decryption fails after removing cache disk from geli encrypted pool

[Krautmaster]

Dear all, im in big trouble.

Currently running TrueNAS-13.0-U4 and my main pool has 4x12TB RaidZ1 + 200GB Cache disk.

This pool is encrypted since end of 2019 with geli and had to be unlocked each time after boot using a passhrase.

Yesterday I removed the cache disk in the Truenas GUI, disk was removed, pool and data stayed perfectly accessible. This night I rebooted the Truenas server and now the data seems to be doomed.

The pool is listed, encrypted, but if I try to decrypt I getthe following error:

From Dump:

I copied my recovery key to an other share in tried the following in cli

root@freenas[~]# sqlite3 /data/freenas-v1.db 'select vol_encryptkey from storage_volume where vol_name = "RaidZ";'
eb530015-88f0-4ea6-b9bd-240621543eee

root@freenas[~]# geli attach -k /data/geli/eb530015-88f0-4ea6-b9bd-240621543eee.key /dev/gptid/e435d44f-1f88-11ea-b7b1-000c29445504

root@freenas[~]# geli attach -k /data/geli/eb530015-88f0-4ea6-b9bd-240621543eee.key /dev/gptid/e435d44f-1f88-11ea-b7b1-000c29445504
Enter passphrase:
geli: Wrong key for gptid/e435d44f-1f88-11ea-b7b1-000c29445504.
geli: There was an error with at least one provider.
root@freenas[~]#

Also if i try with the recovery key I get this "geli: There was an error with at least one provider." problem.

All disks are untouched, including the previous cache disk. I think any how I need to get the devices in access and then to import the pool.

What can I do? Running out of ideas and I dont want to risk any data loss. The most important data is backuped but ~20TB of other stuff isnt. May i boot in a old 12.X envionment and to check if i can get the devices in access there?

Thanks for your help!!!! Dump attached

 

[Krautmaster]

oh. Using the recovery key i dont get an error when i try this

root@freenas[~]# geli attach -k /mnt/WDGreen/backup/ServerBackup/geli.key -p /dev/gptid/e07be400-f593-11e9-9332-000c29445504
root@freenas[~]#

But how to proceed

 

[Krautmaster]

After attaching all 4 remaining disks the CLI shows me the tank ready for import, so I have some hope. But maybe i can decrypt it anyway which was a goal the last years. And after the decryption it should be easily be importable but i want to get rid of that enrypction risk

 

[Krautmaster]

when i run the import in the CLI i can get the data online

 

[Krautmaster]

okay, what would be the best way to fix that pool? The data is saveable, which is good. But the UI and the import is broken in the GUI.

Is it save now to remove the cache disk (which i already did thats why its broken) above or might it be better to use the "reset passphrase". Im afraid the encryption could be damaged making my stuff inaccessible because im still irritated how a "cache removal" killed my geli passphrase.

The Geli key from /data/geli does not work any more. I think I would have to reset the password for my Pool? Ideas?

 

[Krautmaster]

was able to attach them with recovery key, use the zpool import cli to attach it in the original location and then to reset the passphrase using the Truenas GUI. Disks are now back on again after reboot and can be unlocked using the pass

 

[NickF]

You know, good on you for this thread. You didn't get an answer, but you figured it out on your own and documented what you did. I appreciate threads like this as they give me hope for the future of humanity