Now I am not sure how BAC 8.1.2 works with TSM 7.1.7.
Could you please check your test client with and without "SSL OFF" for 
dsmcert.idx, dsmcert.kdb and dsmcert.sth in baclient folder? And if they exist, 
what's happened when you remove those files and start client?

Sorry if I pointed you in the wrong direction and everything should work 
without any changes.

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
Zoltan Forray
Sent: Tuesday, August 29, 2017 4:43 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: Re: [ADSM-L] 8.1.2 client and 7.1.7 servers

Thank you for the information and links.  I did see the YouTube video you refer 
to.

Since we don't use SSL/TLS at all (I suspect we will with a big emphasis on PCI 
security),  do I simply need to add "SSL NO" to the client dsm.opt files so it 
won't try to use SSL?  We finally installed (upgraded) the
8.1.2 client on a Windows test machine and it connected and backed-up without 
any issues.  We haven't tried scheduling since it is a test machine.

On Tue, Aug 29, 2017 at 9:24 AM, Mikhail Tolkonyuk <mtolkonyuk AT cinimex DOT 
ru>
wrote:

> You must update server certificate to SHA-256 before upgrading clients 
> or disable SSL in dsm.opt on all of them.
>
> BAC 8.1.2 remembers server certificate and uses TLS by default, it 
> will work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade 
> server and OC to 8.1.2. During upgrade server generates new SHA-256 
> certificate and clients no more able to connect to "untrusted server" with 
> new certificate.
> As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth 
> files from client folder and reset transport method for node after 
> server update, but it's much easier to solve the issue in advance.
>
> Check the default cert with the following command:
> gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed
>
> For more details watch Tricia's video about TLS 1.2:
> https://youtu.be/QVPrxjmo_aU
>
> And see technote 2004844:
> https://www-01.ibm.com/support/docview.wss?uid=swg22004844
>
>
> -----Original Message-----
> From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf 
> Of Zoltan Forray
> Sent: Tuesday, August 22, 2017 4:03 PM
> To: ADSM-L AT VM.MARIST DOT EDU
> Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers
>
> Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers?  I 
> haven't had the chance to test such a configuration (since my lone 
> test server is at 8.1.1) and with the dire-warnings in the readme 
> docs, I made sure everyone on my staff knows to NOT install 8.1.2 clients.
>
> From the readme/docs:
>
> Upgrade your IBM Spectrum Protect™ servers to Version 8.1.2 before you 
> upgrade the backup-archive clients.
>
>
>
> If you do not upgrade your servers first, communication between 
> servers and clients might be interrupted.
>
>
> --
> *Zoltan Forray*
> Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon 
> Monitor Administrator VMware Administrator Virginia Commonwealth 
> University UCC/Office of Technology Services www.ucc.vcu.edu 
> zforray AT vcu DOT edu -
> 804-828-4807 Don't be a phishing victim - VCU and other reputable 
> organizations will never use email to request that you reply with your 
> password, social security number or confidential personal information. 
> For more details visit http://infosecurity.vcu.edu/phishing.html
>



--
*Zoltan Forray*
Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor 
Administrator VMware Administrator Virginia Commonwealth University UCC/Office 
of Technology Services www.ucc.vcu.edu zforray AT vcu DOT edu - 804-828-4807 
Don't be a phishing victim - VCU and other reputable organizations will never 
use email to request that you reply with your password, social security number 
or confidential personal information. For more details visit 
http://infosecurity.vcu.edu/phishing.html