Integrazione di Avamar e Data Domain: Impossibile sincronizzare i certificati con sicurezza della sessione abilitata
Shrnutí: Quando Sicurezza della sessione è abilitata in Avamar, i certificati devono essere sincronizzati tra Avamar e Data Domain. Ciò richiede l'abilitazione del protocollo SCP su Data Domain. ...
Tento článek se vztahuje na
Tento článek se nevztahuje na
Tento článek není vázán na žádný konkrétní produkt.
V tomto článku nejsou uvedeny všechny verze produktu.
Příznaky
I backup potrebbero avere esito negativo con i seguenti errori:
Dopo aver verificato i registri MCS, c'è un'eccezione correlata al protocollo SCP.
DDR result code: 5049, desc: file not found DDR result code: 5341, desc: SSL library error "failed to import host or ca certificate automatically" DDR result code: 5008, desc: invalid argumentQuando si segue l'articolo Dell 197106, Avamar e Data Domain Integration: DD con rosso nell'AUI Avamar e nel percorso di risoluzione dell'interfaccia utente, i certificati non vengono generati.
Dopo aver verificato i registri MCS, c'è un'eccezione correlata al protocollo SCP.
09/29-16:29:13.00727 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx FINE: Importing host certificate and ca certificates... 09/29-16:29:13.00743 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request show ... 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: Message digest algorithm: sha512 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: DD RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Number bits(key strength): 3072bit 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Message digest algorithm: sha512 09/29-16:29:14.00137 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request generate key-strength 3072bit country 'US' state 'California' city 'Irvine' org-name 'EMC Corp' org-unit 'BRS Division'... 09/29-16:29:14.00721 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile FINE: Copying file from host: idpa-lab.dell.com... 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile WARNING: Failed to copy file from host: idpa-lab.dell.com. 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.util.MCException.logException WARNING: com.maverick.ssh.SshException: java.io.IOException at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:151) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied. at com.maverick.scp.ScpClientIO$ScpEngineIO.readStreamFromRemote(ScpClientIO.java:305) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:148) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
Příčina
Esaminare il registro mcserver:
Il flusso di sincronizzazione dei certificati tra Avamar e Data Domain richiede l'abilitazione di SCP come illustrato di seguito:
Figura 1. L'interfaccia utente di Data Domain mostra che SCP è disabilitato
/usr/local/avamar/var/mc/server_log/mcserver.log.0 Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied.Ciò mostra che il protocollo SCP è disabilitato su Data Domain.
Il flusso di sincronizzazione dei certificati tra Avamar e Data Domain richiede l'abilitazione di SCP come illustrato di seguito:
- Avamar esegue un comando su Data Domain utilizzando la chiave pubblica di Data Domain per l'autenticazione senza password. Il primo comando è quello di generare una richiesta di firma del certificato (CSR, Certificate Signing Request) su Data Domain.
- Avamar tenta quindi di copiare la CSR da Data Domain utilizzando SCP, ma non riesce a farlo quando SCP è disabilitato in Data Domain.
- Avamar utilizza il CSR per firmare un certificato emesso a Data Domain dall'autorità di certificazione radice di Avamar. In Data Domain viene chiamato certificato "imported-host ddboost".
Figura 1. L'interfaccia utente di Data Domain mostra che SCP è disabilitato
Řešení
Abilitare SCP nell'interfaccia
web di Data Domain da Administration > Access > Services > Check SCP > Configure > Check Allow SCP.
Figura 2. Abilitare SCP nell'interfaccia web di Data Domain
web di Data Domain da Administration > Access > Services > Check SCP > Configure > Check Allow SCP.
Figura 2. Abilitare SCP nell'interfaccia web di Data Domain
Dotčené produkty
AvamarVlastnosti článku
Číslo článku: 000218137
Typ článku: Solution
Poslední úprava: 08 Jan 2026
Verze: 5
Najděte odpovědi na své otázky od ostatních uživatelů společnosti Dell
Služby podpory
Zkontrolujte, zda se na vaše zařízení vztahují služby podpory.