Avamar- og Data Domain-integrering: Kan ikke synkronisere sertifikater med øktsikkerhet aktivert
Zusammenfassung: Når Øktsikkerhet er aktivert på Avamar, må sertifikatene synkroniseres mellom Avamar og Data Domain. Dette krever at SCP-protokollen er aktivert på Data Domain.
Dieser Artikel gilt für
Dieser Artikel gilt nicht für
Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden.
In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Symptome
Sikkerhetskopiering kan mislykkes med følgende feil:
Når du kontrollerer MCS-loggene, finnes det et unntak relatert til SCP-protokollen.
DDR result code: 5049, desc: file not found DDR result code: 5341, desc: SSL library error "failed to import host or ca certificate automatically" DDR result code: 5008, desc: invalid argumentNår du følger Dell-artikkelen 197106, Avamar og Data Domain Integration: DD viser rødt i Avamar AUI og eller oppløsningsbanen for brukergrensesnittet. Sertifikatene genereres ikke.
Når du kontrollerer MCS-loggene, finnes det et unntak relatert til SCP-protokollen.
09/29-16:29:13.00727 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx FINE: Importing host certificate and ca certificates... 09/29-16:29:13.00743 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request show ... 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: Message digest algorithm: sha512 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: DD RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Number bits(key strength): 3072bit 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Message digest algorithm: sha512 09/29-16:29:14.00137 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request generate key-strength 3072bit country 'US' state 'California' city 'Irvine' org-name 'EMC Corp' org-unit 'BRS Division'... 09/29-16:29:14.00721 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile FINE: Copying file from host: idpa-lab.dell.com... 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile WARNING: Failed to copy file from host: idpa-lab.dell.com. 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.util.MCException.logException WARNING: com.maverick.ssh.SshException: java.io.IOException at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:151) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied. at com.maverick.scp.ScpClientIO$ScpEngineIO.readStreamFromRemote(ScpClientIO.java:305) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:148) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
Ursache
Se gjennom mcserver-loggen:
Flyten av synkroniseringssertifikater mellom Avamar og Data Domain krever at SCP er aktivert som vist nedenfor:
Figur 1: Data Domain-brukergrensesnittet viser at SCP er deaktivert
/usr/local/avamar/var/mc/server_log/mcserver.log.0 Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied.Dette viser at SCP-protokollen er deaktivert på Data Domain.
Flyten av synkroniseringssertifikater mellom Avamar og Data Domain krever at SCP er aktivert som vist nedenfor:
- Avamar kjører en kommando på Data Domain ved hjelp av datadomenets fellesnøkkel for passordfri godkjenning. Den første kommandoen er å generere en forespørsel om sertifikat signering (CSR) på Data Domain.
- Avamar prøver deretter å kopiere CSR fra Data Domain ved hjelp av SCP, men kan ikke gjøre det når SCP er deaktivert på Data Domain.
- Avamar vil bruke CSR til å signere et sertifikat som er utstedt til Data Domain av Avamar-rotsertifikatmyndigheten. På Data Domain kalles det "imported-host ddboost"-sertifikatet.
Figur 1: Data Domain-brukergrensesnittet viser at SCP er deaktivert
Lösung
Aktiver SCP i Data Domain-webgrensesnittet
fra Administration (Administrasjon ) > Access > Services > Check SCP > Configure > Check Allow SCP (Kontroller tillat SCP).
Figur 2: Aktiver SCP i Data Domain-webgrensesnittet
fra Administration (Administrasjon ) > Access > Services > Check SCP > Configure > Check Allow SCP (Kontroller tillat SCP).
Figur 2: Aktiver SCP i Data Domain-webgrensesnittet
Betroffene Produkte
AvamarArtikeleigenschaften
Artikelnummer: 000218137
Artikeltyp: Solution
Zuletzt geändert: 08 Jan. 2026
Version: 5
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.