了解配置和管理 Azure NetApp 文件卷加密的客户管理的密钥时可能会遇到的错误消息和解决方法。
在 NetApp 帐户上配置客户管理的密钥加密时出错
| 错误条件 | 决议 |
|---|---|
The operation failed because the specified key vault key was not found |
手动输入密钥 URI 时,请确保 URI 正确。 |
Azure Key Vault key is not a valid RSA key |
确保所选密钥为 RSA 类型。 |
Azure Key Vault key is not enabled |
确保所选密钥已启用。 |
Azure Key Vault key is expired |
确保所选密钥有效。 |
Azure Key Vault key has not been activated |
确保所选密钥处于活动状态。 |
Key Vault URI is invalid |
手动输入密钥 URI 时,请确保 URI 正确。 |
Azure Key Vault is not recoverable. Make sure that Soft-delete and Purge protection are both enabled on the Azure Key Vault |
将密钥保管库恢复级别更新为:“Recoverable/Recoverable+ProtectedSubscription/CustomizedRecoverable/CustomizedRecoverable+ProtectedSubscription” |
Account must be in the same region as the Vault |
确保密钥保管库与 NetApp 帐户位于同一区域。 |
创建使用客户管理的密钥加密的卷时出错
| 错误条件 | 决议 |
|---|---|
Volume cannot be encrypted with Microsoft.KeyVault, NetAppAccount has not been configured with KeyVault encryption |
未在 NetApp 帐户上启用客户管理的密钥加密。 将 NetApp 帐户配置为使用客户管理的密钥。 |
EncryptionKeySource cannot be changed |
无解决方法:无法更改卷的 EncryptionKeySource 属性。 |
Unable to use the configured encryption key, please check if key is active |
检查: - 密钥保管库上的所有访问策略(获取、加密、解密)是否都正确? - 是否存在密钥保管库的专用终结点? -VNet 中是否存在虚拟网络 NAT,并且已启用委托 Azure NetApp 文件子网? |
Could not connect to the KeyVault |
确保专用终结点设置正确,并且防火墙没有阻止从虚拟网络到 KeyVault 的连接。 |