-
Cisco MDS 9000 Family Storage Media Encryption Configuration Guide, Release 5.x
-
Index
-
New and Changed Information
-
Preface
-
Cisco SME Overview
-
Cisco SME Getting Started
-
Cisco SME Interface Configuration
-
Cisco SME Cluster Management
-
Cisco SME Tape Management
-
Cisco SME Disk Management
-
Cisco SME Key Management
-
Provisioning Certificates
-
RSA Key Manager and Cisco SME
-
Cisco SME Best Practices
-
Cisco SME Troubleshooting
-
Cisco SME CLI Commands
-
Disaster Recovery
-
Offline Data Restore Tool
-
Database Backup and Restore
-
Planning for Cisco SME Installation
-
Migrating Cisco SME Database Tables
-
Feedback
Table Of Contents
Deleting an Offline Switch from a SME Cluster
Deleting a SME Cluster with One or More Offline Switches while the Master Switch is Online
Deleting a SME Cluster when All Switches are Offline
Troubleshooting General Issues
SME Troubleshooting
This chapter describes basic troubleshooting methods used to resolve issues with Cisco Storage Media Encryption.
This chapter includes the following sections:
•
Troubleshooting General Issues
Troubleshooting Resources
For additional information on troubleshooting, the Cisco MDS 9000 Family NX-OS Troubleshooting Guide provides guidance for troubleshooting issues that may appear when deploying a storage area network (SAN) using the Cisco MDS 9000 Family of switches. The Cisco MDS 9000 NX-OS Family Troubleshooting Guide introduces tools and methodologies that are used to recognize a problem, determine its cause, and find possible solutions.
Cluster Recovery Scenarios
This section includes information on recovery procedures used when one or more switches in a SME cluster are offline or when you want to change the master switch assignment from one switch to another switch. It includes the following procedures:
•
•
•
Note
Note
Deleting an Offline Switch from a SME Cluster
To delete an offline switch when one or more switches are offline and the master switch is online, use these procedures.
On the offline switch (for example, switch2), shut down the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# sme cluster ABC
switch(config-sme-cl)# shutdown
Shuts down the ABC cluster on the offline switch.
Note
On the cluster master switch, delete the offline switch (for example, switch2) by performing this task:
On the offline switch (switch2), delete the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)#no sme cluster ABC
Deletes the ABC cluster configuration.
Note
Deleting a SME Cluster with One or More Offline Switches while the Master Switch is Online
To delete a SME cluster that includes one or more offline switches and online master switch, use these procedures.
Caution
On the offline switch (switch2), shut down the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# sme cluster ABC
switch(config-sme-cl)# shutdown
Shuts down the ABC cluster on the offline switch
Note
On the cluster master switch, delete the offline switch (switch2) and then delete the cluster by performing this task:
On the offline switch (switch2), delete the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# no sme cluster ABC
Deletes the ABC cluster configuration.
Note
Deleting a SME Cluster when All Switches are Offline
To delete a SME cluster when the master switch and all other switches are offline, use these procedures.
Note
On the offline switch (for example, switch2), shut down the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)#sme cluster ABC
switch(config-sme-cl)#shutdown
Shuts down the ABC cluster on the offline switch.
Note
On the cluster master switch, shut down the cluster and then delete the cluster by performing this task:
On the offline switch (switch2), delete the cluster by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# no sme cluster ABC
Deletes the ABC cluster configuration.
Note
Reviving an SME Cluster
To revive a cluster on the switch that has the latest SME configuration version, use these procedures.
Perform the following steps sequentially to revive a cluster when one or more switches are offline and the cluster is nonoperational (for example, due to a quorum loss). This recovery procedure includes deleting one or more offline switches and then reviving the cluster on the remaining switches.
Caution
Shut down the cluster configuration on all the switches by following this task:
Delete the cluster configuration on the offline switches, that were shut down in the preceding section, by performing this task:
Step 1
switch# config t
Enters configuration mode.
Step 2
switch(config)# no sme cluster ABC
Shuts down the ABC cluster on the offline switch.
On the cluster master switch, delete all the switches by performing this task:
Restart the cluster configuration on the remaining switches by performing this task:
Troubleshooting General Issues
The SME naming convention includes alphanumeric, dash, and underscore characters. Other types of characters will cause problems in the cluster configuration.
Troubleshooting Scenarios
The following scenarios are described in this section:
•
•
•
•
•
•
•
•
•
•
If DNS is not configured on all switches in a cluster
You can use sme.useIP for IP address or name selection when DNS is not configured on all switches in a cluster.
sme.useIP can be used in smeserver.properties to enable the use of IP addresses instead of switch names. By default sme.useIP is set to false and DNS names will be used. When DNS is not configured, DCNM-SAN cannot resolve the switch names.
When sme.useIP is set to true, DCNM-SAN uses an IP address to communicate with switch in the cluster using SSH. All switches are added to the cluster with an IP address. When you add a local switch, the switch name is used if the name server is configured on the switch, otherwise, the IP address is used.
When sme.useIP is false, DCNM-SAN will use the switch name to select interfaces. All the switches added to the clusters will be identified with names. A name server is required for this type of configuration. Otherwise, switches will not be able to communicate with other switches to form the cluster and DCNM-SAN will not be able to resolve the switch name.
If you need to replace an MSM-18/4 module with another MSM-18/4 module
In the existing MDS 9000 Family platform, a module can be replaced with another module and there is no change in configuration. In SME, due to security reasons, when an MSM-18/4 module is configured as part of a cluster it cannot be replaced with another MSM-18/4 module, otherwise, the SME interface will come up in an inactive state. The correct procedure is to remove the SME interface from the cluster and re-add the interface back into the cluster.
If an SME cluster is not successfully created
There are three main reasons that a SME cluster may not be successfully created:
•
Note
•
•
•
SME Interface creation error
If there are any errors while SME interface creation, ensure the following:
•
•
An SME interface does not come up in a cluster
If an SME interface does not come up, this can be due to the following:
•
•
•
For the second and third scenarios, you must first remove and re-add the interface to the cluster and then enter the copy running-config startup-config command.
When selecting paths, a "no paths found" message is displayed
A tape library controller or robot can be shown as a target in the Select Tape Drives wizard. If you select the controller or robot as a target, a "no paths found" message is displayed. You will need to verify whether or not the selected target is a controller or robot.
When the "no paths found" message is displayed, enter the show tech and show tech-support sme command.
Newly added tape drives are not showing in a cluster
If you add new tape drives as LUNs to a tape library after SME has already discovered available tape drives, a rescan is required from the host to discover the new LUNs.
If you need to contact your customer support representative or Cisco TAC
At some point, you may need to contact your customer support representative or Cisco TAC for some additional assistance. Before doing so, enter the show tech details and the show tech sme commands and collect all logs from the C:\Program Files\Cisco Systems\MDS 9000\logs directory before contacting your support organization.
A syslog message is displayed when a Cisco MDS switch configured with SME in the startup configuration boots up
When you reboot a Cisco MDS switch that has the cluster configuration stored in the startup-config file, the following syslog message may be displayed:
<timestamp> <switch name> %CLUSTER-2-CLUSTER_DB_SYNC_FAIL: Cluster <cluster-id> application 3 dataset 1 database synchronization failed, reason="Invalid cluster API registration"This error message is expected and can be ignored.
Importing a volume group file causes a 'wrap key object not found' error message
A tape volume group was created and the volume group was exported to a file. The tape volume group was deleted and a new tape volume group was created. When the same volume group was imported, the import operation fails and the error message "wrap key object not found" is displayed.
This error occurs because there is another volume group key active in the Key Management Center with the same index (but different versions) as the current volume group into which the import operation is performed.
Accounting log file shows the replication of keys failed
The replication of a key for a cluster fails when the transaction context is invalid or is expired. The key entry will be moved to Sme_repl_error_key table. You should manually remove this record from the Sme_repl_error_key table to the Sme_repl_pending_key table and retry the replication process.
Issues with smart card(s) or card reader
If you have issues with smartcard operations, the following will help ensure success:
•
•
•
•
