Avamar:備份可能會停止回應,或檔案系統備份失敗並顯示「發生嚴重伺服器錯誤」
Summary: Avamar 備份失敗,並顯示 avtar 嚴重 <5704>:發生嚴重伺服器錯誤 (MSG_ERR_AUTH_FAIL)。 工作階段工單必須在全域儲存區域網路 (GSAN) 和管理主控台服務 (MCS) 之間正確同步,才能處理備份。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
備份失敗,並產生以下記錄。
Avamar GSAN err.log可能會顯示:
[srvm-518654#srv:481] WARN: <1479> sessionkeytable::setpublickey new serial=<x> less than current minserial=<y> ... [srvm-525136#srv:775] WARN: <1426> sessionkeytable::comparesignature incorrect signature
Avtar 記錄可能會顯示:
2019-12-31 07:35:23 avtar Error <8609>: Connection killed from GSAN. (Log #1) 2019-12-31 07:35:23 avtar FATAL <5704>: Fatal Server Error occurred (MSG_ERR_AUTH_FAIL), aborting execution (SECURETICKETLOGIN=452 serial=1 seq=0 flags=R:H:0 kind=0 rsp=MSG_ERR_AUTH_FAIL) (Log #1) 2019-12-31 07:35:23 avtar Error <5126>: Login error 5: Authorization failure (Session Ticket login) (Log #1) 2019-12-31 07:35:23 avtar FATAL <8941>: Fatal server connection problem, aborting initialization. Verify correct server address and login credentials. (Log #1) 2019-12-31 07:35:23 avtar Error <7001>: Exiting avtar with run-at-end script failure -1 (Log #1)
9-12-31 07:35:23 avtar Info <8474>: - Log file path: /usr/local/avamar/var/clientlogs/some-Unix.log 2019-12-31 07:35:23 avtar Info <6555>: Initializing connection 2019-12-31 07:35:23 avtar Info <5552>: Connecting to Avamar Server (avamar.com) 2019-12-31 07:35:23 avtar Info <5554>: Connecting to one node in each datacenter 2019-12-31 07:35:23 avtar Info <5993>: - Connect: Connected to 10.x.x.x:29000, Priv=0, SSL Cipher=AES256-SHA 2019-12-31 07:35:23 avtar Info <5993>: - Datacenter 0 has 1 nodes: Connected to 10.x.x.x:29000, Priv=0, SSL Cipher=AES256-SHA 2019-12-31 07:35:23 avtar Info <5581>: Logging in on connection 0 with Session Ticket 2019-12-31 07:35:23 avtar Info <18854>: Using Secure Session Ticket Format 2019-12-31 07:35:23 avtar Error <8609>: Connection killed from GSAN. 2019-12-31 07:35:23 avtar Info <9772>: Starting graceful (staged) termination, KILL event received (wrap-up stage) 2019-12-31 07:35:23 avtar FATAL <5704>: Fatal Server Error occurred (MSG_ERR_AUTH_FAIL), aborting execution (SECURETICKETLOGIN=452 serial=1 seq=0 flags=R:H:0 kind=0 rsp=MSG_ERR_AUTH_FAIL) 2019-12-31 07:35:23 avtar Error <5126>: Login error 5: Authorization failure (Session Ticket login) 2019-12-31 07:35:23 avtar FATAL <8941>: Fatal server connection problem, aborting initialization. Verify correct server address and login credentials. 2019-12-31 07:35:23 avtar Info <6149>: Error summary: 4 errors: 8941, 5704, 5126, 8609 2019-12-31 07:35:23 avtar Info <5917>: Back from run-at-end, exit code -1 2019-12-31 07:35:23 avtar Error <7001>: Exiting avtar with run-at-end script failure -1
Cause
您可以在 GSAN 記錄中看到,指派的工作階段票證可能已用於先前的備份。
這可能是因為 GSAN 或 MCS 復原使工作階段工單無序所導致。
從 GSAN 記錄
WARN: <1418> sessionkeytable::setpublickey session ticket with serial=28451 was used already WARN: <1426> sessionkeytable::comparesignature incorrect signature
當 MCS 的會話票證大於 GSAN 時,我們可以推斷 GSAN 落後並使用舊的會話票證提供給用戶端。
使用下列 grep 命令協助診斷。
grep -i "sessionkeytable\|minserial" /data01/cur/gsan.log.00?
Resolution
我們必須讓會議票證再次同步。
第 1 步:
取得目前的 GSAN 分鐘序列。
avmaint cat /sysinfo/security/keytable
範例:
root@avamar:/home/admin/#: avmaint cat /sysinfo/security/keytable <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <keytable minimalserial="<minserial_less_than_mcs>">
第 2 步:
從 MCS 取得目前工作階段工單序列。
cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl
範例:
root@avamar:/home/admin/#: cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl <mcs_session_ticket_larger_than_gsan>
第 3 步:
使用「 建立公鑰檔mcecroot“,並與 avmaint 一起使用。
cd /usr/local/avamar/lib keytool -list -rfc -keystore /usr/local/avamar/lib/avamar_keystore -storepass `avlockbox.sh -r keystore_passphrase` -alias mcecroot | openssl x509 -pubkey -noout > mcecroot.pub
範例:
此命令使用 keytool 列出 mcecroot avamar_keystore別名,將結果管道傳輸到 openssl 以從金鑰對中獲取公鑰,並將公鑰寫入名為 mcecroot.pub 的檔中。
root@avamar:/usr/local/avamar/lib/#: keytool -list -rfc -keystore /usr/local/avamar/lib/avamar_keystore -storepass `avlockbox.sh -r keystore_passphrase` -alias mcecroot | openssl x509 -pubkey -noout > mcecroot.pub root@avamar:/usr/local/avamar/lib/#: cat mcecroot.pub -----BEGIN PUBLIC KEY----- MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEicGAqiHQQ8DRi0ZkgsvEA8fCEeqW/DIr k53CFakwbOtTejb2Okk+2VTkY5H4gfLEKd4Gtq5gPP2OcpaUf/SrIc4MO3bn8OhC l/vQKfAeJvrPPEvcIG0GiLyLtwJykeUq -----END PUBLIC KEY-----
第 4 步:
若要寫入新的 GSAN 迷你序列,請使用 mcecroot 公開金鑰,建議在 MCS 中使用大於目前值的數字。
avmaint publickey --keyfile=./mcecroot.pub --serial=<your number> --ava
範例:
我們必須選擇一個足夠高的序列號以避免以下錯誤。
root@avamar:/usr/local/avamar/lib/#: avmaint publickey --keyfile=./mcecroot.pub --serial=28500 --ava ERROR: avmaint: publickey: server_exception(MSG_ERR_INVALID_PARAMETERS) root@avamar:/usr/local/avamar/lib/#: avmaint publickey --keyfile=./mcecroot.pub --serial=38000 --ava
如果您收到無效參數錯誤,請繼續選擇較高的數字,直到沒有錯誤為止。
步驟5:
確認變更。
avmaint cat /sysinfo/security/keytable
範例:
root@avamar:/usr/local/avamar/lib/#: avmaint cat /sysinfo/security/keytable <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <keytable minimalserial="38000"> <-- new gsan minserial [..]
第 6 步:
將該 minserial 寫入 MCS 工作階段工單。
echo -n "<number you were able to use for mcec key>" > /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl
範例:
root@avamar:/usr/local/avamar/lib/#: echo -n "38000" > /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl root@avamar:/usr/local/avamar/lib/#: cat /usr/local/avamar/var/mc/server_data/prefs/sessionticket.srl 38000
步驟 7:
重新啟動 MCS。
mcserver.sh --restart
步驟8:
測試備份。
Affected Products
Data Protection, Data Backup & Protection Software, Avamar, AvamarArticle Properties
Article Number: 000200098
Article Type: Solution
Last Modified: 06 Aug 2025
Version: 8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.