Data Domain:DDMC:无法将受管系统添加到 管理中心

Summary: 将 Data Domain (DD) 添加到 PowerProtect DD Management Center (DDMC) 的故障处理步骤。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

无法将特定 Data Domain (DD) 添加到 DDMC。示例:

SE@DDMC01##  managed-system add abc.com force
The SHA1 fingerprint for the remote host's CA certificate is
F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9
Do you want to trust this certificate?  Are you sure? (yes|no) [no]: yes

** Once added, all "admin"  role users on this DD Management Center
   will operate on "abc.com" system with "admin" role.

To allow "abc.com" to be managed by this DD Management Center,
Enter "abc.com" sysadmin password:
ok, proceeding.
*** Add abc.com failed:

System "abc.com" is in the "unknown" state. Data collection is disabled

尝试将新的托管系统添加到 DDMC 时,另一个可能的错误消息如下所示:

**** managed-dd.example.com: Error communicating with host ddmc.example.com: error occurred in the SSL/TLS handshake.

 

Cause

这可能是由于各种原因造成的,例如:

  • 连接问题
  • DD 中的条目无效
  • DDMC 上的条目无效
  • 所需端口未打开
  • DDMC 与 DD 之间的 SSL/TLS 协议版本不匹配

日志:

DDMC:
Messages.engineering:

Jul 29 19:04:36 MSPjDDMC01 sms: NOTICE: Trust with host aaa.com has been added
Jul 29 19:09:42 MSPjDDMC01 -ddsh: NOTICE: MSG-DDSH-00017: (tty=pts/0, session=8899) tassos1: command "managed-system add abc.com force" exited with code: 95
Jul 29 20:58:37 MSPjDDMC01 -ddsh: NOTICE: MSG-DDSH-00009: (tty=pts/0, session=8899) tassos1: command "managed-system add abc.com force"
Jul 29 21:04:36 MSPjDDMC01 sms: WARNING: ems_post_event: Failed to initialize event: Incompatible managed system version. EVT-OBJ::SystemName=abc.com EVT-INFO::DetectedVersion=
Jul 29 21:23:32 MSPjDDMC01 sms: NOTICE: Trust with host aaa.com has been added
Jul 29 21:47:24 MSPjDDMC01 -ddsh: NOTICE: MSG-DDSH-00017: (tty=pts/0, session=8899) tassos1: command "managed-system add abc.com force" exited with code: 245

sms.info

07/29 21:04:36.487 (tid 0x6ffbca0): **** Error communicating with host abc.com: Error communicating with host abc.com:
error occurred in the SSL/TLS handshake.
07/29 21:04:36.509 (tid 0x6ffbca0): Workflow Getting system data (ID 1434912) starts child workflow (ID 1434913) to
get current node config & status info for host "abc.com"
07/29 21:04:36.521 (tid 0x70005a0): Workflow (ID 1434913) begin to get_node_info
for host "abc.com"
07/29 21:04:36.716 (tid 0x70005a0): **** Error communicating with host abc.com: error occurred in the
SSL/TLS handshake.
07/29 21:04:36.723 (tid 0x70005a0): Workflow (ID 1434913) detected host "abc.com" is unreachable. No data collection is
performed.
07/29 21:04:36.733 (tid 0x70005a0): WARNING: ems_post_event: Failed to initialize event: Incompatible managed system version. EVT-
OBJ::SystemName=abc.com EVT-INFO::DetectedVersion=

 

Resolution

下面是解决问题时可以遵循的故障处理步骤。错误 “error occurred in the SSL/TLS handshake” 是更高版本的 DDMC 安全强化的结果。每个矩阵都支持 DDMC/DDOS 组合,但由于安全性更改而不起作用。知识库文章“DDOS/DDMC 是否支持 TLS 版本 1.1 和 1.2?”包含所有技术详细信息(需要戴尔支持帐户才能查看本文)。使用 DDMC 6.1 管理早于 DDOS 5.7.4.0 的 DD 时,会出现此问题。通过将托管 DD 升级到 DDOS 5.7.4.0 或更高版本可解决该问题。

有关问题的其他可能原因,请执行以下故障诊断步骤:

  1. 使用“ping”和“net lookup”命令检查 DD 和 DDMC 之间的连接。

  2. 如果需要,请添加相应的主机条目以使 ping 和查找成功。

  3. 从 DDMC 中,还通过运行以下命令检查与 DD 的连接:

    #managed-system check-connection <DD Hostname>

  4. 使用 telnet 访问 SE 模式并检查 3009 端口是否双向打开:

    在 DDR 和 DDMC 上:
    通过打开 SSH 命令行连接访问 SE 模式 [例如使用 Putty]

    提醒:“SE”命令在 DDOS 版本 7.7.5.25、7.10.1.15、7.13.0.15、6.2.1.110 及更高版本中已弃用,并且只能由戴尔员工访问。
    1. 在 DD 上: 
      # se telnet <DDMC IP> 3009
    2. 在 DDMC 上: 
      # se telnet <DD IP> 3009

    Telnet 连接的示例。连接预计会被外部主机关闭,因为 DD OS 不允许 telnet。

    se telnet 172.18.50.132  3009
Trying 172.18.50.132...
Connected to 172.18.50.132.
Escape character is '^]'.
Connection closed by foreign host.

  5. 将 DD 添加到 DDMC 时 DDMC 获取的指纹与 DD 的 CA 证书的指纹进行比较。

    DDMC 应获取正确的 DD 指纹。

    SE@phxdd01#adminaccess certificate show detailed
Type:                host
Cert Type:           Host Certificate
Application:         https
Subject/Issued To:   abc.com
Issued By:           abc.com
Valid From:          Sat Aug  1 01:30:36 2015
Valid Until:         Wed Jul 25 08:30:36 2046
Fingerprint:         7F:81:11:BC:F5:10:40:83:68:87:81:F5:97:77:EF:6C:EF:02:74:82

Type:                ca
Cert Type:           Root CA
Application:         trusted-ca
Subject/Issued To:   abc.com
Issued By:           abc.com
Valid From:          Sun Aug  2 08:30:36 2015
Valid Until:         Wed Jul 25 08:30:36 2046
Fingerprint:         F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9 

SE@DDMC01##  managed-system add abc.com force
The SHA1 fingerprint for the remote host's CA certificate is
F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9
Do you want to trust this certificate?  Are you sure? (yes|no) [no]: yes

  6. 在 DD 上,检查主题列下的主机名和 CA 证书。它应该与以下内容不同:

    tassos1@jaxdd01# hostname
The Hostname is: pqr.com
assos1@jaxdd01# adminaccess certificate show
Subject                              Type   Application   Valid From                 Valid Until                Fingerprint
----------------------------------   ----   -----------   ------------------------   ------------------------   ---------------------------------------
pqr.com           host   https         Sun Dec  8 12:16:08 2013   Wed Nov 30 18:16:08 2044   2A:21:3E:1E:43:C9:77:F7:20:EF:E5:DF:D9:C9:9A:F8:4C:33:5E:0B
pqr.ent.com   ca     trusted-ca    Wed Feb 22 12:41:58 2012   Sat Feb 14 12:41:58 2043   AE:AF:8A:E9:0D:0C:F3:53:B5:A7:BF:D8:38:BC:2D:DA:CF:E5:E9:C8
----------------------------------   ----   -----------   ------------------------   ------------------------   ---------------------------------------

    如果存在不匹配情况(如上述输出中所示),则在 DD 上重新生成证书。
    要重新生成 DD 证书,TSE 必须转到 BASH 模式。此步骤必须由 Data Domain 支持工程师运行。

    # ddsh -a adminaccess certificate show
Subject                      Type   Application   Valid From                 Valid Until                Fingerprint
--------------------------   ----   -----------   ------------------------   ------------------------   ------------------------------------------
pqr.com   host   https         Sat Aug  8 06:39:31 2015   Wed Aug  1 10:39:31 2046   D5:26:79:20:3A:2F:73:41:7E:A8:5C:9B:69:54:11:8B:33:E9:BD:D9
pqr.com   ca     trusted-ca    Sun Aug  9 11:39:31 2015   Wed Aug  1 10:39:31 2046   02:A0:F7:49:E1:16:BC:8E:FD:47:E4:24:C3:AE:45:7D:B1:8B:0C:3D
--------------------------   ----   -----------   ------------------------   ------------------------   -----------------------------

  7. 在 DDMC 上,验证是否将所有有效主机名添加为托管系统并在信任下。

    #adminaccess trust show
#managed-system show

    比较上述两个命令的输出,查看是否存在任何不匹配的情况。
    必须从 DDMC 中删除对无效 DD 主机名的信任。

    在 DDMC
    上运行 移除 DDR 信任,运行以下 CLI 命令:

    #adminaccess trust del host <Data Domain Hostname> type mutual

    在 Data Domain 上运行

    #adminaccess trust del host <DDMC hostname> type mutual

  8. 现在,尝试使用带 force 选项的 CLI 将 Data Domain 重新添加到 DDMC

    #managed-system add <DD Hostname> force

  9. 可以随时使用“Sync”命令来同步 DDMC 上的托管系统:

    #managed-system sync
#managed-system show

 

Affected Products

Data Domain, PowerProtect Data Domain Management Center

Products

DD OS 6.0
Article Properties
Article Number: 000065153
Article Type: Solution
Last Modified: 25 Apr 2025
Version:  7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.