Avamar:由於遺失加密或金鑰交換,無法新增或編輯 Data Domain
Summary: 本文說明在 Avamar Server 上新增或編輯 Data Domain 時的問題,以及如何修正。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Avamar 使用者介面 (AUI) > 管理系統 >> Data Domain,新增或編輯 Data Domain 時出現下列錯誤:
發生錯誤時,可在以下錯誤訊息上找到: /usr/local/avamar/var/mc/server_log/mcserver.log.0:
加密問題:
WARNING: com.maverick.ssh.SshException: com.maverick.ssh.SshException at com.maverick.ssh.components.jce.client.DiffieHellmanGroupExchangeSha1.performClientExchange(DiffieHellmanGroupExchangeSha1.java:315) at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1424) at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821) at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348) at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122) at com.maverick.ssh.SshConnector.connect(SshConnector.java:646) at com.maverick.ssh.SshConnector.connect(SshConnector.java:481) at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133) at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185) at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272) at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668) at com.avamar.mc.datadomain.DataDomainService.validateDdrInfoAndGetDdrSystemInfo(DataDomainService.java:3766) at sun.reflect.GeneratedMethodAccessor171.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy34.validateDdrInfoAndGetDdrSystemInfo(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.validateDdrInfoAndGetDdrSystemInfo(DataDomainServiceContext.java:245) at sun.reflect.GeneratedMethodAccessor170.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:357) at sun.rmi.transport.Transport$1.run(Transport.java:200) at sun.rmi.transport.Transport$1.run(Transport.java:197)
或
金鑰交換問題:
WARNING: com.maverick.ssh.SshException: Failed to negotiate a transport component [aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256] [chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com] [Unknown cause] at com.maverick.ssh2.TransportProtocol.selectNegotiatedComponent(TransportProtocol.java:1896) at com.maverick.ssh2.TransportProtocol.performKeyExchange(TransportProtocol.java:1277) at com.maverick.ssh2.TransportProtocol.processMessage(TransportProtocol.java:1821) at com.maverick.ssh2.TransportProtocol.startTransportProtocol(TransportProtocol.java:348) at com.maverick.ssh2.Ssh2Client.connect(Ssh2Client.java:122) at com.maverick.ssh.SshConnector.connect(SshConnector.java:646) at com.maverick.ssh.SshConnector.connect(SshConnector.java:481) at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:133) at com.avamar.mc.datadomain.DdrSsh.createSshClient(DdrSsh.java:185) at com.avamar.mc.datadomain.DdrSsh.validateCredentials(DdrSsh.java:272) at com.avamar.mc.datadomain.DataDomainService.validateCredentialSshConnection(DataDomainService.java:3668) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1182) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.GeneratedMethodAccessor411.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy34.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.GeneratedMethodAccessor410.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source)
檢查 /ddr/var/log/debug/messages.engineering Data Domain 伺服器上的記錄檔。
從 Avamar 伺服器,以系統管理員身分執行:
ssh -i ~/.ssh/ddr_key <ddboost_user>@<data-domain-IP-FQDN>
admin@av-server:~/>: ssh -i ~/.ssh/ddr_key DDBoostUser@dd-production-srv EMC Data Domain Virtual Edition Last login: Wed Mar 12 08:31:03 CDT 2025 from 192.168.1.113 on pts/0 Welcome to Data Domain OS 7.13.0.20-1082704 ------------------------------------------- DDBoostUser@dd-production-srv#
使用下列命令檢視 messages.engineering 記錄檔:
log view debug/messages.engineering
可以看到以下訊息:
密碼問題:
Unable to negotiate with 192.168.1.113 port 53036: no matching cipher found. Their offer: aes128-ctr,aes192-ctr,aes256-ctr,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256 [preauth]
金鑰交換問題:
Unable to negotiate with 192.168.1.113 port 43998: no matching host key type found. Their offer: ssh-dss,ssh-rsa,x509v3-sign-rsa,x509v3-sign-dss,x509v3-sign-rsa-sha1,x509v3-ssh-rsa,x509v3-ssh-dss,x509v3-ecdsa-sha2-nistp256,x509v3-ecdsa-sha2-nistp384,x509v3-ecdsa-sha2-nistp521,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,x509v3-rsa2048-sha256 [preauth]
針對密碼問題,可執行下列測試。從 Avamar,以 root 身分執行:
ssh -i <ddboost_user>@<data-domain-IP-FQDN> -c <cipher>
使用密碼的錯誤範例:
root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes128-ctr Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com root@av-server:/#: root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes192-ctr Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com root@av-server:/#: root@av-server:/#: ssh DDBoostUser@dd-production-srv.lab.com -c aes256-ctr Unable to negotiate with 10.127.92.183 port 22: no matching cipher found. Their offer: chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com root@av-server:/#:
Cause
Data Domain 伺服器上缺少密碼或金鑰交換演算法。
Resolution
向 Avamar SCR 團隊開立服務要求以解決此問題。
若是支援小組,請查看「內部備註」一節,以取得解決方法。
Affected Products
Avamar, Avamar ServerArticle Properties
Article Number: 000299224
Article Type: Solution
Last Modified: 27 Mar 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.