Loading...
Loading...
When adding a new Data Domain system to Avamar, it fails with the below message: Description: "Failed to configure certificate on Data Domain system" Reason: "Failed to execute 'certificate import host application ddboost'" Error message from DD: "The SHA1 fingerprint for the imported host certificate is:42:20:7A:99:5F:AE:B0:D1:98:EB:45:40:EC:B6:70:FD:F4:34:6A:00**** Certificate import failed. Imported certificate is not yet valid. Certificate will become valid on Thu Nov 16 14:22:24 2023." The log file /usr/local/avamar/var/mc/server_log/mcserver.log.0 shows the below error message: 11/16-14:22:30.00374 [RMI TCP Connection(1369)-172.27.247.117#52459] com.avamar.asn.service.ServiceContainerImpl.getService FINE: Service get completed for service: com.avamar.mc.dpn.DPNProxyService 11/16-14:22:30.00375 [RMI TCP Connection(1369)-172.27.247.117#52459] com.avamar.mc.datadomain.DataDomainService.generateAndImportDdrHostCert WARNING: Failed to execute 'certificate import host application ddboost'. Error message from DD: The SHA1 fingerprint for the imported host certificate is: 42:20:7A:99:5F:AE:B0:D1:98:EB:45:40:EC:B6:70:FD:F4:34:6A:00**** Certificate import failed. Imported certificate is not yet valid. Certificate will become valid on Thu Nov 16 14:22:24 2023. The simultaneous running 'date' on both the Avamar and Data Domain shows that the time on the Avamar is ahead of the time on the Data Domain. Even though this is only several seconds different, it still causes the issue.
The Network Time Protocol (NTP) setting is not working properly on either the Avamar or Data Domain which is causing the time on the Avamar to be ahead of the time on the Data Domain. When adding the Data Domain to the Avamar, Avamar generates the certificate in real time and imports it as the host certificate to Data Domain. Because the time on the Avamar is ahead of the time on the Data Domain, the certificate Avamar generated is not yet valid on Data Domain. Thus, Data Domain generates the error "Certificate import failed. The imported certificate is not yet valid. Certificate becomes valid on."
Correct the NTP configuration on both the Avamar and the Data Domain. Alternately, manually set the time to ensure that the time on the Avamar server is no earlier than the time on the Data Domain. Readding Data Domain to Avamar should work this time.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.