Symptoms

The issue is seen in PowerProtect Data Manager 19.14 and 19.15.PowerProtect Data Manager report shows no data.On the reporting engine, the following error could be found in /var/log/dellemc/agent/dpaagent.log (Or in PowerProtect Data Manager support bundle:\var\log\reporting\logs\agent\dpaagent.log): INFO 3345.3484 20240219:150901 com.emc.dpa.agent.mo - authenticate(): Attempting CREDS token, as the certificate based token generation is failed. WARN 3345.3484 20240219:150902 com.emc.dpa.agent.mo - obtainAccessToken(): Failed to login to xxx.xxx.com with user admin: HTTP post status: 423 INFO 3345.3490 20240219:151406 com.emc.dpa.agent.mo - authenticate(): Certificates are being setup... INFO 3345.3490 20240219:151511 com.emc.dpa.agent.mo - authenticate(): Using authType CERT INFO 3345.3490 20240219:151511 com.emc.dpa.agent.mo - authenticate(): Attempting CREDS token, as the certificate based token generation is failed. WARN 3345.3490 20240219:151511 com.emc.dpa.agent.mo - obtainAccessToken(): Failed to login to xxx.xxx.com with user admin: HTTP post status: 401

Cause

Reporting IP whitelisting might have been expired (the default is set to 365 days). To confirm this, run the following command in the PowerProtect Data Manager CLI with the admin user. ./ppcp rest --uri whitelist If the reporting node IP cannot be seen in the output of the above command it means that the reporting IP is not whitelisted. The following output is an example for "reporting IP is currently not whitelisted": admin@ppdm:~/bin> ./ppcp rest --uri whitelist =========================================================== PPCP : 0.44 PPDM : 19.14.0-20 Date : 18 Dec 2023 10:41 CST =========================================================== URL : GET https://localhost:8443/api/v2/whitelist?page=1&pageSize=100 [localhost] { "content": [], "page": { "number": 1, "size": 0, "totalElements": 0, "totalPages": 0 } }

Resolution

Step 1: Run the following command. Replace 10.xxx.xxx.xxx with customers reporting node ip and collect the "expiresAt" value. ./ppcp rest https://10.xxx.xxx.xx:8443 --uri whitelist Step 2: Create a file called payload.txt using the customers PowerProtect Data Manager at /home/admin using the following command: vi payload.txt Copy the following content in the payload.txt file. In this step, update the expiresAt value as 3 years from the expiry date and IP address as the customers reporting IP and save the file. { "expiresAt": "2027-02-27T12:57:10.389Z", "ip": "10.xxx.xxx.xxx", "roleId": "2bc98750-7675-0136-29e9-5bbd3ce729b0", "state": "APPROVED" } Step 3: Run the following ppcp command with the reporting node IP. ./ppcp rest --method POST https://10.xxx.xxx.xxx:8443 --uri whitelist --input payload.txt Once the above steps are performed, regenerate certificates on the reporting node. To do the same, follow the below steps: Step 01: Make sure a single entry in crontab is present to generate certificates. crontab -l crontab -e Step 02: remove old certificates from /opt/emc/dpa/agent/data/ppdm/rs directory. rm -rf /opt/emc/dpa/agent/data/ppdm/rs Step 03: DPA agent restart regenerate the certificates. /opt/emc/dpa/services/bin/dpa.sh agent restart Step 04: run below command /opt/emc/dpa/services/bin/dpa.sh svc restart

Support Cases