Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
Avamar Backend report (DD) fails after upgrade of Data Domain OS.The error seen in the mcserver.log is: com.avamar.mc.rpt.job.BackendCapacityDDReportJob.publishStatus WARNING: I/O error: Fatal Alert received: Handshake Failure.; nested exception is javax.net.ssl.SSLException: Fatal Alert received: Handshake Failure. org.springframework.web.client.ResourceAccessException: I/O error: Fatal Alert received: Handshake Failure.; nested exception is javax.net.ssl.SSLException: Fatal Alert received: Handshake Failure. at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:453) at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:415) at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:391) at com.avamar.mc.rpt.bcrdd.AuthSession.authenticate(AuthSession.java:87) at com.avamar.mc.rpt.job.BackendCapacityDDReportJob.authenticate(BackendCapacityDDReportJob.java:634) at com.avamar.mc.rpt.job.BackendCapacityDDReportJob.submit(BackendCapacityDDReportJob.java:244) at com.avamar.mc.rpt.job.BackendCapacityDDReportJob.run(BackendCapacityDDReportJob.java:130) at com.avamar.mc.rpt.job.ReportManager$1.run(ReportManager.java:88) at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLException: Fatal Alert received: Handshake Failure. at com.rsa.sslj.x.aH.a(Unknown Source) at com.rsa.sslj.x.aH.a(Unknown Source) at com.rsa.sslj.x.aH.a(Unknown Source) at com.rsa.sslj.x.ap.c(Unknown Source) at com.rsa.sslj.x.ap.a(Unknown Source) at com.rsa.sslj.x.ap.j(Unknown Source) at com.rsa.sslj.x.ap.i(Unknown Source) at com.rsa.sslj.x.ap.h(Unknown Source) at com.rsa.sslj.x.aS.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.springframework.http.client.HttpComponentsClientHttpRequest.executeInternal(HttpComponentsClientHttpRequest.java:88) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:49) at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:91) at com.avamar.mc.datadomain.DdrRestClient$1.intercept(DdrRestClient.java:92) at org.springframework.http.client.InterceptingClientHttpRequest$RequestExecution.execute(InterceptingClientHttpRequest.java:81) at org.springframework.http.client.InterceptingClientHttpRequest.executeInternal(InterceptingClientHttpRequest.java:67) at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:46) at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:49) at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:438) ... 8 more
The Data Domain OS uses new ciphers that are not specified in the mcserver.xml in Avamar.
There should be no backups, restores, or replications running on the Avamar Server.Take a copy of the /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml.Stop the MCS service.Update the following entries in the mcserver.xml: <entry key="ddr_rest_supported_cipher_suites" and Ensure the following ciphers are in both entries: TLS_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Start the MCS serviceAvamar Backend report (DD) should now work.