NetWorker: vProxy FLR fails with error "Failed to log in to Data Domain service"

Summary: vProxy FLR fails with error "Failed to log in to Data Domain service"

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

NetWorker VMware Protection (NVP) FLR fails, reporting "Failed to log in to Data Domain Service"

The NetWorker Data Domain Systems resources are configured with the correct "admin" level user for the Data Domain:

Data Domain management user

NOTE: The management user must be an "admin" level user on the Data Domain, for example: sysadmin. The password must be correct. Verify that you can log in to the Data Domain management web UI as sysadmin. If you have logged in successfully, update the "management password" field for the Data Domain in NetWorker to ensure that the correct password is set.

The vProxy FLR mount session logs show "connection reset by peer"

  • /opt/emc/vproxy/runtime/logs/recycle/vflrd/DATE/mount-SESSION-ID.log
2020-05-04T17:38:40Z INFO: [@(#) Build number: 117] Unmounting after mount failure: Unable to create NFS export at '[DD_FQDN]:/data/col1/[NW_FQDN]/FLR-[VM_NAME]-94f73769-7ddc-4a6b-a21d-742bdb4894f1': Unable to login while creating NFS export at '[DD_FQDN]:/data/col1/[NW_NAME]/FLR-[VM_NAME]-94f73769-7ddc-4a6b-a21d-742bdb4894f1': Failed to login to DataDomain service at 'https://[DD_NAME]:3009/rest/v1.0/auth': Post https://[DD_FQDN]:3009/rest/v1.0/auth: read tcp []->[]:3009: read: connection reset by peer

Sometimes, vProxy can reach the Data Domain, but its ESXi host cannot, causing connectivity issues. The ESXi nc (netcat) command can be used to verify port communication with the DD:

nc -zv DD_HOSTNAME PORT
 

Cause

A network component or firewall is preventing the connection, resulting in the "connection reset by peer" error message.

Resolution

Engage the network or firewall team regarding the connection issue.

The following outputs can be used to identify where the issue is occurring:

  1. From vProxy use curl commands to verify that you can connect to ports 22, 2049, 2052, and 3009 on DD:
curl -v DD_HOSTNAME:PORT
  1. From vProxy verify that the vProxy can establish SSL connection with DD:
curl -kv https://DD_HOSTNAME:3009/rest/v1.0/trust
NOTE: The output of this command is expected to return the self-signed SSL certificate used to connect to the Data Domain.
  1. From vProxy root console, start tcpdump:
NOTE: You cannot SSH directly to the vProxy as root. Open an SSH session and login as admin. The switch to root using sudo su -.

tcpdump -i any -s 0 -C 500 -w /tmp/`hostname`_`date -I`.pcap

  • -i specifies interface, you can use any, or specify a system network interface name, such as eth0.
  • -s 0 specifies a snap length of 65535 (the entire frame is captured).
  • -C 500 option indicates a file size of 500,000,000 bytes.
  • -w option indicates the output file location. The output file shown is automatically generated with the system hostname and YYYY-MM-DD that it was run. 
  1. From the NMC, initiate the FLR mount. When an issue is observed, stop the tcpdump (CTRL+C) and review the timestamped .pcap file from the /tmp directory for any connection issues.
NOTE: A .pcap file can be analyzed in Wireshark. Wireshark This hyperlink is taking you to a website outside of Dell Technologies. is a third party utility used to analyze packet captures. Consult with your network administrator for assistance reviewing the packet capture. 
  1. From ESXi host hosting vProxy used for FLR (shown in VMware) verify ESXi host can reach ports 22, 2049, 2052, 3009 on DD.
nc -zv DD_HOSTNAME PORT

Additional Information

Affected Products

NetWorker

Products

NetWorker Family
Article Properties
Article Number: 000173057
Article Type: Solution
Last Modified: 14 Aug 2025
Version:  5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.