Re: [ADSM-L] 8.1.2 client and 7.1.7 servers
2017-08-29 09:25:41
You must update server certificate to SHA-256 before upgrading clients or
disable SSL in dsm.opt on all of them.
BAC 8.1.2 remembers server certificate and uses TLS by default, it will work
with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to
8.1.2. During upgrade server generates new SHA-256 certificate and clients no
more able to connect to "untrusted server" with new certificate.
As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files from
client folder and reset transport method for node after server update, but it's
much easier to solve the issue in advance.
Check the default cert with the following command:
gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
For more details watch Tricia's video about TLS 1.2:
https://youtu.be/QVPrxjmo_aU
And see technote 2004844:
https://www-01.ibm.com/support/docview.wss?uid=swg22004844
-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of
Zoltan Forray
Sent: Tuesday, August 22, 2017 4:03 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers? I haven't
had the chance to test such a configuration (since my lone test server is at
8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on
my staff knows to NOT install 8.1.2 clients.
From the readme/docs:
Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you upgrade
the backup-archive clients.
If you do not upgrade your servers first, communication between servers and
clients might be interrupted.
--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor
Administrator VMware Administrator Virginia Commonwealth University UCC/Office
of Technology Services www.ucc.vcu.edu zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will never
use email to request that you reply with your password, social security number
or confidential personal information. For more details visit
http://infosecurity.vcu.edu/phishing.html
|
ADSM.ORG Privacy and Data Security by KimLaw, PLLC
|