commvault.com commvault.com
Solved

Error Code: [10:64] Unable to communicate with the remote machine to start the Data Pipe. Error [SSL authentication has failed].

  • 3 October 2022
  • 9 replies
  • 3742 views
H
Rank
Badge +2

Hi,

I got this error.

"Unable to communicate with the remote machine [ma_xxxx] to start the Data Pipe. Please check the network connectivity between the local machine and the remote machine and verify this product's Communications Service is running on the remote machine, Error [SSL authentication has failed]. Source: client_xxx, Process: clBackup"

Check Readiness for Not Ready result. What is the cause of this error?
I'm sure the firewall is open

Thanks

icon

Best answer by Jos Meijer 4 October 2022, 09:47

View original

9 replies

Onno van den Berg
Rank
Userlevel 7
Badge +19

@han97di is it a new install of a client. because if that is the case then I think it might be related to a certificate issue due to an unsuccessful installatie of the client. 

 

 

Jos Meijer
Rank
Userlevel 7
Badge +17

If not an install/certificate issue, please try this.

Configure a Commvault route config between the two machines which uses:

  • Direct route type, and
  • Encrypted tunnel connection protocol.

This forces the usage of HTTPS protocol.
Optionally you might want to force control traffic thru the tunnel, then use:

  • Force all data (along with control) traffic into the tunnel

By default you will need to have TCP 8403 traffic allowed in the firewall, unless a custom port is defined.

As you do not have a connection to the client you probably need to copy the config from the summary tab and manually insert it in the FwConfigLocal file located in the Base directory.

When added and saved, give the firewall daemon a few minutes to identify the new config.

Then try the Check Readiness again.

Damian Andre
Rank
Userlevel 7
Badge +23

Optionally you might want to force control traffic thru the tunnel, then use:

  • Force all data (along with control) traffic into the tunnel

 

I always appreciate network guru’s on here. Commvault networking was always my forte’ back in the day, so I wanted to share some info.

Quick note on that one, data always flows through the tunnel unless the CVD port is added as an additional port (CVD = almost always 8400 unless its a second instance) or optimize for concurrent LAN backups is disabled at the media agent (almost always on) with any additional ports set. So this setting really has limited impact in the vast majority of cases.

In some cases (like auxcopy) folks may have added 8400 as an additional port to improve performance (before we had multi-session tunnels) - that bypasses firewall tunnels (including network encryption and throttling). In those scenarios this setting can force data traffic it to ignore those settings and force data through the tunnel anyway. I guess there is a really funky combo of group level settings and having this setting as a client level override in specific circumstances, but its usually has no effect for most configurations.

 

 

H
Rank
Badge +2

@han97di is it a new install of a client. because if that is the case then I think it might be related to a certificate issue due to an unsuccessful installatie of the client. 

 

 

I have revoked and renewed the certificate but the result has not changed

H
Rank
Badge +2

If not an install/certificate issue, please try this.

Configure a Commvault route config between the two machines which uses:

  • Direct route type, and
  • Encrypted tunnel connection protocol.

This forces the usage of HTTPS protocol.
Optionally you might want to force control traffic thru the tunnel, then use:

  • Force all data (along with control) traffic into the tunnel

By default you will need to have TCP 8403 traffic allowed in the firewall, unless a custom port is defined.

As you do not have a connection to the client you probably need to copy the config from the summary tab and manually insert it in the FwConfigLocal file located in the Base directory.

When added and saved, give the firewall daemon a few minutes to identify the new config.

Then try the Check Readiness again.

I have created a Client Group that contains clients. And configure as follows:

It shows error:

Error Code: [10:64]
Description: Unable to communicate with the remote machine [ma.xxxx] to start the Data Pipe. Please check the network connectivity between the local machine and the remote machine and verify this product's Communications Service is running on the remote machine, Error [Connection failed on client.xxx: Socket READ failed. Got READ error on ON_DEMAND control tunnel from "client.xxx" to "ma.xxx" via (ip_client, ip_ma): The specified network name is no longer available. ].
Source: client.xxx, Process: clBackup

 

Am I doing it wrong at any step?

Jos Meijer
Rank
Userlevel 7
Badge +17

Hi @han97di 

Can you validate on both machines if the machines can reach each other properly using cvping using the port configured on the test group fw config?

If they can reach each other fine, can you provide the log sections from CVD and CVFWD, the time frame in which the test was performed?

H
Rank
Badge +2

Hi @han97di 

Can you validate on both machines if the machines can reach each other properly using cvping using the port configured on the test group fw config?

If they can reach each other fine, can you provide the log sections from CVD and CVFWD, the time frame in which the test was performed?

Hi @Jos Meijer

Test results for successful results

Client:

79976 13a8c 10/04 13:50:04 ######## ######## Trying to bind to tunnel ports again
79976 13a8c 10/04 13:50:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Unable to bind IPv4 socket for listening to tunnel connections on port 8403: Address already in use
79976 13a8c 10/04 13:50:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Will retry in 60s
79976 13a8c 10/04 13:50:30 OT:00032 ######## [cvcs-ma] ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on ON_DEMAND control tunnel from "client_name" to "ma_name" via (client_ip, ma_ip): The specified network name is no longer available.
79976 13a8c 10/04 13:51:04 ######## ######## Trying to bind to tunnel ports again
79976 13a8c 10/04 13:51:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Unable to bind IPv4 socket for listening to tunnel connections on port 8403: Address already in use
79976 13a8c 10/04 13:51:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Will retry in 60s
79976 13a8c 10/04 13:51:30 OT:00032 ######## [cvcs-ma] ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on ON_DEMAND control tunnel from "client_name" to "ma_name" via (client_ip, ma_ip): The specified network name is no longer available.
79976 13a8c 10/04 13:52:04 ######## ######## Trying to bind to tunnel ports again
79976 13a8c 10/04 13:52:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Unable to bind IPv4 socket for listening to tunnel connections on port 8403: Address already in use
79976 13a8c 10/04 13:52:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Will retry in 60s
79976 13a8c 10/04 13:52:30 OT:00032 ######## [cvcs-ma] ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on ON_DEMAND control tunnel from "client_name" to "ma_name" via (client_ip, ma_ip): The specified network name is no longer available.

 

MA:

4592 1a5c 10/04 14:36:54 DT:00002 CN:03582 [local->cvcs:8400] Successfully completed client connection {851cceb5-d69e-bfef-5a05-28b8655421f7}
4592 1a5c 10/04 14:37:06 DT:01074 ######## ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on DYNAMIC tunnel via (ma_ip, client_ip): The specified network name is no longer available.
4592 1a5c 10/04 14:37:36 DT:01075 ######## ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on DYNAMIC tunnel via (ma_ip, client_ip): The specified network name is no longer available.
4592 1a5c 10/04 14:37:54 DT:00002 CN:03583 [local->cvcs:8400] Successfully completed client connection {492646f9-ef25-90eb-ce6e-c8a8bf76af62}
4592 1a5c 10/04 14:38:06 DT:01076 ######## ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on DYNAMIC tunnel via (ma_ip, client_ip): The specified network name is no longer available.
4592 1a5c 10/04 14:38:37 DT:01077 ######## ERROR: cvfwd_iot_wait(): Socket READ failed. Got READ error on DYNAMIC tunnel via (ma_ip, client_ip): The specified network name is no longer available

 

Thanks

Jos Meijer
Rank
Userlevel 7
Badge +17

Looks like you have a port binding issue on the client:

79976 13a8c 10/04 13:50:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Unable to bind IPv4 socket for listening to tunnel connections on port 8403: Address already in use

 

Can you stop the commvault services on the client, check netstat to see if port is no longer in use, if no longer in use then start services again and validate if the error is gone from the log. Otherwise reboot the client, assuming you do not have other software in place which is using TCP 8403

H
Rank
Badge +2

Looks like you have a port binding issue on the client:

79976 13a8c 10/04 13:50:04 ######## ######## ERROR: cvfwd_process_tunnel_ports(): Unable to bind IPv4 socket for listening to tunnel connections on port 8403: Address already in use

 

Can you stop the commvault services on the client, check netstat to see if port is no longer in use, if no longer in use then start services again and validate if the error is gone from the log. Otherwise reboot the client, assuming you do not have other software in place which is using TCP 8403

Hi @Jos Meijer,

Thanks for your answer, it helped me a lot

Problem solved by uninstalling agent and reinstalling. The reason is that the client connects to 2 commserve servers. Then configure one way communication between MA and Client. And make sure they communicate with each other through the ports configured on the firewall

Thank you everyone and support team,

Han

 

Reply


Terms & ConditionsCookie settings