Avamar:备份可能会停止响应,或者文件系统备份失败并显示“Fatal Server Error occurred”(发生致命服务器错误)
Summary: Avamar 备份失败并显示“avtar FATAL” <5704>: 发生致命服务器错误 (MSG_ERR_AUTH_FAIL)。 必须在全局存储区域网络 (GSAN) 和管理控制台服务 (MCS) 之间正确同步会话票证,才能处理备份。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
备份失败,并生成以下日志。
Avamar GSAN err.log可能会显示:
[srvm-518654#srv:481] WARN: <1479> sessionkeytable::setpublickey new serial=<x> less than current minserial=<y> ... [srvm-525136#srv:775] WARN: <1426> sessionkeytable::comparesignature incorrect signature
Avtar 日志可能会显示:
2019-12-31 07:35:23 avtar Error <8609>: Connection killed from GSAN. (Log #1) 2019-12-31 07:35:23 avtar FATAL <5704>: Fatal Server Error occurred (MSG_ERR_AUTH_FAIL), aborting execution (SECURETICKETLOGIN=452 serial=1 seq=0 flags=R:H:0 kind=0 rsp=MSG_ERR_AUTH_FAIL) (Log #1) 2019-12-31 07:35:23 avtar Error <5126>: Login error 5: Authorization failure (Session Ticket login) (Log #1) 2019-12-31 07:35:23 avtar FATAL <8941>: Fatal server connection problem, aborting initialization. Verify correct server address and login credentials. (Log #1) 2019-12-31 07:35:23 avtar Error <7001>: Exiting avtar with run-at-end script failure -1 (Log #1)
9-12-31 07:35:23 avtar Info <8474>: - Log file path: /usr/local/avamar/var/clientlogs/some-Unix.log 2019-12-31 07:35:23 avtar Info <6555>: Initializing connection 2019-12-31 07:35:23 avtar Info <5552>: Connecting to Avamar Server (avamar.com) 2019-12-31 07:35:23 avtar Info <5554>: Connecting to one node in each datacenter 2019-12-31 07:35:23 avtar Info <5993>: - Connect: Connected to 10.x.x.x:29000, Priv=0, SSL Cipher=AES256-SHA 2019-12-31 07:35:23 avtar Info <5993>: - Datacenter 0 has 1 nodes: Connected to 10.x.x.x:29000, Priv=0, SSL Cipher=AES256-SHA 2019-12-31 07:35:23 avtar Info <5581>: Logging in on connection 0 with Session Ticket 2019-12-31 07:35:23 avtar Info <18854>: Using Secure Session Ticket Format 2019-12-31 07:35:23 avtar Error <8609>: Connection killed from GSAN. 2019-12-31 07:35:23 avtar Info <9772>: Starting graceful (staged) termination, KILL event received (wrap-up stage) 2019-12-31 07:35:23 avtar FATAL <5704>: Fatal Server Error occurred (MSG_ERR_AUTH_FAIL), aborting execution (SECURETICKETLOGIN=452 serial=1 seq=0 flags=R:H:0 kind=0 rsp=MSG_ERR_AUTH_FAIL) 2019-12-31 07:35:23 avtar Error <5126>: Login error 5: Authorization failure (Session Ticket login) 2019-12-31 07:35:23 avtar FATAL <8941>: Fatal server connection problem, aborting initialization. Verify correct server address and login credentials. 2019-12-31 07:35:23 avtar Info <6149>: Error summary: 4 errors: 8941, 5704, 5126, 8609 2019-12-31 07:35:23 avtar Info <5917>: Back from run-at-end, exit code -1 2019-12-31 07:35:23 avtar Error <7001>: Exiting avtar with run-at-end script failure -1
Cause
您可以在 GSAN 日志中看到,分配的会话票证可能已用于以前的备份。
这可能是由于 GSAN 或 MCS 回滚导致会话票证乱序。
从 GSAN 日志
WARN: <1418> sessionkeytable::setpublickey session ticket with serial=28451 was used already WARN: <1426> sessionkeytable::comparesignature incorrect signature
当 MCS 的会话票证比 GSAN 大时,我们可以推断 GSAN 落后并使用旧的会话票证提供给客户端。
使用以下 grep 命令帮助诊断。
grep -i "sessionkeytable\|minserial" /data01/cur/gsan.log.00?
Resolution
我们必须获取会议票证才能再次同步。
步骤1:
获取当前的 GSAN 最小序列号。
avmaint cat /sysinfo/security/keytable
示例:
root@avamar:/home/admin/#: avmaint cat /sysinfo/security/keytable <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <keytable minimalserial="<minserial_less_than_mcs>">
步骤2:
从 MCS 获取当前会话票证序列号。
cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl
示例:
root@avamar:/home/admin/#: cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl <mcs_session_ticket_larger_than_gsan>
步骤3:
使用”mcecroot“,并将其与 avmaint 一起使用。
cd /usr/local/avamar/lib keytool -list -rfc -keystore /usr/local/avamar/lib/avamar_keystore -storepass `avlockbox.sh -r keystore_passphrase` -alias mcecroot | openssl x509 -pubkey -noout > mcecroot.pub
例子:
该命令使用 keytool 列出 mcecroot avamar_keystore别名,将结果输送到 openssl 以从密钥对中获取公钥,并将公钥写入名为 mcecroot.pub 的文件。
root@avamar:/usr/local/avamar/lib/#: keytool -list -rfc -keystore /usr/local/avamar/lib/avamar_keystore -storepass `avlockbox.sh -r keystore_passphrase` -alias mcecroot | openssl x509 -pubkey -noout > mcecroot.pub root@avamar:/usr/local/avamar/lib/#: cat mcecroot.pub -----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEicGAqiHQQ8DRi0ZkgsvEA8fCEeqW/DIr k53CFakwbOtTejb2Okk+2VTkY5H4gfLEKd4Gtq5gPP2OcpaUf/SrIc4MO3bn8OhC l/vQKfAeJvrPPEvcIG0GiLyLtwJykeUq -----END PUBLIC KEY-----
步骤4:
使用 写入新的 GSAN 最小序列号 mcecroot 公钥,建议在 MCS 中使用大于当前值的数字。
avmaint publickey --keyfile=./mcecroot.pub --serial=<your number> --ava
例子:
我们必须选择足够高的序列号以避免以下错误。
root@avamar:/usr/local/avamar/lib/#: avmaint publickey --keyfile=./mcecroot.pub --serial=28500 --ava ERROR: avmaint: publickey: server_exception(MSG_ERR_INVALID_PARAMETERS) root@avamar:/usr/local/avamar/lib/#: avmaint publickey --keyfile=./mcecroot.pub --serial=38000 --ava
如果您收到无效参数错误,请继续选择较大的数字,直到没有错误为止。
步骤5:
验证更改。
avmaint cat /sysinfo/security/keytable
示例:
root@avamar:/usr/local/avamar/lib/#: avmaint cat /sysinfo/security/keytable <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <keytable minimalserial="38000"> <-- new gsan minserial [..]
步骤6:
将该 minserial 写入 MCS 会话票证。
echo -n "<number you were able to use for mcec key>" > /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl
示例:
root@avamar:/usr/local/avamar/lib/#: echo -n "38000" > /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl root@avamar:/usr/local/avamar/lib/#: cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl 38000
步骤7:
重新启动 MCS。
mcserver.sh --restart
步骤8:
测试备份。
Affected Products
Data Protection, Data Backup & Protection Software, Avamar, AvamarArticle Properties
Article Number: 000200098
Article Type: Solution
Last Modified: 06 Aug 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.