This post is more than 5 years old
10 Posts
0
2232
November 28th, 2016 08:00
Avamar Replication on separate network
We have set our servers up to replicate data over a separate interface on the server. The network is a "simple" network, only three avamar servers (A, B and C) communicating, no FW and no DNS.
The servers can reach each other, but we dont get replication to work. The servers won´t respond to certification requests on the required port "...no one listening on port..." is what we get from the destination server and the connection ends.
Usernames and passwords are OK and tested.
.../probe.xml is set to on the interface and nothing else.
Does it require more than replication to work? do you have any other ideas?
Best regards
Jorgen
No Events found!
ionthegeek
2 Intern
•
2K Posts
0
December 13th, 2016 06:00
What version of Avamar is this please?
If it's Avamar 7.3 and the interface was added after initial installation or upgrade, you will likely need to run the "Session Security Configuration" package to regenerate the certificates.
ionthegeek
2 Intern
•
2K Posts
1
November 28th, 2016 11:00
Incoming replication is considered a backup so you need to specify in probe.xml for the incoming replication interface.
Jsvebeck
10 Posts
0
November 28th, 2016 23:00
Thanks Ian,
I will test it and let you know if it worked.
Jsvebeck
10 Posts
0
November 30th, 2016 03:00
Hi,
It didn't really work, but one step closer. It work when we shutdown the firewall on the Avamar server and connect without SSL.
I use this command to check the replication....
avmgr logn --hfsaddr=10.0.X.X --id=repluser --ap=password --noconfig --debug --encrypt=ssl
I got the result in the picture above (the community hung when I tried too move it down to the correct place in the text).
Jsvebeck
10 Posts
0
December 13th, 2016 00:00
Seems to be a Certification problem. The CN in the default certification is not compliant with the FQDN that we use to connect to the replication interface.
We have now tried to create a new certificate (self signed) with OpenSSL, with wildcards (eg. bck*.domain.se) so that it would accept the FQDN as an OK address. Someone with any experience how to make dedicated replication interfaces work with SSL?
Jsvebeck
10 Posts
0
January 2nd, 2017 04:00
Thanks Ian! Sorry for the late response.
We use 7.3.1-125.Not upgraded.
Session-Security-Config worked with 2 out of 3 servers. The last one cannot show the dropdownbox [Client-Server-Communication]
We want to choose but the menu is empty. We are trying to check for a solution but no luck so far. Any ideas?