Symptoms

Unable to add a specific Data Domain (DD) to DDMC. Example: SE@host## managed-system add domainname.com force The SHA1 fingerprint for the remote host's CA certificate is F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9 Do you want to trust this certificate? Are you sure? (yes|no) [no]: yes ** Once added, all "admin" role users on this DD Management Center will operate on "domainname.com" system with "admin" role. To allow "domainname.com" to be managed by this DD Management Center, Enter "domainname.com" sysadmin password: ok, proceeding. *** Add domainname.com failed: System "domainname.com" is in the "unknown" state. Data collection is disabled Another possible error message when trying to add a new managed system to DDMC is as follows: **** managed-dd.example.com: Error communicating with host ddmc.example.com: error occurred in the SSL/TLS handshake.

Cause

This can be due to various reasons, such as: Connectivity issuedInvalid entries in DDInvalid entries on DDMCRequired port is not openSSL/TLS protocol version mismatch between the DDMC and the DD Logs: DDMC:Messages.engineering: Jul 29 19:04:36 hostname sms: NOTICE: Trust with host aaa.com has been added Jul 29 19:09:42 hostname -ddsh: NOTICE: MSG-DDSH-00017: (tty=pts/0, session=8899) user: command "managed-system add domainname.com force" exited with code: 95 Jul 29 20:58:37 hostname -ddsh: NOTICE: MSG-DDSH-00009: (tty=pts/0, session=8899) user: command "managed-system add domainname.com force" Jul 29 21:04:36 hostname sms: WARNING: ems_post_event: Failed to initialize event: Incompatible managed system version. EVT-OBJ::SystemName=domainname.com EVT-INFO::DetectedVersion= Jul 29 21:23:32 hostname sms: NOTICE: Trust with host aaa.com has been added Jul 29 21:47:24 hostname -ddsh: NOTICE: MSG-DDSH-00017: (tty=pts/0, session=8899) user: command "managed-system add domainname.com force" exited with code: 245 sms.info: 07/29 21:04:36.487 (tid 0x6ffbca0): **** Error communicating with host domainname.com: Error communicating with host domainname.com: error occurred in the SSL/TLS handshake. 07/29 21:04:36.509 (tid 0x6ffbca0): Workflow Getting system data (ID 1434912) starts child workflow (ID 1434913) to get current node config & status info for host "domainname.com" 07/29 21:04:36.521 (tid 0x70005a0): Workflow (ID 1434913) begin to get_node_info for host "domainname.com" 07/29 21:04:36.716 (tid 0x70005a0): **** Error communicating with host domainname.com: error occurred in the SSL/TLS handshake. 07/29 21:04:36.723 (tid 0x70005a0): Workflow (ID 1434913) detected host "domainname.com" is unreachable. No data collection is performed. 07/29 21:04:36.733 (tid 0x70005a0): WARNING: ems_post_event: Failed to initialize event: Incompatible managed system version. EVT- OBJ::SystemName=domainname.com EVT-INFO::DetectedVersion=

Resolution

For possible causes of problems, follow the troubleshooting steps below: Check the connectivity between DD and DDMC using the ping and net lookup commands both ways. Add appropriate host entries if required to make ping and net lookup successful. Check the connection to DD from the DDMC by running the following command: #managed-system check-connection <DD Hostname> Check that port 3009 is open by using telnet: Check the 'telnet' connection, and port (3009) to each component (DD/DDMC) using a Telnet client. Example of telnet connecting: The connection closed by foreign host is expected since DD OS does not allow Telnet. telnet 10.11.12.13 3009 Trying 10.11.12.13... Connected to 10.11.12.13. Escape character is '^]'. Connection closed by foreign host. Compare the fingerprint that DDMC fetches while adding DD to DDMC with that of the DD CA certificate. DDMC should pick up the correct DD fingerprint: SE@phxdd01#adminaccess certificate show detailed Type: host Cert Type: Host Certificate Application: https Subject/Issued To: domainname.com Issued By: domainname.com Valid From: Sat Aug 1 01:30:36 2015 Valid Until: Wed Jul 25 08:30:36 2046 Fingerprint: 7F:81:11:BC:F5:10:40:83:68:87:81:F5:97:77:EF:6C:EF:02:74:82 Type: ca Cert Type: Root CA Application: trusted-ca Subject/Issued To: domainname.com Issued By: domainname.com Valid From: Sun Aug 2 08:30:36 2015 Valid Until: Wed Jul 25 08:30:36 2046 Fingerprint: F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9 SE@DDMC01## managed-system add domainname.com force The SHA1 fingerprint for the remote host's CA certificate is F1:D2:22:95:7C:45:C9:69:CB:76:25:18:C7:33:30:43:7A:CA:98:B9 Do you want to trust this certificate? Are you sure? (yes|no) [no]: yes On DD, check the Hostnames for Host and CA certificate under the Subject column. It should be the same unlike below: user@host# hostname The Hostname is: domainname.com user@host# adminaccess certificate show Subject Type Application Valid From Valid Until Fingerprint ---------------------------------- ---- ----------- ------------------------ ------------------------ --------------------------------------- domainname.com host https Sun Dec 8 12:16:08 2013 Wed Nov 30 18:16:08 2044 2A:21:3E:1E:43:C9:77:F7:20:EF:E5:DF:D9:C9:9A:F8:4C:33:5E:0B abc.def.com ca trusted-ca Wed Feb 22 12:41:58 2012 Sat Feb 14 12:41:58 2043 AE:AF:8A:E9:0D:0C:F3:53:B5:A7:BF:D8:38:BC:2D:DA:CF:E5:E9:C8 ---------------------------------- ---- ----------- ------------------------ ------------------------ --------------------------------------- If a mismatch is present, as in the above output or a certificate is expired, then regenerate the certificate on DD.See KB article Data Domain: Web UI Inaccessible Due to Expired https Certificate for more information. # ddsh -a adminaccess certificate show Subject Type Application Valid From Valid Until Fingerprint -------------------------- ---- ----------- ------------------------ ------------------------ ------------------------------------------ domainname.com host https Sat Aug 8 06:39:31 2015 Wed Aug 1 10:39:31 2046 D5:26:79:20:3A:2F:73:41:7E:A8:5C:9B:69:54:11:8B:33:E9:BD:D9 domainname.com ca trusted-ca Sun Aug 9 11:39:31 2015 Wed Aug 1 10:39:31 2046 02:A0:F7:49:E1:16:BC:8E:FD:47:E4:24:C3:AE:45:7D:B1:8B:0C:3D -------------------------- ---- ----------- ------------------------ ------------------------ ----------------------------- On DDMC, verify that all valid hostnames are added as managed systems and under trust. #adminaccess trust show #managed-system show Compare the outputs of both the commands above and see if there is any mismatch.Trust for invalid DD hostnames must be deleted from the DDMC. Run on DDMCRun this CLI command to remove DDR trust: #adminaccess trust del host <Data Domain Hostname> type mutual Run on Data Domain #adminaccess trust del host <DDMC hostname> type mutual Now try to re-add the Data Domain to DDMC using the CLI with the force option: #managed-system add <DD Hostname> force The sync command can be used anytime to synchronize managed systems on DDMC: #managed-system sync #managed-system show

Support Cases