PowerProtect:Data Domainの検出がSSLハンドシェイク エラーを示すADS0005で失敗する

Summary: PowerProtectインターフェイスには、Data Domain検出のアラートADS0005が表示されます。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

PowerProtectインターフェイスの[Administration ->Certificates]にData Domain証明書が見つからないと表示されます。  PowerProtect Data Managerツールのコマンドライン ユーティリティーを使用して、使用可能な証明書を検証することもできます。 ppdmtool -listcert

/var/log/brs/discovery-service/discovery-service.log は、 ADS0005 

2025-08-21T16:56:55.995Z ERROR [] [b8675052-a49e-4ff4-9463-5f1028e3a96a-akka.actor.default-dispatcher-12] [][ALERT:ADS0005][][][] [c.e.d.e.c.s.m.DefaultMessageResourceModifier.printAlertLog(143)] - Date: Aug 22, 2025 00:56:55 AM; Summary: Unable to discover protection storage PowerProtect DD System with address 192.0.0.1 because of com.emc.brs.common.exceptions.DiscoveryActorException: Unauthorized: Unable to process the authentication request for PowerProtect DD Management Console DD-3. Error: Received fatal alert: handshake_failure..; Details: Discovery of the protection storage system was unsuccessful.; Recommended Action: Check the connection between PowerProtect Data Manager and the protection storage system. Verify that the provided credentials are valid. Start a manual discovery to discover the protection storage system, or wait for PowerProtect Data Manager to perform the next scheduled discovery. If the issue persists, contact Dell Customer Support.; Detail Summaries: null; Status: UNACKNOWLEDGED

/var/log/brs/secretsmgr/secret-mgr.log 「SSL例外」を表示します。

025-08-20T08:15:37.263Z ERROR [] [https-jsse-nio-9092-exec-2] [][][][TRACE_ID:85d2bd7ff466e267][] [c.e.b.s.u.CertificateUtils.handshakeWithException(272)] - SSLException: SSL handshake failed Received fatal alert: handshake_failure

Data DomainへのOpenSSL接続は、 SSL handshake エラーが発生します。

admin@my-ppdm:/> openssl s_client -connect my-datadomain.my-domain.com:3009 -showcerts
CONNECTED(00000003)
...
---
SSL handshake has read 2408 bytes and written 463 bytes
Verification error: self signed certificate in certificate chain
---
...

The Data Domain adminaccess コマンドラインユーティリティは、証明書がまだ有効であることを示します。

sysadmin@DataDomain# adminaccess cert show
Subject                Type   Application   Valid From                 Valid Until                Fingerprint
--------------------   ----   -----------   ------------------------   ------------------------   -----------------------------------------------------------
DataDomain.domain.com   host   https         Sat Aug 30 13:10:39 2025   Wed Sep 30 13:10:39 2026   69:68:64:72:E3:87:6B:87:CD:DF:85:DE:A4:A2:DF:58:80:6A:A3:DB
DataDomain.domain.com   ca     trusted-ca    Mon Sep 30 13:10:38 2024   Sun Sep 29 13:10:38 2030   4C:E4:C2:2C:FD:2A:BE:2B:FC:CE:8B:E5:BF:6A:CC:24:8F:1B:62:CF
--------------------   ----   -----------   ------------------------   ------------------------   -----------------------------------------------------------

The Data Domain /ddr/var/log/debug/sm/sms.info log"no shared cipher" エラー:

09/04 10:42:13.454844 [14bafa20] _sms_soap_handle_new_connection: soap_ssl_accept failed on connection ::ffff:172.16.10.94:40598. Error: 30, msg_buf: SSL_ERROR_SSL error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher

Cause

Data DomainとPowerProtectアプライアンスには、 SSL handshake 正しく。 
 
adminaccess コマンド ライン ユーティリティーを使用して、Data Domain暗号を検証できます。

sysadmin@datadomain# adminaccess option show cipher-list
Adminaccess option "cipher-list" set to "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256".

「 /usr/local/brs/lib/secretsmgr/config/application.yml ファイルは、PowerProtect暗号を検証するために使用できます。

admin@ppdm:~> cat /usr/local/brs/lib/secretsmgr/config/application.yml
myserver:
  ssl:
    enabled-protocols: TLSv1.2,TLSv1.3
    ciphers: |
      TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
      TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
    key-alias: secretsmgr
    key-store: "${sm.ssl.keystore-path}/secretsmgr.keystore"
    key-store-provider: SUN
    key-store-type: JKS
    protocol: TLS
    trust-store: "${sm.ssl.keystore-path}/secretsmgr.truststore"
    trust-store-provider: SUN
    trust-store-type: JKS
    client-auth: want
    enabled: true

Resolution

DHEスイートをData Domain暗号リストに追加します。Example:

adminaccess option set cipher-list DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256
Article Properties
Article Number: 000425813
Article Type: Solution
Last Modified: 11 Feb 2026
Version:  1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.