BugZero | Dell BugID 220028 - Avamar: Adding Data Domain to Avamar Fails with Me...

Dell - Defect ID: 220028

Avamar: Adding Data Domain to Avamar Fails with Message "Failed to run 'certificate import host application ddboost'" and "Certificate import failed. The Imported certificate is not yet valid."

Dell - Defect ID: 220028

Avamar: Adding Data Domain to Avamar Fails with Message "Failed to run 'certificate import host application ddboost'" and "Certificate import failed. The Imported certificate is not yet valid."

Last updated on 12/6/2023

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 6
Article View Count: 287
Impact Category:

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

Support Case Count: 6
Article View Count: 287
Impact Category:

Symptoms

When adding a new Data Domain system to Avamar, it fails with the below message: Description: "Failed to configure certificate on Data Domain system" Reason: "Failed to execute 'certificate import host application ddboost'" Error message from DD: "The SHA1 fingerprint for the imported host certificate is:42:20:7A:99:5F:AE:B0:D1:98:EB:45:40:EC:B6:70:FD:F4:34:6A:00**** Certificate import failed. Imported certificate is not yet valid. Certificate will become valid on Thu Nov 16 14:22:24 2023." The log file /usr/local/avamar/var/mc/server_log/mcserver.log.0 shows the below error message: 11/16-14:22:30.00374 [RMI TCP Connection(1369)-172.27.247.117#52459] com.avamar.asn.service.ServiceContainerImpl.getService FINE: Service get completed for service: com.avamar.mc.dpn.DPNProxyService 11/16-14:22:30.00375 [RMI TCP Connection(1369)-172.27.247.117#52459] com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert WARNING: Failed to execute 'certificate import host application ddboost'. Error message from DD: The SHA1 fingerprint for the imported host certificate is: 42:20:7A:99:5F:AE:B0:D1:98:EB:45:40:EC:B6:70:FD:F4:34:6A:00 **** Certificate import failed. Imported certificate is not yet valid. Certificate will become valid on Thu Nov 16 14:22:24 2023. The simultaneous running 'date' on both the Avamar and Data Domain shows that the time on the Avamar is ahead of the time on the Data Domain. Even though this is only several seconds different, it still causes the issue.

Cause

The Network Time Protocol (NTP) setting is not working properly on either the Avamar or Data Domain which is causing the time on the Avamar to be ahead of the time on the Data Domain. When adding the Data Domain to the Avamar, Avamar generates the certificate in real time and imports it as the host certificate to Data Domain. Because the time on the Avamar is ahead of the time on the Data Domain, the certificate Avamar generated is not yet valid on Data Domain. Thus, Data Domain generates the error "Certificate import failed. The imported certificate is not yet valid. Certificate becomes valid on."

Resolution

Correct the NTP configuration on both the Avamar and the Data Domain. Alternately, manually set the time to ensure that the time on the Avamar server is no earlier than the time on the Data Domain. Readding Data Domain to Avamar should work this time.

Support Cases

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Dell - Defect ID: 220028

Avamar: Adding Data Domain to Avamar Fails with Message "Failed to run 'certificate import host application ddboost'" and "Certificate import failed. The Imported certificate is not yet valid."

Dell - Defect ID: 220028

Avamar: Adding Data Domain to Avamar Fails with Message "Failed to run 'certificate import host application ddboost'" and "Certificate import failed. The Imported certificate is not yet valid."

Last updated on 12/6/2023

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Support Cases

Links

Top Dell defects by risk score

Ready to prevent the next vendor outage?