Cannot login from client to do a restore

We've just logged a call with Avamar Support. We cant login in to Web Restore from any client using "Avamar/Axion" auth after an MCUser password change. The password change was done by our tech before he left. We have tried creating new users at different domain levels eg./clients and /clients/pcfoo to test the problem. None of which have helped. We also have version 5. Please keep this post current if you have a fix. I wonder if its a y2.01k problem. :-)

Joe

If you have installed Avamar 5 Client without "Destop Laptop Option" that means you are using standard "Web Restore Feature"

Login to utility node and check the file /usr/local/avamar/etc/avamar.cfg , Please check the value for --hfsaddr=

If this field is blank it wont work, Please change the value and use the IP Address of the Utility Node

For example

--hfsaddr=192.168.1.1

Please test it and confirm.

Thank you for the suggestion.  Per our Avamar Administrator:

"Both Systems were blank - I updated both of them."

After he made the change, I am still unable to login from the web interface to perform a restore.  I get the same "Authentication was not accepted.  Please try again".

Does he need to restart anything on the Utility nodes?

Thanks

NJK

Please stop and start EMS

Login to Utility Node as user Admin, Load the Keys

ssh-agent bash

ssh-add ~/.ssh/dpnid

dpnctl stop ems

dpnctl start ems

After restarting the EMS please check if you can get Login.

User Below Syntax to login

User Name : MCUser@/

Client : /clients/abc.example.com

Message was edited by: Amol

That did not work either.  But thank you for the suggestion.

NJK

This suggestion worked for us. Thank you and well done. Why would a password change have stripped the node IP out of here?

Joe

Joe,

Change Password script wont change the configuration file, there is a possibility that the entry for "hfsaddr" was empty since day one.

Web restore was working earlier as all the passwords were default and all the configuration file was unchanged.

When you try to attemp web restore after running change-passwords script, it had to refer to all the configuration file as the "default" values were changed.

I would recommend to check the configuration file on your second grid and then run change-passwords script, if you still face the same problem please open a support ticket for further analysis

There is strong possibilty that during the initial configuration of the server the file was not updated properly

Regards

Amol

I just installed Avamar DS Gen3 and everything seems to be working fine.  But none of the users I've created can log into the Web Restore web interface.  I'm typing in the account name, client path, and password correctly (I know that the client path is case-sensitive) but it still says Authentication was not accepted, please try again.  However, the users I've created can log into the MCS just fine and they are able to see what's defined for them.  Any help would be appreciated.  We're running Avamar v5.0.1.  Thanks in advance.

Hello Chong,

1.) Please can you confirm that TCP packet routing and bidirectional
communication between theAvamar server and each Desktop client computer
using TCP data ports 7778, 8080, 8105, 8181, 8444, 27000, 28001, 28002, and
29000 are properly configure ?

2.) Second things to check Naming System and connections between each
Avamar Desktop client and the Avamar server including situations where IP
address changes are caused by DHCP and VPN access. Client computers must
have a static, resolvable, fully qualified domain name.

3.) Please let us know if Avamar Desktop/Laptop server "dtlt" is in active
state ?

4.) Are configuration files "krb5.conf" and "ldap.properties" in
"/usr/local/avamar/etc"  are properly configured ?
Please can you send us the files too.
Does the LDAP verification "krb_auth_verify" works properly when you test
connection with your ldap server  ?

5.) When you try to connect from Avamar client side (Desktop/Laptop), what
exact your are getting ? Which error code, notification, warning ... ? 
What exact ?

6.) Did you properly installed Public Key Certificate on client side ?

7.) Try to modify domain name entire in "/etc/avamar/domains.cfg" to be higher then 20.
f.X  ---->  XYZ.COM=22

<< snip >>

# Login Manager Authentication Domainlist Configuration
#
# Format:
#    domainname=domainid
#
#    "domainname" is an (arbitrary) name for the authentication domain.  Users will use this in the"--id=user@domain" parameter
#    "domainid" is a unique numeric identifier.  It is used internally by the DPN (to support domainname changes).

# DPN System Domains  (do not modify these)
unknown=0
avamar=1
default=1

# Customer Specific Domains
#nis=2
#ldap=3
#winnt=4
XXYYZZ.COM=3

# Aliases
#NIS=2
#LDAP=3
#WINNT=4

Regards,

.R

Did u try the reply which i had posted earlier ?

Reply no 3, check the hfsaddr value in /usr/local/avamar/etc/avamar.cfg

Yes I did.  And it worked :-)  However it created a new problem.  Web restore users can log in but now and download their files but they can't log into the Avamar Administrator console and view their (priveledged access) domains.  Or are they not supposed to be able to do that?