Data Domain: Cloud unit in disconnected state due to SSL connect error

Summary: This article explains how to solve when the cloud unit is in the disconnected state.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Cloud unit in disconnected state due to SSL connect error.

ddfs.info:
Error:

list_bucket failed for profile <profile_name> with err 5341: SSL connect error.
  
# alert show current
Id      Post Time                  Severity   Class      Object                Message
-----   ------------------------   --------   --------   -------------------   -------------------------------------------------------------------------------------------------------------
m0-13   Mon Oct 14 18:25:10 2024   CRITICAL   Cloud      CloudUnit=AzurePLZ2   EVT-CLOUD-00001: Unable to access provider for cloud unit <cloud unit>
-----   ------------------------   --------   --------   -------------------   -------------------------------------------------------------------------------------------------------------

 

Cause

There was a problem with an SSL operation.

Ensure that you have the correct certificate for the cloud provider imported into the DD.

Cloud endpoint address does not have a fixed public IP address. The IP address changes over time for security reasons.
IF firewall configuration is done to connect to cloud provider endpoint using IP address, then when the IP address gets changed Data Domain is unable to reach the endpoint.

 

Resolution

  • Configure a cloud endpoint in Firewall using FQDN rather than relying on IP Address.
  • DNS resolves the FQDN to the current IP address or changed IP address.
  • If FQDN configuration cannot be done in client-side, Firewall then regularly update the firewall rules to include current IP ranges for endpoint connectivity.
Note: Relying on IP address for cloud storage endpoints is not recommended due to its dynamic nature, it is best to use the FQDN and implement appropriate authentication and authorization mechanisms for secure access.

 

Affected Products

Data Domain
Article Properties
Article Number: 000250557
Article Type: Solution
Last Modified: 20 Jan 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.