Avamar:SQL 客户端备份随机失败并显示 sslcontext::loadCert 错误(启用会话安全性)
Summary: 在使用 Data Domain Virtual Edition (DDVE) 在 Microsoft Azure 中部署的 19.8 SQL 客户端之前的 Avamar 版本中,在启用会话安全性的情况下,备份可能会随机失败。当客户端解析为 IPv6 环回地址而不是 IPv4 时,由于 IP 地址选择不正确而导致 SSL 证书和私钥验证错误,因此会发生故障。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
启用会话安全性后,SQL 客户端备份会间歇性失败,并显示与 SSL 相关的错误。在同一备份作业中,某些线程成功完成,而其他线程失败。
- 而
avsql日志显示以下错误:
2023-01-11 12:02:10.99399 [avsql] uflags::parsefile Printing flags from C:\Program Files\avs\var\avsql.cmd: .cmd flag [1]: --debug=true .cmd flag [2]: --verbose=1 .cmd flag [3]: --x14=32768 2023-01-11 12:02:10.99399 [avsql] sock::libinit(enc="tls", encrypt_strength="high", verify=0) socktype="sock_ssl" 2023-01-11 12:02:10.99399 [avsql] sockimpl::libinit(usessl=1, verify=0, encrypt_strength="high", pemdir="C:\Program Files\avs\etc") 2023-01-11 12:02:10.99399 [avsql] sslcontext::libinit 2023-01-11 12:02:10.99399 [avsql] sslcontext::libinit verifypeer=0, encrypt_strength="high", global_sslctx=0000000001950D90, global_sslctx->ctx=000000000119B630 2023-01-11 12:02:10.99399 [avsql] sslcontext::libinit load cert: C:\Program Files\avs\etc\cert.pem 2023-01-11 12:02:10.99399 [avsql] sslcontext::libinit load key: C:\Program Files\avs\etc\key.pem 2023-01-11 12:02:10.99399 [avsql] ERROR: <0001> sslcontext::loadCert certificate/key not found or invalid cert=C:\Program Files\avs\etc\cert.pem key=C:\Program Files\avs\etc\key.pem 2023-01-11 12:02:10 avsql Error <5664>: SSL certificate/key not found or invalid. 2023-01-11 12:02:10 avsql Error <16154>: Unable to initialize socket library
- 在同一工单中,一些
avtar线程成功完成,而其他线程则因证书错误而失败。
成功 avtar 线程示例:
2023-01-11 12:02:11 avtar Info <5008>: Logging to C:\Program Files\avs\var\SCH-60-G-TLOG-SQL-60-1673449200555#2-3006-SQL.avtar.log 2023-01-11 12:02:11 avtar Info <5174>: - Reading C:\Program Files\avs\var\avtar.cmd 2023-01-11 12:02:11 avtar Info <5551>: Command Line: avtar --ddr-auth-enabled=false --ddr-encrypt-strength=none --ddr-auth-mode=3 --case_sensitive=false --max-streams=1 --backup-type=incremental --cacheprefix=avsql_t1 --ctlcallport=64502 --ctlinterface=3006-SCH-60-G-TLOG-SQL-60-1673449200555#2 --check-stdin-path=false --logfile="C:\Program Files\avs\var\SCH-60-G-TLOG-SQL-60-1673449200555#2-3006-SQL.avtar.log" --vardir="C:\Program Files\avs\var" --bindir="C:\Program Files\avs\bin" --sysdir="C:\Program Files\avs\etc" --account=/Azure/AZ-Prod/cldsrv1088.arcorgroup.com --id=backuponly --password=**************** --server=cldlnx0063.arcorgroup.com --ctlusessl=true 2023-01-11 12:02:11 avtar Info <7977>: Starting at 2023-01-11 12:02:11 Argentina Standard Time [avtar Oct 16 2020 15:51:11 19.4.100-116 Windows Server 2019 Datacenter Server Edition (No Service Pack) 64-bit-AMD64] 2023/01/11-15:02:11.03500 [avtar] <1291> FIPS mode enabled 2023-01-11 12:02:11 avtar Info <10684>: Setting ctl message version to 3 (from 1) 2023-01-11 12:02:11 avtar Info <16136>: Setting ctl max message size to 268435456 2023-01-11 12:02:11 avtar Info <6767>: Successfully connected to 127.0.0.1:64502
故障
avtar 线程示例:
2023-01-11 12:02:30 avtar Info <5008>: Logging to C:\Program Files\avs\var\SCH-60-G-TLOG-SQL-60-1673449200555#0-3006-SQL.avtar.log 2023-01-11 12:02:30 avtar Info <5174>: - Reading C:\Program Files\avs\var\avtar.cmd 2023-01-11 12:02:30 avtar Info <5551>: Command Line: avtar --ddr-auth-enabled=false --ddr-encrypt-strength=none --ddr-auth-mode=3 --case_sensitive=false --max-streams=1 --backup-type=incremental_full --ctlcallport=64502 --ctlinterface=3006-SCH-60-G-TLOG-SQL-60-1673449200555 --check-stdin-path=false --logfile="C:\Program Files\avs\var\SCH-60-G-TLOG-SQL-60-1673449200555#0-3006-SQL.avtar.log" --vardir="C:\Program Files\avs\var" --bindir="C:\Program Files\avs\bin" --sysdir="C:\Program Files\avs\etc" --account=/Azure/AZ-Prod/cldsrv1088.arcorgroup.com --id=backuponly --password=**************** --server=cldlnx0063.arcorgroup.com --ctlusessl=true 2023-01-11 12:02:30 avtar Info <7977>: Starting at 2023-01-11 12:02:30 Argentina Standard Time [avtar Oct 16 2020 15:51:11 19.4.100-116 Windows Server 2019 Datacenter Server Edition (No Service Pack) 64-bit-AMD64] 2023/01/11-15:02:30.86500 [avtar] <1291> FIPS mode enabled 2023/01/11-15:02:30.86500 [avtar] ERROR: <0001> sslcontext::loadCert certificate/key not found or invalid cert=C:\Program Files\avs\etc\cert.pem key=C:\Program Files\avs\etc\key.pem 2023-01-11 12:02:30 avtar Error <5664>: SSL certificate/key not found or invalid. 2023-01-11 12:02:30 avtar FATAL <19035>: Unable to initialize socket library for CTL.
行为不一致,失败在备份线程中随机发生。
Cause
在故障情形中,从 Avamar Server 接收的私钥无效。因此,OpenSSL 函数 SSL_CTX_use_PrivateKey_file() 失败。
Avamar Client 代理选择第一个可到达的主机地址,该地址可能是 IPv6 回路地址 (::1),因为它包含在主机名列表中。尽管客户端将 IPv6 地址发送到管理控制台 (MC),但 MC 仅存储 IPv4 地址。此地址不匹配会导致 SSL 证书验证失败。
Resolution
添加以下标志: avagent.cmd 在受影响的客户端上重新启动 avagent 要规避此问题,请执行以下操作:
--ipupdateinterval=43200 (Number of minutes between IP address update) --addr-family=4 (Force to use IPv4) --netbind=10.x.x.x (Force association with this network address rather than OS autoselection)
参数说明:
--ipupdateinterval指定更新客户端 IP 地址的时间间隔(以分钟为单位)。--addr-family=4强制客户端使用 IPv4。--netbind将代理绑定到特定的 IPv4 地址,而不是自动选择操作系统。
应用更改后,重新启动 Avamar 代理并重新运行备份。
永久修复
此问题已在 V19.8 中得到解决。进行了代码更改,以忽略本地主机分页地址。
Article Properties
Article Number: 000208390
Article Type: Solution
Last Modified: 26 Mar 2026
Version: 3
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.