Sign up for my weekly newsletter, its short and sweet.

Tag : avamar

EMC Avamar SSL Cert

EMC Avamar SSL Cert Generation

After completing a successful root to root Avamar migration I noticed that the old SSL certs were still being used. Through some digging I finally found a very simple and easy command to update it.

The gen-ssl-cert command installs a temporary Apache web server SSL cert and restarts the web server.

gen-ssl-cert [–debug] [–help] [–verbose]

Note: You must run the gen-ssl-cert as root, and the original files are backed up and saved as:
• /etc/httpd/conf/ssl.crt/server.crt.orig
• /etc/httpd/conf/ssl.key/server.key.orig

In order to view your current certificate you can use the following command:

root@avamarnew:/etc/apache2/ssl.crt/#: openssl x509 -noout -text -in server.crt

Here is the sample of what running the script looks like:

root@avamarnew:/srv/www/#: gen-ssl-cert
Generating RSA private key, 3072 bit long modulus
.........................................................................................++
...................................................................................................................................................++
e is 65537 (0x10001)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:State or Province Name (full name) [Some-State]:Locality Name (eg, city) []:Organization Name (eg, company) [Internet Widgits Pty Ltd]:Organizational Unit Name (eg, section) []:Common Name (eg, YOUR name) []:Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:An optional company name []:Signature ok
subject=/C=US/ST=SomeState/L=SomeLocale/O=SomeOrganization/OU=SomeOrganizationalUnit/CN=avamarhq.sccu.local/emailAddress=root
Getting Private key
gen-ssl-cert: INFO: installed these web server SSL temporary certificate files:
-rw------- 1 root root 1708 Mar 2 12:29 /etc/apache2/ssl.crt/server.crt
-rw------- 1 root root 2455 Mar 2 12:29 /etc/apache2/ssl.key/server.key

Checking for httpd2: running
Shutting down httpd2 (waiting for all children to terminate) done
Starting httpd2 (prefork)

Avamar Backup of a Windows VM fails with the error: Protocol error from VMX

Recently on a new install of Avamar version 6.1; I had a VMware Image based backup fail with error 10007. Upon further investigation of the backup job log I noticed that the snapshot failed with: A general system error occured: Protocol error from VMX. This is a good example of two very vague errors on both the backup system and the virtual infrastructure. So to further investigate we needed to look deeper into the vmware.log file…

Avamar VMware Image Level Backup

Avamar 6.1 Unified Proxy Appliance for VMware

I’m going back over some of the new differences in Avamar 6.1 and am very impressed with the enhancements that Avamar now has with VMware image based backups. Before version 6.1 you needed a seperate image proxy for Linux and a seperate proxy for Windows, now with the new proxy design both Operating Systems have been integrated into one proxy. Not only does the proxy support both OS’s but now it also supports File Level Recovery to both OS’s where as Windows was only supported previously. To be more specific; the Unified Proxy now supports Windows NTFS, and Linux ext2, ext3, and LVM. The proxy does NOT support the following: Windows GPT Partitions, Windows Dynamic disks, Extended Partitions, Encypted Partitions, Compressed Partitions, or XFS.

Warning 6698 VSS exception code 0x800706be thrown freezing volumes – The remote procedure call failed

When you try to create shadow copies on large volumes that have a small cluster size (less than 4 kilobytes), or if you take snapshots of several very large volumes at the same time, the VSS software provider may use a larger paged pool memory allocation during the shadow copy creation than is required. If there is not sufficient paged pool memory available for the allocation, the shadow copy cannot complete and may cause the loss of all previous shadow copy tasks. Follow this article and apply the fix:

http://support.microsoft.com/kb/833167

1 2