Data Domain: Reauthorizing Replication Pairs

Summary: Data Domain directory replication may fail with the error “AUTH failed: secret key already set” when the replication relationship is still initialized but the secret keys between systems are no longer synchronized. This issue occurs when connectivity is lost for an extended period without a clean replication break. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

  • This issue occurs when connectivity is lost for an extended period without a clean replication break.
  • Directory replication shows:
    Error: AUTH failed: secret key already set
  • Replication is not in an uninitialized state.
    (If replication displays State: uninitialized and Sync'ed-as-of time: -, this article does not apply.)
  • Running reauthentication on the source system returns:
**** This command can only be run on an already initialized replica to prepare for recovery.

Cause

If the connection between the source and destination Data Domain systems is lost for a long period, the replication secret keys may fall out of sync. Because the replication context was not manually broken, the systems remain in an initialized state but cannot continue replication, resulting in the authentication failure.

Resolution

The reauthentication (reauth) step should be performed only on the destination DD.

CTX Source                                              Destination                                                    Connection Host and Port                       Enabled
---   -------------------------------------------------   ------------------------------------------------------------   --------------------------------------------   -------   
1     dir://source.datadomain.com/backup/weekly           dir://dest.datadomain.com/backup/weekly-repl                   source.datadomain.com*            (default)*    yes   
---   -------------------------------------------------   ------------------------------------------------------------   --------------------------------------------   -------   
 * Used for recovery only.

 

  1. Connect to the source and destination DD using the Command-Line Interface (CLI) Data domain: How To Connect to a Data Domain System for Administration.
  2. Disable the file system on the source and destination DD by running the following command: 
    # filesys disable
  3. Run the following command to obtain the full path or context (CTX) number: 
    # replication show config
  4. Disable the replication on both the source and destination DD: 
    # replication disable
  5. Reauthorize the destination Data Domain.
    Note: Replication "reauth" should be performed only on the destination. 
    # replication reauth <destination path>
    • Example: 
      #replication reauth dir://dest.datadomain.com/backup/weekly
    • Or the context number can be used: 
      # replication reauth rctx://1
  6. Enable the file system on source and destination DD. 
    # filesys enable
  7. Enable replication on the source and destination DD. 
    # replication enable rctx://1
⚠️Note: If replication was manually broken on either system, recovery is not possible through reauthentication. Replication must be broken on both the source and destination systems, then recreated and fully resynchronized.

If your problem persists after performing the steps in this article, upload a support bundle (SUB) and create a service request with your contracted support provider.

Affected Products

Data Domain

Products

Data Domain
Article Properties
Article Number: 000042544
Article Type: Solution
Last Modified: 25 Feb 2026
Version:  3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.