Willing to pay for support: Pools won't encrypt

Hey all - I seem to have a very unfortunate combination of errors that stop me from encrypting my volumes.

I have tried to upgrade from CORE –> SCALE not fully understanding that my volumes where encrypted via legacy encryption GELI.

Of course before doing this I did download recovery keys and config files accordingly, but I notice now that those downloads where corrupted or quarantained by some security software - long story short they are not there any more. Chrome download tab shows them striked through. And no file free recovery tool I tried was able to restore those files.

I did restore an old OS version (have tried Core 13.0 and 13.3) via a fresh USB based install but because of the lack of backup files I couldnt restore the settings / pools. After searching everything upside down I did find an old settings file (truenas-2023xxxxxx) that I was able to upload and restart truenas. Unfortunately, still the pools can’t be decrypted even though I am 100% sure that the password did not change since then.

The only thing I can imagine is that there i not the exact same setup of zvols (if that makes any difference) on the Volume_main as I added one a couple of weeks ago to host HOMEASSISTANT.

Here is the error trace that I get.

Error: concurrent.futures.process._RemoteTraceback:
“”"
Traceback (most recent call last):
File “/usr/local/lib/python3.9/concurrent/futures/process.py”, line 246, in _process_worker
r = call_item.fn(*call_item.args, **call_item.kwargs)
File “/usr/local/lib/python3.9/site-packages/middlewared/worker.py”, line 111, in main_worker
res = MIDDLEWARE._run(*call_args)
File “/usr/local/lib/python3.9/site-packages/middlewared/worker.py”, line 45, in _run
return self._call(name, serviceobj, methodobj, args, job=job)
File “/usr/local/lib/python3.9/site-packages/middlewared/worker.py”, line 39, in _call
return methodobj(*params)
File “/usr/local/lib/python3.9/site-packages/middlewared/worker.py”, line 39, in _call
return methodobj(*params)
File “/usr/local/lib/python3.9/site-packages/middlewared/schema.py”, line 985, in nf
return f(*args, **kwargs)
File “/usr/local/lib/python3.9/site-packages/middlewared/plugins/zfs.py”, line 352, in import_pool
self.logger.error(
File “libzfs.pyx”, line 402, in libzfs.ZFS.exit
File “/usr/local/lib/python3.9/site-packages/middlewared/plugins/zfs.py”, line 343, in import_pool
raise CallError(f’Pool {name_or_guid} not found.', errno.ENOENT)
middlewared.service_exception.CallError: [ENOENT] Pool 11802238427914461623 not found.
“”"

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File “/usr/local/lib/python3.9/site-packages/middlewared/plugins/pool_/encryption_freebsd.py”, line 272, in unlock
await self.middleware.call(‘zfs.pool.import_pool’, pool[‘guid’], {
File “/usr/local/lib/python3.9/site-packages/middlewared/main.py”, line 1285, in call
return await self._call(
File “/usr/local/lib/python3.9/site-packages/middlewared/main.py”, line 1250, in _call
return await self._call_worker(name, *prepared_call.args)
File “/usr/local/lib/python3.9/site-packages/middlewared/main.py”, line 1256, in _call_worker
return await self.run_in_proc(main_worker, name, args, job)
File “/usr/local/lib/python3.9/site-packages/middlewared/main.py”, line 1175, in run_in_proc
return await self.run_in_executor(self.__procpool, method, *args, **kwargs)
File “/usr/local/lib/python3.9/site-packages/middlewared/main.py”, line 1158, in run_in_executor
return await loop.run_in_executor(pool, functools.partial(method, *args, **kwargs))
middlewared.service_exception.CallError: [ENOENT] Pool 11802238427914461623 not found.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File “/usr/local/lib/python3.9/site-packages/middlewared/job.py”, line 355, in run
await self.future
File “/usr/local/lib/python3.9/site-packages/middlewared/job.py”, line 391, in _run_body
rv = await self.method(*([self] + args))
File “/usr/local/lib/python3.9/site-packages/middlewared/schema.py”, line 981, in nf
return await f(*args, **kwargs)
File "/usr/local/lib/python3.9/site-packages/middlewared/plugins/pool/encryption_freebsd.py", line 286, in unlock
raise CallError(msg)
middlewared.service_exception.CallError: [EFAULT] Pool could not be imported: 4 devices failed to decrypt.

Can anybody help? All my files would be lost if I cant recover this?

the missing Pool number occurs in the recovery file in this context:

PRIMARY KEY AUTOINCREMENT, “afp_path” varchar(255) NOT NULL, “afp_name” varchar(120) NOT NULL, “afp_comment” varchar(120) NOT NULL, “afp_allow” varchar(120) NOT NULL, “afp_deny” varchar(120) NOT NULL, “afp_ro” varchar(120) NOT NULL, “afp_rw” varchar(120) NOT NULL, “afp_timemachine” bool NOT NULL, “afp_nodev” bool NOT NULL, “afp_nostat” bool NOT NULL, “afp_upriv” bool NOT NULL, “afp_fperm” varchar(3) NOT NULL, “afp_dperm” varchar(3) NOT NULL, “afp_umask” varchar(3) NOT NULL, “afp_hostsallow” varchar(120) NOT NULL, “afp_hostsdeny” varchar(120) NOT NULL, “afp_auxparams” text NOT NULL, “afp_timemachine_quota” integer NOT NULL, “afp_home” bool NOT NULL, “afp_enabled” bool NOT NULL, “afp_vuid” varchar(36) NOT NULL)
#5
Uvolume_main1180223842791446162307f96444-1c80-4d1f-ab12-a61b02f8d4dc
#
�’18:00:0009:00:001,2,3,4,5,6,7

here is how Chrome downloads look like

screenshot_2026-01-02_14-571370×848 50 KB

wow - found an old hard disc with a Geli recovery key from 2017 and that worked. what a relieve

Good thing. Without the key no support - paid or unpaid - would have been able to help you. Your data would have been gone for good.

You can still follow the procedure I documented years ago to remove GELI encryption before upgrading from CORE to CE.

Thank you. Sounds I was VERY lucky.

will remove GELI according to your instructions

It looks like Chrome or your OS security blocked the files from being downloaded. I have noticed this in Brave browser, I actually have to tell it to “Keep” the file … caught this while downloading TrueNAS configuration files.