Avamar : Impossible d’ajouter ou de modifier Data Domain en raison d’un chiffrement ou d’un échange de clés manquant

Summary: Cet article décrit un problème lors de l’ajout ou de la modification de Data Domain sur une instance d’Avamar Server et explique comment résoudre ce problème.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Système d’administration > Avamar User Interface (AUI) Data > Domain, l’erreur suivante s’affiche lors de l’ajout ou de la modification du Data Domain : >

Modification d’AUI Le système Data Domain affiche un message d’erreur

Lorsque l’erreur se produit, les messages d’erreur suivants peuvent être trouvés sur /usr/local/avamar/var/mc/server_log/mcserver.log.0:

Problème de chiffrement :

WARNING: com.maverick.ssh.SshException: com.maverick.ssh.SshException
  at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315)
  at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424)
  at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821)
  at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
  at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:646)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:481)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185)
  at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272)
  at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668)
  at com.avamar.mc.datadomain.DataDomainService.validateDdrInfoAndGetDdrSystemInfo(DataDomainService.java:3766)
  at sun.reflect.GeneratedMethodAccessor171.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
  at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
  at com.sun.proxy.$Proxy34.validateDdrInfoAndGetDdrSystemInfo(Unknown Source)
  at com.avamar.mc.datadomain.DataDomainServiceContext.validateDdrInfoAndGetDdrSystemInfo(DataDomainServiceContext.java:245)
  at sun.reflect.GeneratedMethodAccessor170.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
  at java.lang.reflect.Method.invoke(Method.java:498)
  at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357)
  at sun.rmi.transport.Transport$1.run(Transport.java:200)
  at sun.rmi.transport.Transport$1.run(Transport.java:197)

ou 

Problème d’échange de clés :

WARNING: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256] [chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com] [Unknown cause]
  at com.maverick.ssh2.TransportProtocol.selectNegotiatedComponent(TransportProtocol.java:1896)
  at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1277)
  at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821)
  at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348)
  at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:646)
  at com.maverick.ssh.SshConnector.connect(SshConnector.java:481)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133)
  at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185)
  at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272)
  at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668)
  at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1182)
  at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036)
  at sun.reflect.GeneratedMethodAccessor411.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
  at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61)
  at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
  at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
  at com.sun.proxy.$Proxy34.updateDdr(Unknown Source)
  at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223)
  at sun.reflect.GeneratedMethodAccessor410.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source)
  at sun.rmi.transport.Transport$1.run(Unknown Source)

Consultez le fichier /ddr/var/log/debug/messages.engineering log sur le serveur Data Domain.

À partir d’Avamar Server, exécutez en tant qu’administrateur :

ssh -i ~/.ssh/ddr_key <ddboost_user>@<data-domain-IP-FQDN>
admin@av-server:~/>: ssh -i ~/.ssh/ddr_key DDBoostUser@dd-production-srv
EMC Data Domain Virtual Edition
Last login: Wed Mar 12 08:31:03 CDT 2025 from 192.168.1.113 on pts/0
Welcome to Data Domain OS 7.13.0.20-1082704
-------------------------------------------
DDBoostUser@dd-production-srv#

Utilisez la commande suivante pour afficher le fichier journal messages.engineering :

log view debug/messages.engineering

Les messages suivants peuvent être affichés :

Problème de chiffrement :

Unable to negotiate with 192.168.1.113 port 53036: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256 [preauth]

Problème d’échange de clés :

Unable to negotiate with 192.168.1.113 port 43998: no matching host key type found. Their offer: ssh-dss,ssh-rsa,x509v3-sign-rsa,x509v3-sign-dss,x509v3-sign-rsa-sha1,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-rsa2048-sha256 [preauth]

Pour les problèmes de chiffrement, le test suivant peut être effectué. À partir d’Avamar, exécutez en tant qu’utilisateur root :

ssh -i <ddboost_user>@<data-domain-IP-FQDN> -c <cipher>

Exemple d’erreur lors de l’utilisation des chiffrements :

root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes128-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#: 
root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes192-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#: 
root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes256-ctr
Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com
root@av-server:/#:

Cause

Chiffrement ou algorithmes d’échange de clés manquants sur le serveur Data Domain.

Resolution

Ouvrez une demande de service auprès de l’équipe Avamar SCR pour résoudre ce problème. 

Pour l’équipe de support, consultez la section Remarques internes pour obtenir une résolution. 

Affected Products

Avamar, Avamar Server
Article Properties
Article Number: 000299224
Article Type: Solution
Last Modified: 27 Mar 2025
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.