Data Domain：从某些较新的 DD OS 版本中，从 DD CLI 创建复制上下文时可能会报告 CA 证书错误

SE@ddve01## replication add source mtree://ddve01.lab/data/col1/test_boost_11 destination mtree://ddve02.lab/data/col1/test_boost_11

**** Error getting CA certificate for ddve01.lab (**** Error communicating with host ddve01.lab: could not resolve host.).

11/26 10:54:54.980028 [7f9eb99013e0] CURL error: curl_easy_perform() returned 6 [Could not resolve: ddve01.lab (Domain name not found)]
11/26 10:54:54.980091 [7f9eb99013e0] sms_trust_get_cert_targeted_do:(ddr/sm/sms/gen/ddr/sms_trust_data.c:527): **** Error communicating with host ddve01.lab: could not resolve host.
11/26 10:54:55.032059 [7f9eb99013e0] completed job: 24337 for operation: sms_replication_add, duration: 62 msec, status: **** Error getting CA certificate for ddve01.lab (**** Error communicating with host ddve01.lab: could not resolve host.).

SE@oscarddve01## replication add source mtree://ddve01.lab/data/col1/test_boost_11 destination mtree://ddve02.lab/data/col1/test_boost_11

**** Error getting CA certificate for ddve02.lab (**** Error communicating with host ddve02.lab: could not resolve host.).

11/26 10:59:10.332885 [7f9eb9904a20] CURL error: curl_easy_perform() returned 6 [Could not resolve: ddve02.lab (Domain name not found)]
11/26 10:59:10.332935 [7f9eb9904a20] sms_trust_get_cert_targeted_do:(ddr/sm/sms/gen/ddr/sms_trust_data.c:527): **** Error communicating with host ddve02.lab: could not resolve host.
11/26 10:59:10.372900 [7f9eb9904a20] completed job: 24398 for operation: sms_replication_add, duration: 97 msec, status: **** Error getting CA certificate for ddve02.lab (**** Error communicating with host ddve02.lab: could not resolve host.).

SE@oscarddve01## replication add source mtree://ddve01.lab/data/col1/test_boost_11 destination mtree://ddve02.lab/data/col1/test_boost_11

**** Error getting CA certificate for ddve02.lab (**** Error communicating with host ddve02.lab: the operation timed out.).

11/26 11:33:23.403681 [1254ec80] CURL error: curl_easy_perform() returned 28 [Connection timed out after 30001 milliseconds]
11/26 11:33:23.403927 [1254ec80] sms_trust_get_cert_targeted_do:(ddr/sm/sms/gen/ddr/sms_trust_data.c:527): **** Error communicating with host ddve02.lab: the operation timed out.
11/26 11:33:23.474988 [1254ec80] completed job: 24741 for operation: sms_replication_add, duration: 30122 msec, status: **** Error getting CA certificate for ddve02.lab (**** Error communicating with host ddve02.lab: the operation timed out.).

分辨率：
检查环境的兼容性后，将 DD OS 版本升级到 7.7.5.20 或更高版本、7.10.1.10 或更高版本或 7.12 或更高版本。

解决 方案：
确保源和目标 Data Domain 均可通过 DNS 或主机名本地解析（通过手动添加）解析合作伙伴 Data Domain 主机名及其自己的主机名（使用 # net lookup 命令）。

每个 Data Domain 应有 两 个主机条目，一个条目用于自己的主机名，另一个条目用于复制合作伙伴。

使用 命令检查主机映射： 

# net hosts show
# net hosts add <target IP> <target FQDN> <target hostname>

示例： 

# net hosts add 192.168.3.3 bkup20.yourcompany.com bkup20

确保源和目标 Data Domain 都可以通过 tcp 端口 3009 访问远程对等 Data Domain，因为这是用于获取远程对等 CA 证书的端口。您可以使用以下命令在 SE 模式下进行检查：

# se telnet <IP> 3009

或者，如果无法在 Data Domain 之间打开端口 3009，并且长时间无法升级 DD OS 版本，请联系您的支持团队以帮助配置复制。