Highlighted

avamar virtual appliance ssl error

Jump to solution

Getting error given below. how to resolve it or skip ssl if not signed by CA.

avvcbimage Warning <16004>: Soap fault detected, Connection problem with WS ticket, Msg:'SOAP 1.1 fault: SOAP-ENV:Client [no subcode]

"SSL_ERROR_SSL

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

Detail: SSL_connect error in tcp_connect()

avvcbimage Warning <0000>: [IMG0014] Problem logging into URL 'https://vcenter:443/sdk' with session cookie.

avvcbimage Info <16021>: Logging into URL 'https://vcenter:443/sdk' with user 'administrator' credentials.

avvcbimage Warning <16004>: Soap fault detected, Connection problem, Msg:'SOAP 1.1 fault: SOAP-ENV:Client [no subcode]

"SSL_ERROR_SSL

error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed"

Reply
1 Solution

Accepted Solutions
Highlighted

Re: avamar virtual appliance ssl error

Jump to solution

Disable certification verification in avamar for vcenter & perform below steps:

Unencrypted Backups & Replication Fail in Avamar 7.1 Due to Increased Firewall Restrictions

Add a gsan-port file to allow port 27000 usage

For any new installation of 7.1 GA the gsan-port file will be missing from -"/usr/local/avamar/lib/admin/security/gsan-port"

Login to the Avamar utiltiy node as root and load the dpnid keys per KB 95614.

Verify this file is absent:

ls -l /usr/local/avamar/lib/admin/security/

Create the gsan-port file using vi (or equivalent).

vi /usr/local/avamar/lib/admin/security/gsan-port

On the first line insert:

GSAN_PLAIN_TEXT='27000,'

Save the close the file.

If on a multi-node grid copy the file to the data nodes.  If a Single Node skip to Step 6.

mapall --user=root copy /usr/local/avamar/lib/admin/security/gsan-port

Once copied move the file to the correct directory.

mapall --user=root mv gsan-port /usr/local/avamar/lib/admin/security/

Restart the avfirewall services.

mapall --noerror --all+ --user=root 'service avfirewall restart'

Confirm no further issues exist by running telnet from utility node to one of the Avamar Data Nodes.

Note: Alternatively, running an unencrypted client backup to confirm it is successful.

          telnet <ip_address of data node> 27000


Ref:https://community.emc.com/docs/DOC-42141

View solution in original post

Reply
5 Replies
Highlighted
leckdog34
1 Copper

Re: avamar virtual appliance ssl error

Jump to solution

I am having the same issue with the Avamar proxy virtual appliance. If I leave the default EMC certificate, VM backups work correctly. I have tried setting the certificate to the vCenter CRT and PEM files, same error as above.

I have tickets open with EMC and VMware on this issue but no resolution yet. I am curious if you were able to get this working?

Thanks

Reply
Highlighted

Re: avamar virtual appliance ssl error

Jump to solution

Not able to perform with EMC certificate? Any one resolved it?

Reply
Highlighted
leckdog34
1 Copper

Re: avamar virtual appliance ssl error

Jump to solution

No resolution yet. Working with VMware and EMC still. We have strict policies on security due to being in the healthcare industry, so getting our own SSL to work is mandatory. I will post a resolution when we get there!

Reply
Highlighted

Re: avamar virtual appliance ssl error

Jump to solution

Disable certification verification in avamar for vcenter & perform below steps:

Unencrypted Backups & Replication Fail in Avamar 7.1 Due to Increased Firewall Restrictions

Add a gsan-port file to allow port 27000 usage

For any new installation of 7.1 GA the gsan-port file will be missing from -"/usr/local/avamar/lib/admin/security/gsan-port"

Login to the Avamar utiltiy node as root and load the dpnid keys per KB 95614.

Verify this file is absent:

ls -l /usr/local/avamar/lib/admin/security/

Create the gsan-port file using vi (or equivalent).

vi /usr/local/avamar/lib/admin/security/gsan-port

On the first line insert:

GSAN_PLAIN_TEXT='27000,'

Save the close the file.

If on a multi-node grid copy the file to the data nodes.  If a Single Node skip to Step 6.

mapall --user=root copy /usr/local/avamar/lib/admin/security/gsan-port

Once copied move the file to the correct directory.

mapall --user=root mv gsan-port /usr/local/avamar/lib/admin/security/

Restart the avfirewall services.

mapall --noerror --all+ --user=root 'service avfirewall restart'

Confirm no further issues exist by running telnet from utility node to one of the Avamar Data Nodes.

Note: Alternatively, running an unencrypted client backup to confirm it is successful.

          telnet <ip_address of data node> 27000


Ref:https://community.emc.com/docs/DOC-42141

View solution in original post

Reply
Ram8985
1 Copper

avvcbimage Error <0000>: [IMG0014] Problem logging into URL 'https://Avamar server:443/sdk' with user 'EMEA\S-ESX-EMC-VC-AVAMAR

Jump to solution
avvcbimage Error <0000>: [IMG0014] Problem logging into URL 'https://Avamar grid:443/sdk' with user 'EMEA\S-ESX-EMC-VC-AVAMAR'
Reply