OPERATIONAL DEFECT DATABASE
...
...
After upgrading Avamar server and client to 7.3 or higher, some backups going to Data Domain fail with error "the user has insufficient access rights". Sample backup log: 2017-01-17 15:08:02 avtar Info <19156>: - Establishing a connection via token to the Data Domain system with encryption (Connection mode: A:3 E:2). 2017-01-17 15:08:12 avtar Warning <18125>: Calling DDR_OPEN_VIA_TOKEN returned result code:5075 message:the user has insufficient access rights 2017-01-17 15:08:12 avtar Error <10542>: Data Domain server "DDserver.local" open failed DDR result code: 5075, desc: the user has insufficient access rights 2017-01-17 15:08:12 avtar Error <10509>: Problem logging into the DDR server:'', only GSAN communication was enabled. 2017-01-17 15:08:12 avtar FATAL <17964>: Backup is incomplete because file "/ddr_files.xml" is missing 2017-01-17 15:08:12 avtar Info <10642>: DDR errors caused the backup to not be posted, errors=0, fatals=0 2017-01-17 15:08:12 avtar Info <12530>: Backup was not committed to the DDR. 2017-01-17 15:08:12 avtar FATAL <8941>: Fatal server connection problem, aborting initialization. Verify correct server address and login credentials.
The client's hostname does not match the --hostname flag in avagent.cmd file. Avamar 7.3 uses token based authentication as the default authentication method to DD. The token is requested by Avamar server on behalf of the client, and it is assigned by DD. When the client uses this token to connect to DD, DD finds out that the owner of the token does not have the same name as the hostname in the token. Therefore DD considers the token as invalid for this client, and backup fails. Sample error that is present in ddfs.info about the invalid token: (tid 0x7fe816905c20): ost_validate_token: Invalid Token, Client hostname avamar.local not found in Token with list(avamar.com). Avamar server issues the token via ddrmaint commands. The request can be found in /data01/avamar/var/ddrmaintlogs/ddrmaint.log : ddrmaint.bin[10688]: Info: request-token:body:service avamar.local.
There are two workarounds possible: 1. Remove --hostname flag in avagent.cmd file, and re-register the client with the actual hostname. 2. Disable token authorization in MCS a. Edit /usr/local/avamar/var/mc/server_data/prefs/mcserver.xml configuration file b. Replace the following entry: use_ddr_auth_token = true with use_ddr_auth_token = false c. Restart MCS: dpnctl stop mcs dpnctl start mcs, sched
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
