Data Domain:升級前置檢查發現一個封鎖問題。DD 以不正確的版本 (4) 信任 CA。
Summary: 摘要:由於信任鏈中的舊憑證,DDOS 預先檢查失敗。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
症狀:升級前置檢查期間發生錯誤:目前的升級狀態:DD OS 預先檢查發現 1 個封鎖問題。
例子:
例子:
sysadmin@dd9300# system upgrade status
Current Upgrade Status: DD OS precheck found 1 blocking issue(s)
Node Severity Issue Solution
---- -------- ------------------------------ --------
0 WARNING The default Local user passwords may
password-strength policy need to be modified to
will be updated after the comply with new policy.
upgrade.
0 CRITICAL DD trusts CA with incorrect Retry upgrade after
version (4). Regenerating the CA with
subject cdcdsd8601
0 WARNING 1 precheck script(s) failed Please get more details in
to complete /ddr/var/log/debug/platform/in
fra.log
End time: 2023.06.21:12:47Cause
信任鏈中有一個舊憑證。
Resolution
1.查看 DD 上的信任。
範例:
範例:
3.如果確認複製或 DDMC 不需要信任,請移除舊的信任:
4.嘗試重新執行前置檢查,且應成功。
- #adminaccess 信任顯示
- 從預先檢查的錯誤中尋找對應的主機名稱。
範例:
sysadmin@dd9300# adminaccess trust show
Subject Type Valid From Valid Until Fingerprint
--------------------- ---------- ------------------------ ------------------------ -----------------------------------------------------------
cdcdsd8601 trusted-ca Thu Mar 24 10:33:03 2011 Sun Mar 16 10:33:03 2042 6F:22:F5:ED:F6:F2:29:82:2A:17:CE:6A:31:9D:2A:E2:60:2B:69:81
oailxddmc trusted-ca Sun Aug 24 10:22:40 2014 Wed Aug 16 10:22:40 2045 1B:CC:CC:44:04:ED:21:B9:69:D2:7C:96:31:C7:DE:BC:15:CC:04:AB
oailxdpc trusted-ca Tue Nov 12 20:30:53 2019 Tue Nov 13 20:30:53 2029 A1:57:6A:10:B8:1E:88:72:01:88:61:F1:7D:D4:BC:22:4D:14:73:36
xlvdsdd9300 trusted-ca Wed Oct 7 11:37:39 2020 Tue Oct 6 11:37:39 2026 54:A8:64:D1:FA:60:3C:81:42:89:D5:DD:78:D1:2B:74:AF:E6:F5:04
oaidsdd9300 trusted-ca Wed Oct 7 11:46:36 2020 Tue Oct 6 11:46:36 2026 DE:C2:6B:CC:BA:7A:EE:14:11:8E:76:CC:9A:23:A7:C4:8E:0D:6F:53
--------------------- ---------- ------------------------ ------------------------ ----------------------------------------------------------- 2.向客戶確認他們是否仍在使用主機名稱發生錯誤的對應 DD 系統。系統已不再使用,這是常見的問題。它也可以用於 DDMC 監控。您也可以使用命令確認其是否用於複寫:
- #replication 顯示組態
- 這會檢查 DD 是否使用主機名稱進行 mtree 複寫,如果主機名稱在使用中,您必須重新產生憑證。
- 在此範例中,DD 已不再在使用中,且未在複寫組態中找到。
範例:
sysadmin@dd9300# replication show config
CTX Source Destination Connection Low-bw-optim Crepl-gc-bw-optim Encryption Enabled Max-repl-
Host and Port (Auth-mode) streams
--- ----------------------------------------------------- ----------------------------------------------------- --------------------------------- ------------ ----------------- ----------- ------- ---------
1 mtree://oaidsdd9300/data/col1/DD9300_2_RMAN mtree://xlvdsdd9300/data/col1/DD9300_1_RMAN xlvdsdd9300.xxxx.org (default) disabled disabled disabled yes 32
--- ----------------------------------------------------- ----------------------------------------------------- --------------------------------- ------------
3.如果確認複製或 DDMC 不需要信任,請移除舊的信任:
- # adminacces trust del host
- 範例:# adminaccess trust del host cddsd8601
4.嘗試重新執行前置檢查,且應成功。
Affected Products
Data DomainArticle Properties
Article Number: 000215203
Article Type: Solution
Last Modified: 22 Sept 2023
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.