Avamar:升级到 19.12.x 版本后 LDAPS 无法正常工作
Summary: 安全 LDAP (LDAPS) 在升级到 Avamar 版本 19.12.x 后停止工作。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
尝试登录到 Avamar 用户界面(MCGUI 或 AUI)时,身份验证失败并显示 null 错误消息。选中 /usr/local/avamar/var/mc/server_log/userauthentication.log 此时将显示以下错误消息:
2025-02-21 11:49:58,988 ERROR [Thread-135]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: simple bind failed: ldap_dc.dell.com:636 [Root exception is java.net.SocketException: Socket is closed or output is shut down]
2025-02-21 11:49:58,988 INFO [Thread-135]-service.DirectoryServiceUserAuth: getAllGrpByUPN, memberList : []
2025-02-21 11:50:03,850 ERROR [Thread-138]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: simple bind failed: ldap_dc.dell.com:636 [Root exception is javax.net.ssl.SSLException: Certificate not verified.]
2025-02-21 11:50:03,851 INFO [Thread-138]-service.DirectoryServiceUserAuth: getAllGrpByUPN, memberList : []Cause
根本原因是 sslj.jar 在 19.12.x Avamar 版本中升级到较新版本。
Resolution
安装 Avamar 热修复程序 338905:
Avamar 累积修补程序 19120-186-202506
从以下知识库文章 Avamar 的戴尔支持页面中:如何从戴尔支持网站查找和下载产品热修复程序、修补程序、安装或升级包。这将编辑mcserver.xml文件并更改参数 disable_endpoint_identification 从 false 到 true。
提醒:而 disable_endpoint_identification 参数用于将证书主机名与服务器主机名匹配或标识。由于存在防火墙和其他限制,这应该不会对安全性产生任何影响。
如果问题仍然存在,请向 Avamar 支持团队提出服务请求,并提及此知识库文章。
永久修复:
- 针对 sslj.jar 文件的永久修复 19.12 SP1 预计于 2025 年 10 月
Affected Products
Integrated Data Protection Appliance FamilyArticle Properties
Article Number: 000293669
Article Type: Solution
Last Modified: 20 Jul 2025
Version: 5
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.