Avamar: MCS stops responding or is unresponsive after upgrade

Résumé: The Management Console Server (MCS) stops responding or is unresponsive after an upgrade to Avamar version 19.12.x. A restart of MCS will fix the issue temporarily but after a few days the issue recurs. ...

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.
Consulter d’autres ressources

Symptômes

  • Avamar was recently upgraded to 19.12.
  • Thread dump in mcserver.out may have the following deadlock:
Found one Java-level deadlock:
=============================
"RMI TCP Connection(58477)-10.3.4.58":
  waiting to lock monitor 0x00007f9e0402a1e8 (object 0x0000000704525f40, a com.rsa.sslj.x.aP),
  which is held by "RMI TCP Connection(58299)-10.3.50.30"
"RMI TCP Connection(58299)-10.3.50.30":
  waiting to lock monitor 0x00007f9e10007fe8 (object 0x00000007358f6998, a com.rsa.sslj.x.aR),
  which is held by "RMI TCP Connection(58298)-10.3.50.30"
"RMI TCP Connection(58298)-10.3.50.30":
  waiting to lock monitor 0x00007f9e0402a1e8 (object 0x0000000704525f40, a com.rsa.sslj.x.aP),
  which is held by "RMI TCP Connection(58299)-10.3.50.30"
 
  • No java hprof file is created.

 

  • In mcserver.log this may show:
12/22-08:01:34.00504 [main#1] jdk.internal.event.EventHelper.logX509CertificateEvent
FINE: X509Certificate: Alg:{0}, Serial:{1}, Subject:{2}, Issuer:{3}, Key type:{4}, Length:{5}, Cert Id:{6}, Valid from:{7}, Valid until:{8}
12/22-08:01:34.00542 [main#1] com.avamar.asn.NetworkProxy.printRegistry
WARNING: exception occurs while enumberating RMI registry java.rmi.ConnectException: 
Connection refused to host: avamarhostname.emc.com; nested exception is:

        java.net.ConnectException: Connection refused (Connection refused)

Cause

Engineering believes that the following environmental influences can cause issues:

  1. Network Issues:
    • Ensure that the server and client can communicate over the network. Check for any network issues or firewall settings that might be blocking the connection.
  2. Configuration Problems:
  3. Port Availability:
    • Make sure that the port used for the RMI connection is open and not being used by another application. You can specify a different port if needed.
  4. Firewall Settings:
    • Check the firewall settings on both the client and server machines to ensure that the required ports for RMI communication are open.
  5. Version Compatibility:
    • Ensure that the Java versions on both the client and server are compatible. Sometimes, differences in Java versions can cause connection issues.


The sslj6.5 version (introduced in Avamar 19.12) has the following changes and differences from the previous version:

New Features and Security Enhancements in sslj‑6.5.jar:

  • FIPS Compliance Update:
    Integrates Dell BSAFE Crypto-J 6.2.6, along with Crypto-J JSAFE and JCE Software Module 6.2.5, all meeting FIPS 140‑2 requirements [dell.com]

  • Security Vulnerabilities Addressed:
    Fixes tied to security advisories DSA‑2022‑188 and DSA‑2022‑208, resolving known SSL-J/Crypto-J issues [dell.com]

  • Enhanced Key Manager Support:
    Added implementation of X509ExtendedKeyManager new methods chooseEngineClientAlias() and chooseEngineServerAlias(). [dell.com]

  • Protocol Hardened:
    TLS 1.0 and 1.1 are disabled by default, strengthening default protocol security. [dell.com]

  • Cipher Suite Cleanup:
    Removal of weak cipher suites from the default list, improving cryptographic strength [dell.com]

  • Configurable JDK Properties:
    Added support for the following system properties to fine-tune cipher and protocol behavior:

    • jdk.tls.client.cipherSuites
    • jdk.tls.server.cipherSuites
    • jdk.tls.client.protocols
    • jdk.tls.server.protocols. [dell.com]

  • Compatibility with Crypto-J 7.0:
    Maintains interoperability with Crypto-J 7.0 (with notes and caveats referenced in Crypto-J documentation) [dell.com]

Résolution

Permanent fix in 19.12 SP1 - ETA to be determined.

 

There are two workarounds that can be done to alleviate this in the meantime.

 

Workaround option 1: Disable rmi_over_ssl.

WARNING: Disabling rmi_over_ssl makes any traffic between client and server cleartext

 

  1.  Make a backup copy of /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml:
cp -p mcserver.xml orig_mcserver.xml-$(date -I)
   2. Take a backup (flush) of the MCS: 
mcserver.sh --flush
   3. Edit the mcserver.xml file using vi and change the following parameter from true to false: 
<entry key="rmi_over_ssl" value="false" />
   4. Restart MCS: 
mcserver.sh --stop --force
mcserver.sh --start

 

Workaround option 2: Replace sslj.jar file (Open Service Request with Avamar Server Replication Capacity team)

 

Support Team - review the "Internal Notes" section for steps in replacing the sslj.jar file. 

Produits concernés

Avamar

Produits

Avamar Server
Propriétés de l’article
Numéro d’article: 000414262
Type d’article: Solution
Dernière modification: 04 mars 2026
Version:  1
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.