Troubleshooting
Problem
When replicating between an IBM Spectrum Protect Version 7.1.7 and Version 8.1.2 server, replication fails and the following error messages are displayed: On the source server: ANR0454E Session rejected by server SERVERNAME, reason: 201 - Communication Failure. ANR1626I The previous message (message number 454) was repeated 3 times. ANR3192I Replicate Node: Proxy agent nodes replicated: 0 of 0 identified. Associated authorized nodes replicated: 0 of 0 identified. Client option sets replicated: 0 of 0 identified. ANR0327I Replication of node NODE1, NODE2, NODE3, NODE4 completed. Files current: 0. Files replicated: 0 of 0. Files updated: 0 of 0. Files deleted: 0 of 0. Amount replicated: 0 bytes of 0 bytes. Amount transferred: 0 bytes. Elapsed time: 0 Days, 0 Hours, 1 Minutes. ANR0985I Process 27 for Replicate Node running in the BACKGROUND completed with completion state FAILURE at 11:40:07 PM. ANR1893E Process 27 for Replicate Node completed with a completion state of FAILURE. ANR0454E Session rejected by server SERVERNAME, reason: 201 - Communication Failure. 447 GSK_ERROR_CERTIFICATE_INVALIDSIGALG On the target server: ANR8583E An SSL socket-initialization error occurred on session 11. The GSKit return code is 415 GSK_ERROR_BAD_PEER.
Cause
IBM Spectrum Protect V8.1.2 servers use the TLS 1.2 protocol for communication by default. When validating the certificate for a TLS 1.2 session, the server sends the certificate that is specified as the default. Either the source or target server has specified an MD5 certificate as the default, so the other server cannot validate the certificate. Communication between the target server and source server fails. When connecting to a V8.1.2 server, a SHA256 certificate is required.
Resolving The Problem
To establish communication between the source and target servers, update the server to use the SHA256 certificate as the default by issuing the following command:
gsk8capicmd_64 -cert -setdefault -db cert.kdb -stashed -label "TSM Server SelfSigned SHA Key"
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg22006161