• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

Security settings for 8.1.2

uwekoch

Active Newcomer
#1
After installing server 8.1.2 and ba client 8.,1.2 to a new environment of 4 instances all instances worked fine.
After the configuration of server-to-server communication between those 4 instances, the dsmadmc clients can no linger connect to the servers with message "client is down-level with this server version". But the client is 8.1.2 as well as the server.
After removing and reregistering an admin, the session works fine until there is a server-server-session used. After that the client "is down-level" again. So it has to do with the security level of the admin's last connection.

Any suggestions how to configure server and client to have a stable admin session possible by local dsmadmc AND by command redirection from other instance ?
 

moon-buddy

ADSM.ORG Moderator
#2
Have you deleted and redefined all server-to-server communications on all instances?

Are there NO instance that are lower than 8.1.2 that an 8.1.2 instance is attempting to connect to.

Remember that server-to-server communication is between TSM instances and as such ideally must be all on the same level. If the source instance is lower than the target instance, this would work but not vice-versa.
 

uwekoch

Active Newcomer
#3
Yes, all definitions ar enew. There are 4 instances freshly installed on 2 hw servers. 2 instances on each hw. Only these 4 instances of 8.1.2 and the tsm clients 8.1.2 are installed in this new environment.
Currently inst0 and inst1 can communicate in both directions, inst2 and inst3 also communicate in both directions. (tested with ping server ...)
But inst2 can ping to inst0 and inst1 but not from inst0 to inst2 or inst3
and also inst 3 can ping inst0 and inst1 but not from inst0 or inst1 to inst3
All ssl keys have been added on all machines and all admins are registered newly with the same parameters.

But from inst1 to inst2 the ping answers:
Protect: SRVBCK01>ping server srvbck02
ANR1705W A ping request to server 'SRVBCK02' was not able to establish a connection by using administrator credentials.
ANS8001I Rückkehrcode 4.
 

moon-buddy

ADSM.ORG Moderator
#4
Have you set the server password on all instances at the same one?

If you have not, delete all server-to-server settings, set the server password to the same on all, and redefine.
 

uwekoch

Active Newcomer
#5
Have you deleted and redefined all server-to-server communications on all instances?

Are there NO instance that are lower than 8.1.2 that an 8.1.2 instance is attempting to connect to.

Remember that server-to-server communication is between TSM instances and as such ideally must be all on the same level. If the source instance is lower than the target instance, this would work but not vice-versa.

And an additional question :

Ususally all servers should have the same version for server-to-server-communication, thats clear.

But here the customer wants to export data from an old (outdated, unsupported) version 6.2.3.100 to one of the new instances with 8.1.2.
would this be possible by server-to-server-communication, or only be export/import tape or file ?

(Customer knows that 6.2.3.100 is unsupported, but the data on it are still needed and should be transferred to 8.1.2)
 

moon-buddy

ADSM.ORG Moderator
#6
And an additional question :

Ususally all servers should have the same version for server-to-server-communication, thats clear.

But here the customer wants to export data from an old (outdated, unsupported) version 6.2.3.100 to one of the new instances with 8.1.2.
would this be possible by server-to-server-communication, or only be export/import tape or file ?

(Customer knows that 6.2.3.100 is unsupported, but the data on it are still needed and should be transferred to 8.1.2)
Yes - see my original reply.
 

uwekoch

Active Newcomer
#7
Have you set the server password on all instances at the same one?

If you have not, delete all server-to-server settings, set the server password to the same on all, and redefine.
The server passwords are all the same, and also the the admin password.
It is not yet in production, so it's easier this way.
 

uwekoch

Active Newcomer
#8
Yes - see my original reply.
I've seen it, but I explicitely wanted to know if an export from 6.2.3.100 to 8.1.2 will work.
6.2.3.100 is listed in no current compatibility matrix any more,s ince it is out of support.
But there was a large change between 6.2.3 and 6.3. as far as I remember. So maybe there could be an issue.
 

marclant

ADSM.ORG Moderator
#11
Are we now saying that current 7.1.x (non 7.1.8) clients sitting on Windows 2008 Servers will not be able to connect to a new ISP 8.1.2 Server using it's current standard communication method that it's been using to talk to a 7.1.5 Server?
No. Older clients will be able to connect to an 8.1.2 server.

https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.2/srv.admin/c_adm_sec_ovr.html
https://www.ibm.com/support/knowledgecenter/SSEQVQ_8.1.2/client/c_sec_upg_serv_client_fast_path.html
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 9 22.5%
  • Keep using TSM for Spectrum Protect.

    Votes: 19 47.5%
  • Let's be formal and just say Spectrum Protect

    Votes: 8 20.0%
  • Other (please comement)

    Votes: 4 10.0%

Forum statistics

Threads
31,001
Messages
131,978
Members
21,255
Latest member
pzzl321
Top