Problem
KMS backups are failing with status 86 (media position error)
Error Message
Cause
1-> Confirm that the following files exist on the server:
/opt/openv/kms/db/KMS_DATA.dat
/opt/openv/kms/key/KMS_HMKF.dat
/opt/openv/kms/key/KMS_KPKF.dat
2-> Confirm that the media being used on the drives is encryption capable media.
Example: LTO4 Media for the LTO4 Drives.
4-> Got the output of the following command:
On Windows systems, the directory path to this command is <install_path>\NetBackup\bin\admincmd\
nbkmsutil -listkeys -kgname ENCR_xxxx
This showed using 128 bit encyrption
s per article below IBM stated that IBM LTO-4 drives are required to use 256-bit Advanced Encryption.
IBM Ultrium Generation 4 (LTO-4) drive and drive encryption support
https://www-304.ibm.com/support/docview.wss?uid=swg27009625
IBM LTO-4 drive encryption support
Encrypting Data
It is often critical to secure client data, especially when that data may be of a sensitive nature. To ensure that data for off-site volumes is protected, IBM tape encryption technology is available. This technology utilizes a stronger level of encryption by requiring 256-bit Advanced Encryption Standard (AES) encryption keys. Keys are passed to the drive by a key manager in order to encrypt and decrypt data.
> "C:\Program Files\Veritas\volmgr\bin\tpautoconf" -t
TPAC60 IBM ULT3580-HH5 B6W1 1068027975 3 0 3 0 Tape0 - -
TPAC60 IBM ULT3580-HH5 B6W1 1068027756 3 0 4 0 Tape1 - -
TPAC60 IBM ULT3580-HH5 B6W1 1068027677 4 0 3 0 Tape3 - -
TPAC60 IBM ULT3580-HH5 B6W1 1068027283 4 0 4 0 Tape2 -
Solution
After deleting the AES_128 Keygroup and recreating it to use AES_256 got a successful encrypted backup.