Thank you for the information and links.  I did see the YouTube video you
refer to.

Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on
PCI security),  do I simply need to add "SSL NO" to the client dsm.opt
files so it won't try to use SSL?  We finally installed (upgraded) the
8.1.2 client on a Windows test machine and it connected and backed-up
without any issues.  We haven't tried scheduling since it is a test machine.

On Tue, Aug 29, 2017 at 9:24 AM, Mikhail Tolkonyuk <mtolkonyuk AT cinimex DOT 
ru>
wrote:

> You must update server certificate to SHA-256 before upgrading clients or
> disable SSL in dsm.opt on all of them.
>
> BAC 8.1.2 remembers server certificate and uses TLS by default, it will
> work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and
> OC to 8.1.2. During upgrade server generates new SHA-256 certificate and
> clients no more able to connect to "untrusted server" with new certificate.
> As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files
> from client folder and reset transport method for node after server update,
> but it's much easier to solve the issue in advance.
>
> Check the default cert with the following command:
> gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
>
> For more details watch Tricia's video about TLS 1.2:
> https://youtu.be/QVPrxjmo_aU
>
> And see technote 2004844:
> https://www-01.ibm.com/support/docview.wss?uid=swg22004844
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of
> Zoltan Forray
> Sent: Tuesday, August 22, 2017 4:03 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
>
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I
> haven't had the chance to test such a configuration (since my lone test
> server is at 8.1.1) and with the dire-warnings in the readme docs, I made
> sure everyone on my staff knows to NOT install 8.1.2 clients.
>
> From the readme/docs:
>
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you
> upgrade the backup-archive clients.
>
>
>
> If you do not upgrade your servers first, communication between servers
> and clients might be interrupted.
>
>
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon
> Monitor Administrator VMware Administrator Virginia Commonwealth University
> UCC/Office of Technology Services www.ucc.vcu.edu zforray AT vcu DOT edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable
> organizations will never use email to request that you reply with your
> password, social security number or confidential personal information. For
> more details visit http://infosecurity.vcu.edu/phishing.html
>



-- 
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator
Xymon Monitor Administrator
VMware Administrator
Virginia Commonwealth University
UCC/Office of Technology Services
www.ucc.vcu.edu
zforray AT vcu DOT edu - 804-828-4807
Don't be a phishing victim - VCU and other reputable organizations will
never use email to request that you reply with your password, social
security number or confidential personal information. For more details
visit http://infosecurity.vcu.edu/phishing.html