Encrypted Replication Task Keeps Failing - Raw Streams and Encryption Error Message

T

theprez

Explorer
Joined
Oct 18, 2014
Messages
72
Hey All -

Trying to setup an automated replication task from my local server to a remote server using the same version of TrueNAS Scale. Something seems off with the encryption configuration - if I disable encryption in the task it works fine, if I enable encryption I get this cryptic error:

CRITICAL

Replication "Volume1/VirtualMachines/SVR1 - Volume1/Snapshot_Backup" failed: cannot receive new filesystem stream: encryption property 'encryption' cannot be set or excluded for raw streams..

2022-09-07 08:39:13 (America/Chicago)

I have no idea what its telling me the problem is, any ideas on why encryption seems to cause problems here?

Both the local pool and the remote pool have their own passphrase encryption if that matters.

Thanks
 
winnielinnie

winnielinnie

MVP
Joined
Oct 22, 2019
Messages
3,641
If you enable "Include Dataset Properties" or "Full Filesystem Encryption", it wants to include everything: even the encryption properties from the source dataset.

Did you create the destination dataset on the remote server before configuring this replication task? If so, it means that you cannot do a "Full Filesystem Replication" or "Include Dataset Properties". You've already set a unique immutable property on the destination dataset: encryption

It cannot be a raw stream, since the records are encrypted with different master keys.

A raw steam only works if the destination dataset is created and encrypted by virtue of the first replication stream. Thus, the destination will not only inherit the same encryption properties (passphrase, iterations, etc), but also it will use the same master key as the source dataset.

However, for SCALE, I'm not sure. Do they display an explicit option for "raw stream"? In Core, no such granular option exists. It only shows "Include Dataset Properties" and "Full Filesystem Replication".

But if either "Full Filesystem Replicaton" or "Include Dataset Properties" is enabled, and encryption exists, then it will de facto be a raw stream. I don't believe "excluding" the encryption properties in the task's configuration can bypass this.

EDIT: I'm still not sure if the source is using encryption?
 
Last edited:
You must log in or register to reply here.

Important Announcement for the TrueNAS Community.

The TrueNAS Community has now been moved. This forum will now become READ-ONLY for historical purposes. Please feel free to join us on the new TrueNAS Community Forums.

Related topics on forums.truenas.com for thread: "Encrypted Replication Task Keeps Failing - Raw Streams and Encryption Error Message"

Similar threads

B
1:1 perfect local replication with encrypted pools
Replies
1
Views
832
BahadirM
B
N
(SOLVED) Replication Task from TrueNAS 13.0 to a remote Debian system, cannot send snapshot
Replies
1
Views
2K
natepichler
N
J
SOLVED replication task and encryption probably just understanding issue
Replies
14
Views
2K
John Doe
J
R
How to fix replication error "kernel modules must be upgraded to receive this stream."
Replies
0
Views
1K
runevn
R
F
Is My Data Lost? A ZFS Encryption / Replication Remote Keys Unable to Be Loaded Question
2 3
Replies
49
Views
3K
winnielinnie
winnielinnie
Top