Article Number: 000185098
DLm health check report failing most Data Domain checks
Summary: All SSH access to the Data Domain restricted via DD System Manager
Article Content
Symptoms
All administrative access to the Data Domain via ssh fails, but the NFS mount points remain active.
System Reporting Alert: vte1
Brief Description: DLm error level event number DLMF:DLmT0307E: SSH Keys Check Failed: SSH keys not distributed to DD system.
DLm HEALTH CHECK RESULTS for System APM01204708239 2021-04-07 at 15:56:51 (5.3.0-4)
...
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
DD Data Connection Check PASSED
DD-1 192.168.203.111 Connection Check PASSED
DD-1 192.168.203.112 Connection Check PASSED
DD-1 192.168.203.113 Connection Check PASSED
DD-1 192.168.203.114 Connection Check PASSED
DD-1 192.168.203.115 Connection Check PASSED
DD-1 192.168.203.116 Connection Check PASSED
DD-1 192.168.203.117 Connection Check PASSED
NFS Mounts Check PASSED
/lockfs/LOCK Host dd1s: Available
/opt/DLm/DD-1/dlmconfig Host dd1s: Available
/tapelibPRD/DD1_P1_FS1 Host dd1s-alias0: Available
/tapelibPRD/DD1_P1_FS2 Host dd1s-alias1: Available
/tapelibPRD/DD1_P1_FS3 Host dd1s-alias2: Available
/tapelibPRD/DD1_P1_FS4 Host dd1s-alias3: Available
...
Check SSH Keys Distribution FAILED
root@vte2 to sysadmin@dd-1 FAILED
vtape@vte2 to sysadmin@dd-1 FAILED
...
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
DD Data Connection Check PASSED
DD-1 192.168.203.111 Connection Check PASSED
DD-1 192.168.203.112 Connection Check PASSED
DD-1 192.168.203.113 Connection Check PASSED
DD-1 192.168.203.114 Connection Check PASSED
DD-1 192.168.203.115 Connection Check PASSED
DD-1 192.168.203.116 Connection Check PASSED
DD-1 192.168.203.117 Connection Check PASSED
...
Data Domain 1:
Cannot check Data Domain 1:
Cannot access dd1
Errors found during Healthcheck:
VTE 1
Check SSH Keys Distribution FAILED
root@vte1 to sysadmin@dd-1 FAILED
vtape@vte1 to sysadmin@dd-1 FAILED
VTE 1
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
VTE 2
Check SSH Keys Distribution FAILED
root@vte2 to sysadmin@dd-1 FAILED
vtape@vte2 to sysadmin@dd-1 FAILED
VTE 2
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
Data Domain 1
Cannot check Data Domain 1 Cannot access dd1
Command line access to the Data Domain similarly fails:
ssh sysadmin@dd1
ssh_exchange_identification: read: Connection reset by peer
The unit IS reachable by ping and telnet over port 22.
System Reporting Alert: vte1
Brief Description: DLm error level event number DLMF:DLmT0307E: SSH Keys Check Failed: SSH keys not distributed to DD system.
DLm HEALTH CHECK RESULTS for System APM01204708239 2021-04-07 at 15:56:51 (5.3.0-4)
...
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
DD Data Connection Check PASSED
DD-1 192.168.203.111 Connection Check PASSED
DD-1 192.168.203.112 Connection Check PASSED
DD-1 192.168.203.113 Connection Check PASSED
DD-1 192.168.203.114 Connection Check PASSED
DD-1 192.168.203.115 Connection Check PASSED
DD-1 192.168.203.116 Connection Check PASSED
DD-1 192.168.203.117 Connection Check PASSED
NFS Mounts Check PASSED
/lockfs/LOCK Host dd1s: Available
/opt/DLm/DD-1/dlmconfig Host dd1s: Available
/tapelibPRD/DD1_P1_FS1 Host dd1s-alias0: Available
/tapelibPRD/DD1_P1_FS2 Host dd1s-alias1: Available
/tapelibPRD/DD1_P1_FS3 Host dd1s-alias2: Available
/tapelibPRD/DD1_P1_FS4 Host dd1s-alias3: Available
...
Check SSH Keys Distribution FAILED
root@vte2 to sysadmin@dd-1 FAILED
vtape@vte2 to sysadmin@dd-1 FAILED
...
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
DD Data Connection Check PASSED
DD-1 192.168.203.111 Connection Check PASSED
DD-1 192.168.203.112 Connection Check PASSED
DD-1 192.168.203.113 Connection Check PASSED
DD-1 192.168.203.114 Connection Check PASSED
DD-1 192.168.203.115 Connection Check PASSED
DD-1 192.168.203.116 Connection Check PASSED
DD-1 192.168.203.117 Connection Check PASSED
...
Data Domain 1:
Cannot check Data Domain 1:
Cannot access dd1
Errors found during Healthcheck:
VTE 1
Check SSH Keys Distribution FAILED
root@vte1 to sysadmin@dd-1 FAILED
vtape@vte1 to sysadmin@dd-1 FAILED
VTE 1
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
VTE 2
Check SSH Keys Distribution FAILED
root@vte2 to sysadmin@dd-1 FAILED
vtape@vte2 to sysadmin@dd-1 FAILED
VTE 2
DD Management Connection Check FAILED
Failed to connect dd1
dd1 FAILED
Data Domain 1
Cannot check Data Domain 1 Cannot access dd1
Command line access to the Data Domain similarly fails:
ssh sysadmin@dd1
ssh_exchange_identification: read: Connection reset by peer
The unit IS reachable by ping and telnet over port 22.
Cause
All SSH access to the Data Domain was restricted via Data Domain System Manager ; Administration ; Access ; SSH. The DLm requires all vte management ip addresses to have ssh access.
Resolution
ssh access restrictions on the Data Domain MUST permit all DLm VTE internal management network IP addresses within the 192.168.100.* range as documented in the DLm /etc/hosts file on the primary management VTE.
Verify any SSH restrictions via the DLm attached Data Domain System Manager ; Administration ; Access ; SSH panel. If there are SSH restrictions, then SSH access MUST permit all VTE ip addresses.
Verify any SSH restrictions via the DLm attached Data Domain System Manager ; Administration ; Access ; SSH panel. If there are SSH restrictions, then SSH access MUST permit all VTE ip addresses.
Article Properties
Affected Product
DD for DLm8100, Disk Library for mainframe DLm2100, Disk Library for mainframe DLm2500, Disk Library for mainframe DLm8100, Disk Library for mainframe DLm8500
Last Published Date
27 Jul 2021
Version
5
Article Type
Solution