This post is more than 5 years old
23 Posts
1
11871
avamar virtual appliance ssl error
Getting error given below. how to resolve it or skip ssl if not signed by CA.
avvcbimage Warning <16004>: Soap fault detected, Connection problem with WS ticket, Msg:'SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"SSL_ERROR_SSL
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
Detail: SSL_connect error in tcp_connect()
avvcbimage Warning <0000>: [IMG0014] Problem logging into URL 'https://vcenter:443/sdk' with session cookie.
avvcbimage Info <16021>: Logging into URL 'https://vcenter:443/sdk' with user 'administrator' credentials.
avvcbimage Warning <16004>: Soap fault detected, Connection problem, Msg:'SOAP 1.1 fault: SOAP-ENV:Client [no subcode]
"SSL_ERROR_SSL
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"
VivekSarmalkar1
23 Posts
0
June 30th, 2015 12:00
Disable certification verification in avamar for vcenter & perform below steps:
Unencrypted Backups & Replication Fail in Avamar 7.1 Due to Increased Firewall Restrictions
Add a gsan-port file to allow port 27000 usage
For any new installation of 7.1 GA the gsan-port file will be missing from -"/usr/local/avamar/lib/admin/security/gsan-port"
Login to the Avamar utiltiy node as root and load the dpnid keys per KB 95614.
Verify this file is absent:
ls -l /usr/local/avamar/lib/admin/security/
Create the gsan-port file using vi (or equivalent).
vi /usr/local/avamar/lib/admin/security/gsan-port
On the first line insert:
GSAN_PLAIN_TEXT='27000,'
Save the close the file.
If on a multi-node grid copy the file to the data nodes. If a Single Node skip to Step 6.
mapall --user=root copy /usr/local/avamar/lib/admin/security/gsan-port
Once copied move the file to the correct directory.
mapall --user=root mv gsan-port /usr/local/avamar/lib/admin/security/
Restart the avfirewall services.
mapall --noerror --all+ --user=root 'service avfirewall restart'
Confirm no further issues exist by running telnet from utility node to one of the Avamar Data Nodes.
Note: Alternatively, running an unencrypted client backup to confirm it is successful.
telnet 27000
Ref:https://community.emc.com/docs/DOC-42141
leckdog34
2 Posts
0
March 27th, 2015 07:00
I am having the same issue with the Avamar proxy virtual appliance. If I leave the default EMC certificate, VM backups work correctly. I have tried setting the certificate to the vCenter CRT and PEM files, same error as above.
I have tickets open with EMC and VMware on this issue but no resolution yet. I am curious if you were able to get this working?
Thanks
VivekSarmalkar1
23 Posts
0
April 1st, 2015 01:00
Not able to perform with EMC certificate? Any one resolved it?
leckdog34
2 Posts
0
April 1st, 2015 05:00
No resolution yet. Working with VMware and EMC still. We have strict policies on security due to being in the healthcare industry, so getting our own SSL to work is mandatory. I will post a resolution when we get there!
Ram8985
1 Message
0
October 17th, 2019 01:00