Avamar- og Data Domain-integrering: Kan ikke synkronisere sertifikater med øktsikkerhet aktivert
Summary: Når Øktsikkerhet er aktivert på Avamar, må sertifikatene synkroniseres mellom Avamar og Data Domain. Dette krever at SCP-protokollen er aktivert på Data Domain.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
Sikkerhetskopiering kan mislykkes med følgende feil:
Når du kontrollerer MCS-loggene, finnes det et unntak relatert til SCP-protokollen.
DDR result code: 5049, desc: file not found DDR result code: 5341, desc: SSL library error "failed to import host or ca certificate automatically" DDR result code: 5008, desc: invalid argumentNår du følger Dell-artikkelen 197106, Avamar og Data Domain Integration: DD viser rødt i Avamar AUI og eller oppløsningsbanen for brukergrensesnittet. Sertifikatene genereres ikke.
Når du kontrollerer MCS-loggene, finnes det et unntak relatert til SCP-protokollen.
09/29-16:29:13.00727 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx FINE: Importing host certificate and ca certificates... 09/29-16:29:13.00743 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request show ... 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: Message digest algorithm: sha512 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: DD RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Number bits(key strength): 3072bit 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Message digest algorithm: sha512 09/29-16:29:14.00137 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request generate key-strength 3072bit country 'US' state 'California' city 'Irvine' org-name 'EMC Corp' org-unit 'BRS Division'... 09/29-16:29:14.00721 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile FINE: Copying file from host: idpa-lab.dell.com... 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile WARNING: Failed to copy file from host: idpa-lab.dell.com. 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.util.MCException.logException WARNING: com.maverick.ssh.SshException: java.io.IOException at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:151) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied. at com.maverick.scp.ScpClientIO$ScpEngineIO.readStreamFromRemote(ScpClientIO.java:305) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:148) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
Cause
Se gjennom mcserver-loggen:
Flyten av synkroniseringssertifikater mellom Avamar og Data Domain krever at SCP er aktivert som vist nedenfor:
Figur 1: Data Domain-brukergrensesnittet viser at SCP er deaktivert
/usr/local/avamar/var/mc/server_log/mcserver.log.0 Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied.Dette viser at SCP-protokollen er deaktivert på Data Domain.
Flyten av synkroniseringssertifikater mellom Avamar og Data Domain krever at SCP er aktivert som vist nedenfor:
- Avamar kjører en kommando på Data Domain ved hjelp av datadomenets fellesnøkkel for passordfri godkjenning. Den første kommandoen er å generere en forespørsel om sertifikat signering (CSR) på Data Domain.
- Avamar prøver deretter å kopiere CSR fra Data Domain ved hjelp av SCP, men kan ikke gjøre det når SCP er deaktivert på Data Domain.
- Avamar vil bruke CSR til å signere et sertifikat som er utstedt til Data Domain av Avamar-rotsertifikatmyndigheten. På Data Domain kalles det "imported-host ddboost"-sertifikatet.
Figur 1: Data Domain-brukergrensesnittet viser at SCP er deaktivert
Resolution
Aktiver SCP i Data Domain-webgrensesnittet
fra Administration (Administrasjon ) > Access > Services > Check SCP > Configure > Check Allow SCP (Kontroller tillat SCP).
Figur 2: Aktiver SCP i Data Domain-webgrensesnittet
fra Administration (Administrasjon ) > Access > Services > Check SCP > Configure > Check Allow SCP (Kontroller tillat SCP).
Figur 2: Aktiver SCP i Data Domain-webgrensesnittet
Affected Products
AvamarArticle Properties
Article Number: 000218137
Article Type: Solution
Last Modified: 23 Nov 2023
Version: 4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.