Avamar: Unable to add or edit Data Domain on recent DDOS and DDVE versions due to certificate restriction
Summary: PowerProtect DD and DDVE versions have implemented a security change which has impacted Avamar and Data Domain integration.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Avamar systems with Session Security enabled are not compatible with below DDOS and DDVE Versions:
7.7.5.50 7.10.1.40 7.13.1.10 8.1.0.10
See the following KB article for more information about Session Security.
Avamar: Session Security
Cause
Change in behavior of the DD CLI used by Avamar to integrate with Data Domain.
Resolution
Resolution:
- Customers running DDOS 7.10 or below must upgrade to 7.10.1.50
- Customers running DDOS 7.13 must upgrade to 7.13.1.20
- Customers running DDOS 8 must upgrade to 8.3.0.0
Caution: Do not upgrade the DD system to 7.7.5.50, 7.10.1.40, 7.13.1.10, 8.1.0.10 if it is connected to Avamar with Session Security enabled.
Note: If the DDOS upgrade is already complete and the Avamar backups are working, no action is needed since the issue is only limited to certificate exchange between DD and Avamar.
Additional Information
You can check the certificate expiry of the Avamar GSAN root certificate authority (CA) with the command below:
You can check the certificate expiry of the signed certificate Avamar issued to Data Domain.
Run the following command on Data Domain:
openssl x509 -dates -noout -in /home/admin/chain.pem
You can check the certificate expiry of the signed certificate Avamar issued to Data Domain.
Run the following command on Data Domain:
adminaccess certificate show imported-host application ddboost
Affected Products
Data Domain, Avamar ServerArticle Properties
Article Number: 000234411
Article Type: Solution
Last Modified: 06 Feb 2025
Version: 17
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.