Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"
Resumen: Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"
Este artículo se aplica a
Este artículo no se aplica a
Este artículo no está vinculado a ningún producto específico.
No se identifican todas las versiones del producto en este artículo.
Síntomas
User configured secure LDAP using KB article 529493: How to configure secure LDAP on Avamar server
Scenario 1:
LDAP test fails with error:
message javax.naming.ServiceUnavailableException: dc-01.emc.com:636; socket closed; remaining name 'dc=emc,dc=com'
Scenario 2:
Error message:
2020-03-17 11:14:46,222 ERROR [main]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: dc-01.emc.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Causa
- There are multiple DCs in environment, for example dc-01, dc-02, etc.
- LDAP was configured to use one DC, and certificate for that DC was imported to rmi_ssl_keystore.
Resolución
Steps:
- Configure secure LDAP by following KB article 529493: How to configure secure LDAP on Avamar server
- Verify if there are have multiple DCs, then get the DC names and IPs
- Check for the DCs using "nslookup domain name".
For example:
nslookup dell.com
- Get certificates for the list of DCs and import LDAP server certs to rmi_ssl_keystore
- To import cert, follow below steps:
- Log in to PuTTY and switch to root user
- Take a backup copy of rmi_ssl_keystore:
cp -p /usr/local/avamar/lib/rmi_ssl_keystore /usr/local/avamar/lib/rmi_ssl_keystore-orig
- Assuming there are two or more DCs in environment (dc-01 and DC-02), place certificate of dc-01.crt and dc-02.crt under /tmp
keytool -importcert -file /tmp/dc-01.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-01
keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
- Restart MCS as admin user:
mcserver.sh --stop
mcserver.sh --start
Información adicional
This content is translated in 17 languages:
| https://downloads.dell.com/TranslatedPDF/CS_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/DA_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/DE_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/ES-XL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/FI_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/FR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/IT_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/JA_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/KO_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/NL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/NO-NO_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/PL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/PT-BR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/RU_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/SV_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/TR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/ZH-CN_KB541441.pdf |
Productos afectados
AvamarProductos
AvamarPropiedades del artículo
Número del artículo: 000170123
Tipo de artículo: Solution
Última modificación: 10 oct 2024
Versión: 4
Encuentre respuestas a sus preguntas de otros usuarios de Dell
Servicios de soporte
Compruebe si el dispositivo está cubierto por los servicios de soporte.