Re: [ADSM-L] TDP for SAP issue

Hi Eric,

during API initialization some libraries are loaded even if they are not
used at all - ie ssl libraries can be loaded even though SSL is not used
for client-server connection. This same applies also to encryption
libraries. By default AES128 encryption library is attempted.
But some older TDP applications are not happy if it tries to load AES128
encryption library that was installed as part of newer TSM API. In this
case you need to fallback to DES56 encryption library (even if you do not
intent to use them).

Bye

Martin J.

"ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/10/2015
09:05:05 AM:

> From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> To: ADSM-L AT VM.MARIST DOT EDU
> Date: 12/10/2015 09:06 AM
> Subject: Re: [ADSM-L] TDP for SAP issue
> Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
>
> Hi Martin!
> Like I specified in my mail, I do not want to use encryption at all!
> Encryption is killing for deduplication. But it's a bug that the TDP
> 6.2 client requires encryption to be switched on before it's working
> with the 7.1 API...
> Kind regards,
> Eric van Loon
> AF/KLM Storage Engineering
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On
> Behalf Of Martin Janosik
> Sent: woensdag 9 december 2015 16:59
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: Re: TDP for SAP issue
>
> Hello,
>
> by specifying 'ENCRYPTIONType DES56' in dsm.sys stanza you are just
> overwriting default value that is 'ENCRYPTIONType AES128'.
> If you want to enable encryption for your customer's backup, you
> need to specify it explicitly - via 'include.encrypt /.../*' in your
> include/exclude list or client option set.
> Have a look on
> http://www-304.ibm.com/support/knowledgecenter/SSGSG7_7.1.0/
> com.ibm.itsm.client.develop.doc/c_encryp_transp.html
>
>
> Martin J.
>
> "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU> wrote on 12/09/2015
> 03:00:36 PM:
>
> > From: "Loon, EJ van (ITOPT3) - KLM" <Eric-van.Loon AT KLM DOT COM>
> > To: ADSM-L AT VM.MARIST DOT EDU
> > Date: 12/09/2015 03:02 PM
> > Subject: [ADSM-L] TDP for SAP issue
> > Sent by: "ADSM: Dist Stor Manager" <ADSM-L AT VM.MARIST DOT EDU>
> >
> > Hi guys!
> > One of my customers has an issue on his TDP for SAP clients. They are
> > using TDP for SAP 6.2 and recently we upgraded all TSM clients to 7.1.
> > This caused the TDP clients to fail with the following error:
> >
> > ANS1463E (RC5801) Unexpected error in cryptography library.
> >
> > In the API error log:
> >
> > 11/02/15 14:27:04 ANS1467E ICC routine ICC_SetValue
> > (ICC_FIPS_APPROVED_MODE) returned: majRC = 2, minRC = 2, desc =
> > 'Invalid data value: icclib.c:921'.
> >
> > We do not use any encryption, but as soon as the customer adds the
> > line ENCRYPTIONTYPE DES56 to the dsm.sys, the backup works! So that's
> > what he did, but now I have an issue, because encryption is killing
> > for the deduplication on the backend Data Domain...
> > IBM won't help me with this bug because TDP for SAP 6.2 is out of
> > support. The customer does not want to upgrade to TDP for SAP 7.1.3
> > yet because they need to validate this version first.
> > I could downgrade the BA/API client to 6.2, but then I have to force a
> > full back up again for the BA client, because restoring 7.1 data with
> > a 6.2 client will most likely not work. So I was hoping to find some
> > work-around. Is it maybe possible to somehow install the 6.2 API next
> > to the 7.1 API? In that case I need to figure out how to make the TDP
> > client use this API version only...
> > Thank you very much for any help in advance!
> > Kind regards,
> > Eric van Loon
> > AF/KLM Storage Engineering
> >
> > ********************************************************
> > For information, services and offers, please visit our web site:
> > http://www.klm.com. This e-mail and any attachment may contain
> > confidential and privileged material intended for the addressee only.
> > If you are not the addressee, you are notified that no part of the
> > e-mail or any attachment may be disclosed, copied or distributed, and
> > that any other action related to this e-mail or attachment is strictly
> > prohibited, and may be unlawful. If you have received this e-mail by
> > error, please notify the sender immediately by return e-mail, and
> > delete this message.
> >
> > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/ or
> > its employees shall not be liable for the incorrect or incomplete
> > transmission of this e-mail or any attachments, nor responsible for
> > any delay in receipt.
> > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
> > Dutch Airlines) is registered in Amstelveen, The Netherlands, with
> > registered number 33014286
> > ********************************************************
> >
> ********************************************************
> For information, services and offers, please visit our web site:
> http://www.klm.com. This e-mail and any attachment may contain
> confidential and privileged material intended for the addressee
> only. If you are not the addressee, you are notified that no part of
> the e-mail or any attachment may be disclosed, copied or
> distributed, and that any other action related to this e-mail or
> attachment is strictly prohibited, and may be unlawful. If you have
> received this e-mail by error, please notify the sender immediately
> by return e-mail, and delete this message.
>
> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/
> or its employees shall not be liable for the incorrect or incomplete
> transmission of this e-mail or any attachments, nor responsible for
> any delay in receipt.
> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal
> Dutch Airlines) is registered in Amstelveen, The Netherlands, with
> registered number 33014286
> ********************************************************
>
>