PowerProtect Data Manager 19.13 Cyber Recovery User Guide

PDF

Troubleshooting suggestions

The following table lists possible Cyber Recovery problems and suggested remedies.

Table 1. Troubleshooting suggestions
If you cannot	Do the following
Install the Cyber Recovery software	Ensure that the crsetup.sh --check script verifies all prerequisites before continuing. Ensure that you are using a stable version of Docker. Set Docker to start on reboot with the systemctl enable docker command. Find the crsetup.sh logs in the directory from which you run crsetup.sh. If your system has an active firewall, ensure that the following ports are open on the firewall: 14777 (for Cyber Recovery UI) 14778 (for the Cyber Recovery REST API) 14779 (for the Cyber Recovery Registry - local management host access) 14780 (for the Cyber Recovery API Documentation)
Log in to the Cyber Recovery UI	Check the edge and users service logs. Ensure that your DNS settings are resolvable. If your system has an active firewall, ensure that the following ports are open on the firewall: 14777 (for Cyber Recovery UI) 14778 (for the Cyber Recovery REST API) 14779 (for the Cyber Recovery Registry - local management host access) 14780 (for the Cyber Recovery API Documentation)
Start the Cyber Recovery software after a reboot due to an unlabeled context type and custom policies.	In an SELinux environment, if the Cyber Recovery software does not start after a reboot due to unlabeled context type and custom policies, do the following: Assuming that the Cyber Recovery software is installed in /opt/dellemc/cr, change the SElinux context, as shown in the following example: chcon -u system_u -t bin_t /opt/dellemc/cr/bin/cradmin chcon -u system_u -t bin_t /opt/dellemc/cr/bin/crcli chcon -u system_u -t bin_t /opt/dellemc/cr/bin/crsetup.sh chcon -u system_u -t bin_t /opt/dellemc/cr/bin/crshutil chcon -u system_u -t bin_t /opt/dellemc/cr/bin/crsshutil Reboot the system. The following is an example of the SElinux context: root@hostname $ ls -Z /opt/dellemc/cr/bin/ -rwxr-----. root root system_u:object_r:bin_t:s0 cradmin -rwxr-----. root root system_u:object_r:bin_t:s0 crcli -rwxr-----. root root system_u:object_r:bin_t:s0 crsetup.sh -rwxr-----. root root system_u:object_r:bin_t:s0 crshutil -rwxr-----. root root system_u:object_r:bin_t:s0 crsshutil
Enable multifactor authentication	Because multifactor authentication is a time-based security mechanism, the Cyber Recovery host time cannot differ from the authenticator time by more (plus or minus) than one minute. If the time differs by more than +60 seconds or -60 seconds, multifactor authentication is not enabled. Set the Cyber Recovery host time so that it differs no more than a minute (plus or minus) from the authenticator time. NOTE: If you modify the Cyber Recovery host time, stop and then restart the Cyber Recovery services. To avoid this scenario, internal NTP configuration is recommended.
(For crso only) Log in because multifactor authentication is enabled and you are unable to provide the security code	As the crso, type `crsetup.sh --changepassword` or `crsetup.sh -w` to change the crso password and disable multifactor authentication. Enable multifactor authentication again after you log in.
Change the application type	Delete the application and then add a new application and choose the appropriate application type.
Run a job	Check the schedules, policies, or mgmtdds service logs.
Complete a successful Sync job	If the DD system on the Cyber Recovery vault exceeds the space usage threshold, clean up the DD system to reclaim space. Then, restart the Sync job.
Receive alert email messages	If your system has an active firewall, ensure that port 25 is open on the firewall. Verify your Postfix or email configuration and check that you added the email for alert notifications.
Secure the Cyber Recovery vault	Check the vault service logs.
Recover or analyze	Check the apps, mgmtdds, and policies service logs.
Run a subsequent Analyze job after performing a DR backup while running an Analyze job	Wait for the currently running Analyze job to finish, delete the stale sandboxes, and then run the Analyze job again. NOTE: When you perform a DR backup while an Analyze job is running, the Cyber Recovery software marks the Analyze job as critical even though it is still running.
Run an Analyze job due to an inactive or degraded multilink configuration	Ensure that: The DD and CyberSense interfaces are enabled. The cabling and switches between the interfaces are working correctly. A DD Boost user is configured on the CyberSense host There are no hardware issues. You can remove a link, but might encounter performance issues.
Run a policy, sandbox, or recovery due to mount errors from the DD system	Ensure that the NFSv4 and NFSv3 settings on the DD system are configured to run NFS operations: From the DD UI, got to Protocols > NFS and then click Options. To run an NFSv3 server only, ensure that the values for the Default Export Version and Default Servers Version fields are set to `NFSv3`. To run an NFSv4 server only, ensure that the values for the Default Export Version and Default Servers Version fields are set to `NFSv4` and the NFSv4 ID Map Out Numeric field is set to `always`. To run both an NFSv3 and NFSv4 server, ensure that the values for the Default Export Version and Default Servers Version fields are set to `NFSv3 and NFSv4` and the NFSv4 ID Map Out Numeric field is set to `always`.
Perform a PowerProtect Data Manager successfully	If NFS v4 is enabled on the DD system in the Cyber Recovery vault, either disable it and use NFS v3 or use DD Boost for the server DR Mtree.
See a successful DR backup job status after you recover a DR backup	If you recover a DR backup, after the recovery, the DR backup job is displayed as a critical failed job. Ignore this status; you do not need to take any action.