Intégration d’Avamar et de Data Domain : Impossible de synchroniser les certificats avec la sécurité de session activée
요약: Lorsque la sécurité de session est activée sur Avamar, les certificats doivent être synchronisés entre Avamar et Data Domain. Pour ce faire, le protocole SCP doit être activé sur Data Domain. ...
이 문서는 다음에 적용됩니다.
이 문서는 다음에 적용되지 않습니다.
이 문서는 특정 제품과 관련이 없습니다.
모든 제품 버전이 이 문서에 나와 있는 것은 아닙니다.
증상
Les sauvegardes peuvent échouer avec les erreurs suivantes :
Lors de la vérification des logs MCS, il existe une exception liée au protocole SCP.
DDR result code: 5049, desc: file not found DDR result code: 5341, desc: SSL library error "failed to import host or ca certificate automatically" DDR result code: 5008, desc: invalid argumentLorsque vous suivez l’article Dell 197106, Avamar et Data Domain Integration : DD affichant rouge dans Avamar AUI et/ou chemin de résolution de l’interface utilisateur, les certificats ne sont pas générés.
Lors de la vérification des logs MCS, il existe une exception liée au protocole SCP.
09/29-16:29:13.00727 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx FINE: Importing host certificate and ca certificates... 09/29-16:29:13.00743 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request show ... 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.kc.PrefsCertRsa. FINE: Message digest algorithm: sha512 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: DD RSA certificate: 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Number bits(key strength): 3072bit 09/29-16:29:14.00095 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.PrefsDdrCert. INFO: Message digest algorithm: sha512 09/29-16:29:14.00137 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.executeDdrCommand FINE: Executing ddr command. host: idpa-lab.dell.com cmd: adminaccess certificate cert-signing-request generate key-strength 3072bit country 'US' state 'California' city 'Irvine' org-name 'EMC Corp' org-unit 'BRS Division'... 09/29-16:29:14.00721 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile FINE: Copying file from host: idpa-lab.dell.com... 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.datadomain.DdrSsh.copyFile WARNING: Failed to copy file from host: idpa-lab.dell.com. 09/29-16:29:15.00619 [RMI TCP Connection(27)-192.x.x.x#965] com.avamar.mc.util.MCException.logException WARNING: com.maverick.ssh.SshException: java.io.IOException at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:151) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied. at com.maverick.scp.ScpClientIO$ScpEngineIO.readStreamFromRemote(ScpClientIO.java:305) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:148) at com.maverick.scp.ScpClientIO.get(ScpClientIO.java:124) at com.avamar.mc.datadomain.DdrSsh.copyFile(DdrSsh.java:940) at com.avamar.mc.datadomain.DdrSsh.copyFileEx(DdrSsh.java:961) at com.avamar.mc.datadomain.DdrSshCertificateCmd.getcertificateSigningRequest(DdrSshCertificateCmd.java:200) at com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert(DataDomainService.java:5520) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:5183) at com.avamar.mc.datadomain.DataDomainService.firsttimeToAdd(DataDomainService.java:6041) at com.avamar.mc.datadomain.DdrCache.firsttimeToAdd(DdrCache.java:1599) at com.avamar.mc.datadomain.DdrCache.firsttimeToAddEx(DdrCache.java:1645) at com.avamar.mc.datadomain.DdrCache.ConfigCerts(DdrCache.java:1454) at com.avamar.mc.datadomain.DdrCache.checkAndConfigCerts(DdrCache.java:1251) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:402) at com.avamar.mc.datadomain.DdrCache.update(DdrCache.java:676) at com.avamar.mc.datadomain.DataDomainService.rewriteDdrCloudInfo(DataDomainService.java:6457) at com.avamar.mc.datadomain.DataDomainService.disableCloudTier(DataDomainService.java:6486) at com.avamar.mc.datadomain.DataDomainService._updateDdr(DataDomainService.java:1271) at com.avamar.mc.datadomain.DataDomainService.updateDdr(DataDomainService.java:1036) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:318) at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150) at org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:61) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172) at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202) at com.sun.proxy.$Proxy37.updateDdr(Unknown Source) at com.avamar.mc.datadomain.DataDomainServiceContext.updateDdr(DataDomainServiceContext.java:223) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at sun.rmi.server.UnicastServerRef.dispatch(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at sun.rmi.transport.Transport$1.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Unknown Source) at sun.rmi.transport.tcp.TCPTransport.handleMessages(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(Unknown Source) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.lambda$run$0(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
원인
Passez en revue le journal mcserver :
Le flux de certificats de synchronisation entre Avamar et Data Domain nécessite l’activation du protocole SCP, comme indiqué ci-dessous :
Figure 1 : L’interface utilisateur Data Domain indique que le protocole SCP est désactivé
/usr/local/avamar/var/mc/server_log/mcserver.log.0 Caused by: java.io.IOException: SCP unexpected cmd: Scp is disabled. Access denied.Cela montre que le protocole SCP est désactivé sur Data Domain.
Le flux de certificats de synchronisation entre Avamar et Data Domain nécessite l’activation du protocole SCP, comme indiqué ci-dessous :
- Avamar exécute une commande sur Data Domain à l’aide de la clé publique Data Domain pour l’authentification sans mot de passe. La première commande consiste à générer une demande de signature de certificat (CSR) sur Data Domain.
- Avamar tente ensuite de copier la CSR à partir de Data Domain à l’aide de SCP, mais ne parvient pas à le faire lorsque SCP est désactivé sur Data Domain.
- Avamar utilise la CSR pour signer un certificat émis vers Data Domain par l’autorité de certification racine Avamar. Sur Data Domain, il s’agit du certificat « importd-host ddboost ».
Figure 1 : L’interface utilisateur Data Domain indique que le protocole SCP est désactivé
해결
Activez le protocole SCP dans l’interface
Web Data Domain à partir de Administration > Accéder aux services > > vérifier SCP > Configurer > Vérifier Autoriser le protocole SCP.
Figure 2 : Activer le protocole SCP dans l’interface Web Data Domain
Web Data Domain à partir de Administration > Accéder aux services > > vérifier SCP > Configurer > Vérifier Autoriser le protocole SCP.
Figure 2 : Activer le protocole SCP dans l’interface Web Data Domain
해당 제품
Avamar문서 속성
문서 번호: 000218137
문서 유형: Solution
마지막 수정 시간: 23 11월 2023
버전: 4
다른 Dell 사용자에게 질문에 대한 답변 찾기
지원 서비스
디바이스에 지원 서비스가 적용되는지 확인하십시오.