10.02 backup fails with error Secure communication protocol negotiation error
DP CM windows 2012 R2, DP 10.02 with SSPF as:
QCCR2A78222_HF1 csm.exe Test binary
QCCR2A77330_HF1 omnidbutil.exe Test binary
QCCR2A78222_HF1 rsm.exe Test binary
QCCR2A77362_HF4 vmwaregre-agent.exe Test binary
out of 100 clients on 1 client I am facing issue with secure communication protocol. All teh backups for this host failed with error:
Secure communication protocol negotiation error when trying to establish a connection.
Check the validity of certificates and their configuration
I have tried adding the "omnicc -secure_comm -configure_peer" on both CM & Client and after this it will work only for 1 time and then again backup will start failing.
I ahve also tried exporting the client, adding teh certificates between them "omnicc -secure_comm -configure_peer" and re-import client. Backup work normal for first but again fails from second time.
Any help what's wrong here?
try this out, export the client from the cell server and run ==> omnicc -secure_comm -remove_peer clientname - command on the cell server.
then run omnicc -secure_comm -configure_for_dr clientname in the cell server.
then import the client and then start the backup for the client.
Please try to make secure communication exception and we will be sure that issue is this.
C:\>omnicc -secure_comm -configure_exception clientname.fqdn.com -overwrite
C:\>omnicc -secure_comm -configure_exception cellname.fwdn.com -overwrite
Run backup again and let us to know the result.
I have the same problem as the OP.
Tried first suggjestion to change to backup type of DR, this had no effect.
The 2nd option to enable a host excception, it did have an effect but did not fix the probelm.
I now get a new error.
IPC Read Error
System Error 10054 Connection reset by peer
Could not connec t to inet in order to start
I can telnet to the 5565 port and Inet service is up and running.
I can also telnet to the random high number port being reported when failing secure connection.
I had this too and this is what I did to get rid of these errors:
Below are the steps for DP on Windows.
- On the client, rename the folder C:\ProgramData\OmniBack\Config\client\sscertificates to something like C:\ProgramData\OmniBack\Config\client\sscertificates.orig
- On the client, run omnicc -secure_comm -regenerate_cert CM_NAME
- On the CM, run omnicc -secure_comm -configure_peer CLIENT_NAME
- On the client, run omnicc -secure_comm -configure_peer CM_NAME
I'll give this a try today.
The issue with my environment is a bit more complicated however.
I have say 20 servers all running the DA.
Then I have one of two possible backup desitnations.
One is disk based where my CM is the MA these backups work.
The other is to tape where a different server is the MA. I have 2 out of 20 servers giving the error mentioned in this thread when saving a backup to this destination.
With that said, I'll just try to run these commands on all 3 servers, but I have done many commands similar already.
I tried to do exactly the above first, did not fix my problem.
Still had disk backups working but not tape.
I then tried to do some of those commands on the server acting as the MA for the tape, no luck with that either.
I did not completly delete/regenerate the cert on that rserver as it would probably break the backup for the other 18 servers that are working. I did run the accept new peer command however.
I see some servers have a .pem file specific to a server in the sscertificates folder usually in relation to when I have run the configure_peer command, but other servers do not, yet they still work without it.
After trying EVERYTHING, and I mean everything.
I got this working, why I don't know, and I can't say for sure if its related to the program or to the environment.
The Fix: Add a static IP to my HOST file for the MA Server.
What did not work:
Full reinstall of the software
Delete, Create, Import new Secure Certificate
Turn off Firewall
Change backup options
Was able to:
Ping by name and IP
Telnet by name and IP
Tracert by name and IP
See the correct security certificate when I accepted the peer
Everything looks like it should, but the backup just would not work until I added a host file line entry, then it worked perfectly.
I have the same issue in my enivronment. Where the Client Machine(AIX 7.2) is working fine with remote side media server but not withthe respective side media server
I tried to make the secure communication exception on the client and CM but still issue persist
[Critical] From: BDA-NET@Client_Name "/home" Time: 20/03/2018 1:38:06 PM
Cannot connect to Media Agent on system Media_Server_Name, port 84539 (Secure communication protocol negotiation error when trying to establish a connection.
Check the validity of certificates and their configuration.
) => aborting.
Possibly tried this command on Problamatic Media Agent as well and Client Machine, Which in turn backup didnt fail in first but wrote some MB's of data and went hung