Avamar: Unable to browse NDMP client file system when creating a dataset

Summary: Avamar is unable to browse Network Data Management Protocol [NDMP] client file system.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

 NDMP Client File System Browse Error

When creating a dataset and browsing into an NDMP client's file system, an error message appears after entering the correct credentials.

The error message reads: Browse Timeout. The client was unable to complete this browse request within the allotted limit of 10 seconds.

  • The error can be caused by a directory structure with an unusually large number of subelements.
  • It can also be caused by an unusually low available CPU capacity at the client.

Clicking Retry yields the same timeout error.

Notable conditions include:

  • The CPU on the NAS client is not under load.
  • The directory does not have many files or subdirectories.
  • Several client policies configured on this NDMP accelerator node can browse without any issue.

Cause

Root Cause of the Issue

The Avamar firewall on the utility node by default only allows connection to the accelerator node on ports 28001 - 28011.

If there are avagent processes on the accelerator node that use ports above 28011, they are blocked by the utility node's firewall.

ps -eaf | grep avagent
 

This blockage is the root cause of the issue, as it prevents the client from completing the browse request within the allotted time limit.

Resolution

There are several ways to update the avfirewall.
The preferred and recommended way is to use the goav tool.

How to get Goav tool.   
Avamar: GoAV Product Tool for Management and Troubleshooting

How to use Goav to configure the NDMP firewall.
Avamar: How to Use Goav Network Data Management Protocol Firewall Menu

The following way is the original way.
The disadvantage is that on upgrade the changes are not preserved.
Any changes have to be made again.
 

  1. Determine which ports avagent processes are using on the accelerator node: 
ps -eaf | grep avagent

 

  1. On the utility node, make a backup of the current firewall rule file:
sudo cp -p /etc/firewall.base /etc/firewall.base.<date>

 

  1. Open firewall.base for editing:
sudo vi /etc/firewall.base

 

  1. Change the following line (this allows avagent to use up to port 28051):
From:
exec_rule -A OUTPUT -p tcp --dport 28001:28011 -j ACCEPT
 
To:
exec_rule -A OUTPUT -p tcp --dport 28001:28051 -j ACCEPT
 
  1. Save and exit the file.
  2. Restart firewall on the utility node:
sudo service avfirewall restart

 

  1. Reregister clients on the accelerator node:
sudo avregister

 

  1. Ensure all were successfully registered then test file system browsing. 

Affected Products

Avamar

Products

Avamar
Article Properties
Article Number: 000054146
Article Type: Solution
Last Modified: 27 Aug 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.