Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"
Summary: Avamar: Secure LDAP test fails with error: "message javax.naming.ServiceUnavailableException:"
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
User configured secure LDAP using KB article 529493: How to configure secure LDAP on Avamar server
Scenario 1:
LDAP test fails with error:
message javax.naming.ServiceUnavailableException: dc-01.emc.com:636; socket closed; remaining name 'dc=emc,dc=com'
Scenario 2:
Error message:
2020-03-17 11:14:46,222 ERROR [main]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: dc-01.emc.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Cause
- There are multiple DCs in environment, for example dc-01, dc-02, etc.
- LDAP was configured to use one DC, and certificate for that DC was imported to rmi_ssl_keystore.
Resolution
Steps:
- Configure secure LDAP by following KB article 529493: How to configure secure LDAP on Avamar server
- Verify if there are have multiple DCs, then get the DC names and IPs
- Check for the DCs using "nslookup domain name".
For example:
nslookup dell.com
- Get certificates for the list of DCs and import LDAP server certs to rmi_ssl_keystore
- To import cert, follow below steps:
- Log in to PuTTY and switch to root user
- Take a backup copy of rmi_ssl_keystore:
cp -p /usr/local/avamar/lib/rmi_ssl_keystore /usr/local/avamar/lib/rmi_ssl_keystore-orig
- Assuming there are two or more DCs in environment (dc-01 and DC-02), place certificate of dc-01.crt and dc-02.crt under /tmp
keytool -importcert -file /tmp/dc-01.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-01
keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
- Restart MCS as admin user:
mcserver.sh --stop
mcserver.sh --start
Additional Information
This content is translated in 17 languages:
| https://downloads.dell.com/TranslatedPDF/CS_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/DA_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/DE_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/ES-XL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/FI_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/FR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/IT_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/JA_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/KO_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/NL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/NO-NO_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/PL_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/PT-BR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/RU_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/SV_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/TR_KB541441.pdf |
| https://downloads.dell.com/TranslatedPDF/ZH-CN_KB541441.pdf |
Affected Products
AvamarProducts
AvamarArticle Properties
Article Number: 000170123
Article Type: Solution
Last Modified: 10 Oct 2024
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.