Can't restore replicated pool (source was encrypted)

[mrdataloss]

For months, my disk I/O performance of tentbraidz2 pool was terrible, because of reasons, so I've decided to recreate it.
I created a new pool(pool4tb) on a another disk, replicated the snapshots, and deleted tentbraidz2.

Then I saw the lock icons on the Pool management GUI. My pool4tb is apparently encrypted and not unlocked.
I've double checked my replication task settings, and I have unchecked "Encryption". So why is it encrypted and how do I unlock it? Can I modify the auto unlock settings somewhere to the new pool?

 

[winnielinnie]

Was the original tentbraidz2 ever encrypted, and did you make a backup of the keyfile(s) if it wasn't "locked with a passphrase"? Did you already delete the original tentbraidz2 before trying to unlock it on your new pool?

As for this,

My pool4tb is apparently encrypted and not unlocked.

It's the other way around. The root dataset pool4tb is not encrypted, while backups (the dataset underneath it in your screenshot) is encrypted. The padlock icon with a "slash" through it means that a dataset is not encrypted, and allows you to identify it among other datasets that are encrypted.

 

[mrdataloss]

Was the original tentbraidz2 ever encrypted, and did you make a backup of the keyfile(s) if it wasn't locked with a "passphrase"?
Yes, it was encrypted, and auto unlocked after reboots via the key file, with no passphrase. I've got some backups. It's only a 1Mb tar file with a sqlite db file and the pwenc_secret file. I thought that this file is the key to the pool, but it looks like the GUI wants a json file to unlock the pool. I've been doing this "config" backup tar file every time I've upgraded truenas, but never actually tried to do anything with it before.

Did you already delete the original tentbraidz2 before trying to unlock it on your new pool?
No. I did not even notice that pool4tb was encrypted and locked. It did not occur to me that I can write to an encrypted and locked pool (I've just replicated my snapshots to it from an unlocked pool, and I explicitly turned off encryption on the new pool).

 

[winnielinnie]

It's only a 1Mb tar file with a sqlite db file and the pwenc_secret file.

Extract that .tar file. You might have a copy of the tentbraidz2 keyfile on it from during the time that your were using tentbraidz2 and it auto-unlocked with a keyfile during boot that was stored on your boot drive. If you find the keyfile, open it up with a text editor and copy+paste the 64-character string to unlock each dataset that you replicated over to pool4tb.

Once you unlock all your datasets, make sure to export the pool keys for pool4tb to your computer somewhere safe.

I created a new pool(pool4tb) on a another disk, replicated the snapshots, and deleted tentbraidz2.

I read this to mean that you deleted the original tentbraidz2 pool. But you're saying you didn't?

From now, export and make copies somewhere safe of your pool's encryption keys. If you're lucky, you made a copy of them earlier when you exported your config file as a .tar archive.

 

[winnielinnie]

According to your screenshot, you replicated,

• tentbraidz2/vms
• tentbraidz2/backups
• tentbraidz2/morestuff

The datasets highlighted in bold text were replicated individually, and placed under the pool pool4tb like this,

• pool4tb/vms
• pool4tb/backups
• pool4tb/morestuff

I used red color to denote your original encryption, and green color to denote non-encrypted. I'm assuming that you selected encryption during the creation of the pool tentbraidz2, and thus by default every dataset created underneath inherited tentbraidz2's encryption and keystring.

When you replicated them "as is", you sent them over to pool4tb as individual datasets that still use their original encryption and keystrings.

Normally these keystrings are found in a .json file if you exported them. Since you didn't (?) export them, you might have a copy of them in your exported config .tar.

If you did export the pool/dataset keys and saved them to your computer, the file will look something like this: dataset_tentbraidz2_keys.json