DPC:DD SSO 連線因連線或插槽逾時而失敗

Summary: 本文說明針對 SSO 註冊的 DD 和 Data Protection Central (DPC) 之間的連線問題進行故障診斷。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

將 Data Protection Central (DPC) 註冊至 Data Domain (DD) 單一登入 (SSO) 時,發生連線或插槽逾時錯誤。

這些通常是 DPC 和 DD 伺服器之間的網路連線問題。

Cause

這可能是由各種網路連線問題所導致。

Resolution

檢查 DPC 和 DD 之間的基本網路連線:

使用下列命令檢查連接埠 3009 是否已啟用從 DPC 連出至 DD:

  • 使用 SSH 以系統管理員身分登入 DPC CLI,並使用 su - 至 root,然後執行下列命令:
  •  <DD_FQDN_OR_IP> 與 DD 伺服器的 FQDN 和 <SYSADMIN_PASSWORD> 使用 sysadmin 密碼。
curl -k -X POST https://<DD_FQDN_OR_IP>:3009/rest/v1.0/auth -H "Content-Type: application/json"  -d '{"username":"sysadmin","password":"<SYSADMIN_PASSWORD>"}'

如果此連接有效且埠 3009 可訪問,則會獲得如下所示的輸出:

{"details": "success", "code": 0, "link": [{"rel": "related", "href": "/rest/v1.0/system"}]}

如果傳回的「詳細資料」劑量沒有顯示「成功」,則這是網路連線問題,需要開啟網路張貼。  

檢查連接埠 443 是否已啟用從 DD 連出至 DPC。若要執行此操作,請使用 SSH,以使用者 「sysadmin」登入 DD CLI。然後進入 SE 模式:

system show serialno                     #To get the serialno of the system, which will be used to enter SE mode
                                         #When prompting for security officer authorization, enter SO username&password.
                                         #When prompting for system password, enter system serialno.
注意:DDOS 版本 7.7.5.25、7.10.1.15、7.13.0.15、6.2.1.110 及更新版本中已淘汰 SE 命令,僅供 Dell 員工存取。

然後執行下列命令,將 DD FQDN> 替換為 < DPC 伺服器的 FQDN:

se telnet <DPC FQDN> 443

如果連接有效,您會看到一行”Connected to <DPC FQDN>“。

如果 elg.log 顯示握手錯誤運行以下內容以檢查密碼。

openssl s_client -tls1_2 -connect <DD_HOSTNAME>:3009 -cipher ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:AES256-GCM-SHA384:AES256-SHA256:AES128-SHA256:AES128-SHA:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256 2>/dev/null >dd_communication.txt


<DD_HOSTNAME> 在上述命令中,使用 DD 伺服器的 FQDN。

檢查「dd_communication.txt」檔案,其看起來應該像以下輸出。

CONNECTED(00000003)
---
Certificate chain
 0 s:/C=US/ST=CA/OU=Host Certificate/O=Valued DataDomain customer/CN=<DD_HOSTNAME>
   i:/C=US/ST=CA/L=Santa Clara/O=Valued Datadomain Customer/OU=Root CA/CN=<DD_HOSTNAME>
 1 s:/C=US/ST=CA/L=Santa Clara/O=Valued Datadomain Customer/OU=Root CA/CN=<DD_HOSTNAME>
   i:/C=US/ST=CA/L=Santa Clara/O=Valued Datadomain Customer/OU=Root CA/CN=<DD_HOSTNAME>
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIEUzCCAzugAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBljELMAkGA1UEBhMCVVMx
CzAJBgNVBAgMAkNBMRQwEgYDVQQHDAtTYW50YSBDbGFyYTEjMCEGA1UECgwaVmFs
dWVkIERhdGFkb21haW4gQ3VzdG9tZXIxEDAOBgNVBAsMB1Jvb3QgQ0ExLTArBgNV
BAMMJGRzbS00NDAwLXJ0cC5kcGFkLmdzbGFicy5sYWIuZW1jLmNvbTAeFw0yMjAz
MTUwMjE4NDVaFw0yNTAzMTQwNjE4NDVaMIGJMQswCQYDVQQGEwJVUzELMAkGA1UE
CAwCQ0ExGTAXBgNVBAsMEEhvc3QgQ2VydGlmaWNhdGUxIzAhBgNVBAoMGlZhbHVl
ZCBEYXRhRG9tYWluIGN1c3RvbWVyMS0wKwYDVQQDDCRkc20tNDQwMC1ydHAuZHBh
ZC5nc2xhYnMubGFiLmVtYy5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQDT0H4LNjMAZ4zkJBle/zT/z4iiXQP3OXuuu2+XcpVeombzKFBcVm6dn14W
4r22YCKoy9am/ekSbZFGbvsoy6uapVii95pL6heF1rgKwCHKzcyjWKLuj15JSLfM
+R8zsk3JZYU0bQm/0BNaJe34trCX3aDhezJQD0r+MW2hS4rh3ogNjsg4TgtGO/Oh
fEB1bK9Ey99ehBc4h89/7/IMeexn9gyh0kfF+J7FG8agRAJLX7bJM/8FoXJDNdXS
tM3EJLHAMh+WhKmgngi705n6Plcuvgkd9C2rD41V/PxN4YQxBR3C1MOOEUr7BUdb
ryl9QxsktA52S/rcmTPW3ylhG7chAgMBAAGjgbYwgbMwCQYDVR0TBAIwADAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHcGA1Ud
EQRwMG6CJGRzbS00NDAwLXJ0cC5kcGFkLmdzbGFicy5sYWIuZW1jLmNvbYcECuuR
NYcECuuRNocECuuRN4cQJiAAAAFwFgECUFb//r9SaYcQJiAAAAFwFgECUFb//r/J
3IcQJiAAAAFwFgECUFb//r/3wzANBgkqhkiG9w0BAQsFAAOCAQEAgVE6r4GCeCpA
ndZS3+qg86dlq+IgB0Yvelk0S+TeViYPf90Iyk3vgyjAaAazO4dLr3JnfobAmgCd
fDzRhHOs18sfQLdZm6WyYvtzENSb39EDI2U+VkTgmv+SEyRYsfoNTEqAomwIkxZE
mAMEjFEoDM7qIMAmfiRaDsjBf+NlbHRQNPeeTYisdI562IJgIbkZJUyZVEwwBuHA
OboSWtuy58p2Udvrbl3UzqZU32p0ZZPW+i1qwVPsbli2jf2Gf+CJjp+mPG4u72HY
dqj3FyACzc77+xCrbJ4Q5/y2aXOXjI9GzPA/lAvDKiKDCsr/+0UKtEN87T6l/CyB
BHCj1F+oKw==
-----END CERTIFICATE-----
subject=/C=US/ST=CA/OU=Host Certificate/O=Valued DataDomain customer/CN=<DD_HOSTNAME>
issuer=/C=US/ST=CA/L=Santa Clara/O=Valued Datadomain Customer/OU=Root CA/CN=<DD_HOSTNAME>
---
No client certificate CA names sent
Client Certificate Types: RSA sign, DSA sign, ECDSA sign
Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA1
Shared Requested Signature Algorithms: RSA+SHA512:DSA+SHA512:ECDSA+SHA512:RSA+SHA384:DSA+SHA384:ECDSA+SHA384:RSA+SHA256:DSA+SHA256:ECDSA+SHA256:RSA+SHA224:DSA+SHA224:ECDSA+SHA224:RSA+SHA1:DSA+SHA1:ECDSA+SHA                               1
---
SSL handshake has read 2247 bytes and written 479 bytes
---
New, TLSv1/SSLv3, Cipher is AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : AES256-GCM-SHA384
    Session-ID:
    Session-ID-ctx:
    Master-Key: 60D098B90CD2B06A410F64A70B4FC6285D42C4FBBE568FEF37D56AD9B414E39D2EA408B8ED120B0BDF4DF21F347E0211
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1689168122
    Timeout   : 7200 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
---


如果「共用要求的簽章演算法」列為空白,則代表這是密碼問題,我們必須與 DD 團隊合作,新增 DPC 用來運作的密碼。

查看 簡訊資訊 記錄下 /ddr/var/log/debug 目錄。


如果 簡訊資訊 記錄顯示「無法取得 SSO 端點」 Data Domain 拒絕與 Data Protection Central 的單一登入連線,必須從 Data Domain 檢查問題 才能解決此問題。 


如有進一步問題,請聯絡 Dell 支援。

Affected Products

Data Protection Central

Products

Data Domain
Article Properties
Article Number: 000215743
Article Type: Solution
Last Modified: 31 Mar 2025
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.