ontap-systems/fas8300/controller-replace-recable-reassign-disks.html

### Page title

Recable the system and reassign disks - FAS8300 and FAS8700

### Summary

## Issue

When replacing a PCM. The following is stated if using NVE or NSE:

5. If your storage system has Storage or Volume Encryption configured, you must restore Storage or Volume Encryption functionality by using one of the following procedures, depending on whether you are using onboard or external key management:
-  [Restore onboard key management encryption keys](https://docs.netapp.com/us-en/ontap/encryption-at-rest/restore-onboard-key-management-encryption-keys-task.html)
-  [Restore external key management encryption keys](https://docs.netapp.com/us-en/ontap/encryption-at-rest/restore-external-encryption-keys-93-later-task.html)

6. Give back the controller:

If you have an OKM, no encrypted root volume, and ONTAP 9.6 or later you would assume to follow these steps:
[ONTAP 9.6 and later](https://docs.netapp.com/us-en/ontap/encryption-at-rest/restore-onboard-key-management-encryption-keys-task.html#ontap-9-6-and-later)

However, these commands are not possible as long as the controller is waiting for giveback.

## How I resolved this (only using NVE, controller already at "...waiting for giveback")

1. Perform giveback.
2. Check if it was vetoed due to key manager (event log):

```
sfo.giveback.failed: Giveback of aggregate AGGR_NAME failed due to Giveback was vetoed..
sfo.sendhome.subsystemAbort: The giveback operation of 'AGGR_NAME' was aborted by 'keymanager'.
```

3. Perform steps in [ONTAP 9.6 and later](https://docs.netapp.com/us-en/ontap/encryption-at-rest/restore-onboard-key-management-encryption-keys-task.html#ontap-9-6-and-later)
4. Re-initiate giveback

## Suggestion

I assume it would be best to follow these steps instead when performing a PCM replacement with OKM and NSE/NVE
[ONTAP 9.8 or later with encrypted root volume](https://docs.netapp.com/us-en/ontap/encryption-at-rest/restore-onboard-key-management-encryption-keys-task.html#ontap-9-8-or-later-with-encrypted-root-volume). My suggestion would be to:

1. Add this step to docs as requirement before booting to ONTAP
2. Change the following line

> If you are running ONTAP 9.8 and later, and your root volume is encrypted, you must set an onboard key management recovery passphrase with the boot menu. This process is also necessary if you do a boot media replacement.

To this.

> If you are running ONTAP 9.8 and later, and your root volume is encrypted, you must set an onboard key management recovery passphrase with the boot menu. 

> [!NOTE] 
> This process is also necessary if you do a boot media or PCM replacement.








### Public issues must not contain sensitive information

- [x] This issue contains no sensitive information.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PCM replacement not clear when using NVE and OKM #376

Page URL

Page title

Summary

Issue

How I resolved this (only using NVE, controller already at "...waiting for giveback")

Suggestion

Public issues must not contain sensitive information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

PCM replacement not clear when using NVE and OKM #376

Description

Page URL

Page title

Summary

Issue

How I resolved this (only using NVE, controller already at "...waiting for giveback")

Suggestion

Public issues must not contain sensitive information

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions