Media in an ENCR encryption pool is frozen when attempting a KMS encryption backup

Article:TECH87444  |  Created: 2009-01-18  |  Updated: 2011-08-04  |  Article URL http://www.symantec.com/docs/TECH87444
Article Type
Technical Solution


Environment

Issue



Media in an ENCR encryption pool is frozen when attempting a KMS encryption backup


Error



FREEZING media id xxxxxx,Encryption unavailable for an ENCR pool


Solution



KMS is the NetBackup Key Management Service that manages symmetric cryptography keys for tape drives that conform to the T10 standard; for example LTO4.

A backup policy is configured to use media from a pool name with the prefix "ENCR".

This is the trigger for the bptm process to enable encryption in the tape drive. The bptm process mounts it's tape then checks that encryption is possible, given the selected tape and drive.

It logs the results of it's checks in it's bptm log file; for example:
  16:54:17.552 [8584] <2> manage_drive_attributes: report_attr, fl1 0x00010049, fl2 0x0000000c

If encryption is not possible, bptm will freeze the media and report this error in both the bperror log and it's own log file.

One possible cause of the failure is that the media is not suitable for use with drive based hardware encryption. For example, it is possible to mount an LTO3 tape cartridge into an LTO4 and perform normal backups to this tape. However, LTO3 tape cartridges are not suitable for use with LTO4 hardware encryption.

Check the value for "fl1" in the bptm log. In the example above it is 0x00010049 and this was for an LTO3 media. When the correct media is loaded, the value is 0x20000 greater. In this example, if LTO4 media is used, the fl1 value is 0x00030049
 
Bit 0x00010000 indicates the Drive supports Encryption.
Bit 0x00020000 indicates the Media supports Encryption.
If both the drive and media supports encryption, these values will be added together (0x00030000) in the fl1 field.

The media can be physically inspected to check the type.
 
Note: bptm has to confirm both the drive and media supports encryption for KMS to work.

 



Legacy ID



321244


Article URL http://www.symantec.com/docs/TECH87444


Terms of use for this information are found in Legal Notices