Unable to unlock a dataset after a move from one NAS box to new NAS box

I’ll start with the admission that this was likely a PEBCAK, but I am hoping that I simply missed something basic and that this group might be able to help me with my locked dataset.

My existing 2 18TB NAS was approaching 95% usage and since my box could not accommodate more drives, I built a new box to move the drive to and to add two more. I have a full back up of all 17TB of data, so I am not worried about data loss, but whether there is an easier way of getting the NAS back up and running.

I’ll start by saying that I do not recall encrypting my NAS drives. My NAS holds pictures and non-sensitive materials, so I do not think that I ever encrypted the drives. But when I moved the drives from the old box (Old) to the new one they showed that the dataset was locked. In my readings, I think that means that I did encrypt them as I cannot find another reason why they would be locked. (Please let me know if that’s not right.)

When I went to move the drives from the old setup to the new, I followed the export/disconnect procedures. I powered the old NAS down and installed the latest Core build on my new machine on a 1 TB NVME I had laying around. I imported the drives to the new NAS by following the following steps:

I see a text that the pool is being imported and then think I have success.

Except, they appear to be locked and I do not have a passphrase or a key to unlock them.

I appreciate that if they are encrypted, then I need to reformat and basically start from scratch. But is there somewhere to look to see if the key might be on either the old NAS box or somewhere in the pool itself? Or am I out of luck and need to chalk it up to a learning experience and start afresh? Is there any possibility that plugging them back into the old NAS will cause a missing key to reattach.

I am prepared for the worst and starting over, but if there is something I should try, I would apprecaite the feedback.

To rule out any glitch in the GUI:

zfs list -t filesystem -r -o encryption,encroot,keyformat "Rosi Storage"

Since you exported the pool from the old NAS, I believe that the keystrings (which are stored in the .db config) were wiped.

It’s still possible that you have daily configs in your old NAS “System Dataset”, which are still accessible if your System Dataset was housed in the boot-pool.

In the old NAS, the path would be /var/db/system/configs-XXXX/.

You would still need the correct pwenc_secret file, which still hopefully exists in the old boot-pool under /data/. There’s usually an old backup copy as well, named pwenc_secret.bak.

Thank you for the help. It must be encrypted.

I was able to grab a three day old version of the config file. I am having a problem with the pwenc_secret file. I am unable to use scp to move it from the older NAS server to one of the other computers on my network. I even made a copy of the file with a different extension (pwenc_secret.116) and changed the owner name from root to one of the other users on the server, but I could not SCP in to grab the file. I kept getting No such file or directory errors. Any suggestions on how to successfully move the file?

Not sure why that is.

Can you copy it to a different location on the old NAS, and from there scp or grab it via an SMB share?

You will need both files. The original pwenc_secret and pwenc_secret.bak.

It’s possible the file was regenerated when you exported your pool.

You never exported the encryption keys? This attempt is only when there are no other options available. You cannot depend on pwenc_secret to always work.

No, I did not. I did not realize that I had them encrypted. Hence my first comment about a PEBCAK.

There is no .bak file, just the original. I’ll mess with it later today. I appreciate your help.