ADSM-L
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ADSM-L] 8.1.2 client and 7.1.7 servers

2017-08-29 09:25:41
Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers
From: Mikhail Tolkonyuk <mtolkonyuk AT CINIMEX DOT RU>
To: ADSM-L AT VM.MARIST DOT EDU
Date: Tue, 29 Aug 2017 13:24:49 +0000 
You must update server certificate to SHA-256 before upgrading clients or 
disable SSL in dsm.opt on all of them.

BAC 8.1.2 remembers server certificate and uses TLS by default, it will work 
with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to 
8.1.2. During upgrade server generates new SHA-256 certificate and clients no 
more able to connect to "untrusted server" with new certificate.
As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files from 
client folder and reset transport method for node after server update, but it's 
much easier to solve the issue in advance.

Check the default cert with the following command:
gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed

For more details watch Tricia's video about TLS 1.2:
https://youtu.be/QVPrxjmo_aU

And see technote 2004844:
https://www-01.ibm.com/support/docview.wss?uid=swg22004844


-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Zoltan Forray
Sent: Tuesday, August 22, 2017 4:03 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers

Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I haven't 
had the chance to test such a configuration (since my lone test server is at 
8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on 
my staff knows to NOT install 8.1.2 clients.

From the readme/docs:

Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you upgrade 
the backup-archive clients.



If you do not upgrade your servers first, communication between servers and 
clients might be interrupted.


--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zforray AT vcu DOT edu - 804-828-4807 
Don't be a phishing victim - VCU and other reputable organizations will never 
use email to request that you reply with your password, social security number 
or confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ADSM-L] syslog, Remco Post
Next by Date:  Re: [ADSM-L] 8.1.2 client and 7.1.7 servers, Zoltan Forray
Previous by Thread:  Re: [ADSM-L] 8.1.2 client and 7.1.7 servers, Stefan Folkerts
Next by Thread:  Re: [ADSM-L] 8.1.2 client and 7.1.7 servers, Zoltan Forray
Indexes:  [Date] [Thread] [Top] [All Lists]
ADSM.ORG Privacy and Data Security by KimLaw, PLLC