Clients can't connect

chad_small

ADSM.ORG Moderator
Joined
Dec 17, 2002
Messages
2,262
Reaction score
52
Points
0
Location
Gilbert, AZ
Website
www.tsmadmin.com
PREDATAR Control23

I have run into an issue after upgrading a SP server from 8.1.0.0 to 8.1.8.0. The issue is that the SP server shows a ton of the following errors...

08/22/2019 10:33:34 ANR3334W The server experienced a TCP/IP error while
receiving data on socket 229. Reason 73, Origin
Address 10.106.4.174:1501. (SESSION: 29)
08/22/2019 10:33:35 ANR3334W The server experienced a TCP/IP error while
receiving data on socket 230. Reason 73, Origin
Address 10.106.9.0:1501. (SESSION: 29)
08/22/2019 10:33:36 ANR3334W The server experienced a TCP/IP error while
receiving data on socket 232. Reason 73, Origin
Address 10.106.8.229:1501. (SESSION: 29)

The clients that are failing are all 8.1.4. Those that were 8.1.0 or 7.1.x all work fine. All clients have SESSIONSEC=TRANSITIONAL. If I go by the reason code then the API is saying incompatible client??? Here are sample errors from the dsmerror.log.

08/22/2019 08:36:54 ANS9020E A session could not be established with a IBM Spectrum Protect server or client agent. The return code is -362.
08/22/2019 08:36:54 ANS1029E Communication with the IBM Spectrum Protect server is lost.
08/22/2019 08:56:54 ANS1579E GSKit function gsk_secure_soc_init failed with 406: GSK_ERROR_IO
08/22/2019 08:56:54 ANS9020E A session could not be established with a IBM Spectrum Protect server or client agent. The return code is -362.
08/22/2019 08:56:54 ANS1029E Communication with the IBM Spectrum Protect server is lost.

So the clients don't show having a cert db created. I asked the admins to put the

SSLACCEPTCERTFROMSERV YES

But they said it didn't work. I really don't want to have to walk them through adding the cert to every client using dsmcert.
 
PREDATAR Control23

Have you tried updating the clients to:

update node <node_name> SESSIONSECURITY=transitional

from the TSM server side?
 
PREDATAR Control23

ANR3334W is a new message since 8.1.7 or 8.1.8 (doesn't show in the message list for 8.1.6 or lower. Unfortunately it doesn't provide much to go on...
 
PREDATAR Control23

OK we ientified the issue. The Network team was blocking SSL at the firewall. So once they applied a rule to allow SSL the 8.1.4 clients worked without issue. The one thing that kind of makes sense now is the ANR3334W error was showing the client IP attempt to connect but SP could not identify the node since no information was allowed to be exchanged.
 
Top