Data Domain: Upgrade precheck found one blocking issue. DD trusts CA with incorrect version (4).
Zusammenfassung: Summary: DDOS precheck fails because of an old certificate in the trust chain.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Symptome
Symptom: During upgrade precheck an error: Current Upgrade Status: DD OS precheck found 1 blocking issue.
Example:
sysadmin@dd9300# system upgrade status
Current Upgrade Status: DD OS precheck found 1 blocking issue(s)
Node Severity Issue Solution
---- -------- ------------------------------ --------
0 WARNING The default Local user passwords may
password-strength policy need to be modified to
will be updated after the comply with new policy.
upgrade.
0 CRITICAL DD trusts CA with incorrect Retry upgrade after
version (4). Regenerating the CA with
subject <systemhostname>
0 WARNING 1 precheck script(s) failed Please get more details in
to complete /ddr/var/log/debug/platform/in
fra.log
End time: 2023.06.21:12:47Ursache
There is an old certificate in the trust chain.
Lösung
1. Look at the trusts on the DD.
- #adminaccess trust show
- Look for the corresponding hostname from the error from the precheck.
Example:
sysadmin@dd9300# adminaccess trust show
Subject Type Valid From Valid Until Fingerprint
--------------------- ---------- ------------------------ ------------------------ -----------------------------------------------------------
<systemHostname> trusted-ca Thu Mar 24 10:33:03 2011 Sun Mar 16 10:33:03 2042 6F:22:F5:ED:F6:F2:29:82:2A:17:CE:6A:31:9D:2A:E2:60:2B:69:81
ddmc trusted-ca Sun Aug 24 10:22:40 2014 Wed Aug 16 10:22:40 2045 1B:CC:CC:44:04:ED:21:B9:69:D2:7C:96:31:C7:DE:BC:15:CC:04:AB
dpc trusted-ca Tue Nov 12 20:30:53 2019 Tue Nov 13 20:30:53 2029 A1:57:6A:10:B8:1E:88:72:01:88:61:F1:7D:D4:BC:22:4D:14:73:36
dd9300 trusted-ca Wed Oct 7 11:37:39 2020 Tue Oct 6 11:37:39 2026 54:A8:64:D1:FA:60:3C:81:42:89:D5:DD:78:D1:2B:74:AF:E6:F5:04
dd9300 trusted-ca Wed Oct 7 11:46:36 2020 Tue Oct 6 11:46:36 2026 DE:C2:6B:CC:BA:7A:EE:14:11:8E:76:CC:9A:23:A7:C4:8E:0D:6F:53
--------------------- ---------- ------------------------ ------------------------ -----------------------------------------------------------
2. Verify with the customer if they are still using the DD system corresponding to the hostname in error. It is common that the system is no longer in use. It could be used for DDMC monitoring as well. You can also confirm with a command if it is being used for replication:
- #replication show config
- This checks whether the DD is using the hostname for mtree replication, if the hostname is in use you have to regenerate the certificate.
- In this example, the DD is no longer in use and not found in the replication config.
Example:
sysadmin@dd9300# replication show config
CTX Source Destination Connection Low-bw-optim Crepl-gc-bw-optim Encryption Enabled Max-repl-
Host and Port (Auth-mode) streams
--- ----------------------------------------------------- ----------------------------------------------------- --------------------------------- ------------ ----------------- ----------- ------- ---------
1 mtree://dd9300/data/col1/DD9300 mtree://9300/data/col1/DD9300 dd9300.xxxx.org (default) disabled disabled disabled yes 32
--- ----------------------------------------------------- ----------------------------------------------------- --------------------------------- ------------
3. If confirmed that the trust is not needed for replication or DDMC, remove the old trust:
- # adminaccess trust del host <hostname of other DD>
- Example: # adminaccess trust del host <systemHostname>
4. Try to rerun the precheck and it should be successful.
Betroffene Produkte
Data DomainArtikeleigenschaften
Artikelnummer: 000215203
Artikeltyp: Solution
Zuletzt geändert: 16 Jan. 2026
Version: 4
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.