Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"

Summary: Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"

This article applies to   This article does not apply to 
Check out resources for

Symptoms



User configured secure LDAP using KB article 529493: How to configure secure LDAP on Avamar server    

Scenario 1:    
LDAP test fails with error:   
message  javax.naming.ServiceUnavailableException: dc-01.emc.com:636; socket closed; remaining name 'dc=emc,dc=com'

Scenario 2:   
Error message:    
2020-03-17 11:14:46,222 ERROR [main]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: dc-01.emc.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

Cause

  • There are multiple DCs in environment, for example dc-01, dc-02, etc. 
  • LDAP was configured to use one DC, and certificate for that DC was imported to rmi_ssl_keystore. 

Resolution

Steps:   
  1. Configure secure LDAP by following KB article 529493: How to configure secure LDAP on Avamar server   
  2. Verify if there are have multiple DCs, then get the DC names and IPs
  3. Check for the DCs using "nslookup domain name".
For example:    
nslookup dell.com
  1. Get certificates for the list of DCs and import LDAP server certs to rmi_ssl_keystore 
  2. To import cert, follow below steps: 
    1. Log in to PuTTY and switch to root user
    2. Take a backup copy of rmi_ssl_keystore:    
cp -p /usr/local/avamar/lib/rmi_ssl_keystore /usr/local/avamar/lib/rmi_ssl_keystore-orig
  1. Assuming there are two or more DCs in environment (dc-01 and DC-02), place certificate of dc-01.crt and dc-02.crt under /tmp
keytool -importcert -file /tmp/dc-01.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-01
keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
  1. Restart MCS as admin user:    
mcserver.sh --stop
 
 
mcserver.sh --start



Additional Information

This content is translated in 17 languages: 
https://downloads.dell.com/TranslatedPDF/CS_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/DA_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/DE_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/ES-XL_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/FI_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/FR_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/IT_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/JA_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/KO_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/NL_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/NO-NO_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/PL_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/PT-BR_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/RU_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/SV_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/TR_KB541441.pdf
https://downloads.dell.com/TranslatedPDF/ZH-CN_KB541441.pdf

Affected Products

Avamar

Products

Avamar