Symptoms
User configured secure LDAP using KB article 529493: How to configure secure LDAP on Avamar server Scenario 1: LDAP test fails with error:
message javax.naming.ServiceUnavailableException: dc-01.emc.com:636; socket closed; remaining name 'dc=emc,dc=com'
Scenario 2: Error message:
2020-03-17 11:14:46,222 ERROR [main]-helper.LDAPUpnGrpQueryActionUserAuth: Problem searching directory: javax.naming.CommunicationException: dc-01.emc.com:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
Cause
There are multiple DCs in environment, for example dc-01, dc-02, etc. LDAP was configured to use one DC, and certificate for that DC was imported to rmi_ssl_keystore.
Resolution
Steps:
Configure secure LDAP by following KB article 529493: How to configure secure LDAP on Avamar server Verify if there are have multiple DCs, then get the DC names and IPsCheck for the DCs using "nslookup domain name".
For example:
nslookup dell.com
Get certificates for the list of DCs and import LDAP server certs to rmi_ssl_keystore To import cert, follow below steps:
Log in to PuTTY and switch to root userTake a backup copy of rmi_ssl_keystore:
cp -p /usr/local/avamar/lib/rmi_ssl_keystore /usr/local/avamar/lib/rmi_ssl_keystore-orig
Assuming there are two or more DCs in environment (dc-01 and DC-02), place certificate of dc-01.crt and dc-02.crt under /tmp
keytool -importcert -file /tmp/dc-01.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-01keytool -importcert -file /tmp/dc-02.crt -keystore /usr/local/avamar/lib/rmi_ssl_keystore -storepass changeme -alias dc-02
Restart MCS as admin user:
mcserver.sh --stop
mcserver.sh --start
