Avamar: How to Disable Token-Based Authentication for all clients or specific plug-in when backups are sent to Data Domain

The logs may show the issue in different ways.
 

2017-05-26 14:04:56 avtar Info <41236>: - Connecting to Data Domain Server name "dd9500w1.backup.example.com" with token:5ba93c9db0cff93f52b521d7420e43f6eda2784f
2017-05-26 14:04:56 avtar Error <41439>: Using invalid token:5ba93c9db0cff93f52b521d7420e43f6eda2784f
2017-05-26 14:04:56 avtar Error <10542>: Data Domain server "dd9500w1.backup.example.com" open failed DDR result code: 4904, desc: Invalid API argument.
2017-05-26 14:04:56 avtar Error <10509>: Problem logging into the DDR server:'', only GSAN communication was enabled.
2017-05-26 14:04:56 avtar FATAL <17964>: Backup is incomplete because file "/ddr_files.xml" is missing
2017-05-26 14:04:56 avtar Info <10642>: DDR errors caused the backup to not be posted, errors=0, fatals=0

For a detailed explanation of session ticket, see Knowledge Base article.  Avamar: Session Security

Identify known limitations with Secure token Authentication.

Secured token authentication does not work under the following conditions:

• The client machine is behind a Network Address Translation (NAT) routing.
• The client machine has multiple IP interfaces and each resolves to a different Fully Qualified Domain Name (FQDN)
  • Corrected in-19.1 for single client but not cluster 

    Avamar - Backup Failure to Data Domain due to DDR_GET_AUTH_TOKEN due to too many IP addresses

• The client's hostname is a virtual name that is different from the FQDN resolved from its IP address

There are two options:

First option: Disable Token-Based Authentication for specific plug-in: 

1. Log in to the Avamar Utility Node as the admin user. 

2. Create a backup copy of the mcserver.xml. 

cp -p /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml /usr/local/avamar/var/mc/server_data/prefs/x-mcserver.xml-before-disabling-token-`date -I`

3. Open the mcserver.xml using a text editor (such as vi). 

vi /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

1. Type the below syntax in the editor to find the token setting. (press "n" for the next occurrence if needed.)

    /token 

2. The entry below shows the mcserver.xml file before the change: 
3. <entry key="use_ddr_auth_token" value="true" />

4. Move the cursor to the end of the line press "i" to enter insert mode and add a new line as shown below. Change the field "Plugin-ID" in the entry below to reflect the plug-in ID for the Avamar plug-in requiring to be disabled.  

<entry key="ignore_ddr_auth_token_plugins" value="Plugin-ID"/>

1. The entry below shows the mcserver.xml file after the change. Changes below disable Token-Based authentication for Avamar plug-in with the designated ID of 3006 (Windows SQL) 

<entry key="use_ddr_auth_token" value="true" />
<entry key="ignore_ddr_auth_token_plugins" value="3006" />

Below find a list of Avamar plug-ins and Identification Numbers (IDs).

3000	Windows avagent
3001	Windows avtar
3002	Windows Oracle RMAN
3004	Windows Exchange message
3005	Windows Exchange database
3006	Windows SQL
3009	Windows DB2
3011	Windows Exchange 2007 database
3012	Windows Exchange 2007 web
3014	Windows Lotus
3015	Windows VSS
3016	Windows VMware image *backup & restore
3017	Windows MOSS
3018	Windows Exchange VSS
3019	Windows VMware File Level Restore (FLR) *restore
3026	Windows MOSS VSS
3027	Windows Exchange Granular Level Restore (GLR)
3028	Windows MOSS Granular Level Restore (GLR)
3029	Windows Sybase
3030	Windows SAP
3032	Windows HyperV VSS
3033	Windows HyperV Granular Level Restore (GLR)
3036	Windows cluster file system
3041	Windows VMware Granular Level Restore (GLR)

(more than one plug-in ID may be specified as comma-separated list with no spaces)

5. Press the escape key as shown below. 

<Esc>

1.  Use the below syntax to save the change and exit back to the shell.  

":wq"

6. Restart the Management Console Server (MCS) service. Avamar: How to Restart Management Console Server

7. Modifications to the MCS are complete, initiate a backup to validate the new functionality.

Second option: Disable Token-Based Authentication for all clients: 

1. Log in to the Avamar Utility Node as the admin user. 

2. Create a backup copy of the mcserver.xml. 

cp -p /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml /usr/local/avamar/var/mc/server_data/prefs/x-mcserver.xml-before-disabling-token-`date -I`

3.Open the mcserver.xml using a text editor (such as vi). 

vi /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml

1. Type the below syntax in the editor to find the token setting. (press "n" for the next occurrence if needed.)

    /token 

2. The entry below shows the mcserver.xml file before the change: 

<entry key="use_ddr_auth_token" value="true" />

4. Move to cursor to the word "true" in the line and them press "i" to enter insert mode and edit the line.

1. The entry below shows the mcserver.xml file after the change. 
2. <entry key="use_ddr_auth_token" value="false" />
3. Optionally, this change can be made permanent during an Avamar server upgrade by using the word "keep" as shown below.
4. <entry key="use_ddr_auth_token" value="false" merge="keep" />

5. Press the escape key as shown below. 

<Esc>

1.  Use the below syntax to save the change and exit back to the shell.  

":wq"

6. Restart the MCS service. Avamar: How to Restart Management Console Server

7. Modifications to the MCS are complete, initiate a backup to validate the new functionality.