Re: Sessionsecurity challenge again
Eric, I fully agree and can appreciate the dilemma. We did some quick testing of 8.1.2 on a test server and it locked up one of our admin account when going back to 7.1.7x so we setup duplicate/test admin ids. As I mentioned, we can't even think about going forwards until we stop using the web interface for client restores of our CIFS/DFS/ISILON backups. I figure when the time comes, it is going to be a long weekend of updating/upgrading all 7-servers at the same time. In fact, I am thinking I need to enable TLS/SSL server-to-server communications first, I was pleasantly surprised (actually shocked) when I discovered that IBM released 7.1.7.400 patch less than 2-weeks ago. There must have been sufficient need/demand for the patches addressed in this release for IBM to go back and patch a version that was long since surpassed with 7.1.8 and 7.1.9 releases, unless of course there are enough folks who won't/can't move forward, like us. In fact, I am going to roll it out to our offsite replica server, which is experiencing some of the problems address in this patch. On Wed, Aug 29, 2018 at 11:11 AM Loon, Eric van (ITOPT3) - KLM < eric-van.l...@klm.com> wrote: > Hi Zoltan, > In that case prepare yourself to be stuck on 7.1.7 forever. I have had a > meeting with some developers about the new security implementation and made > some suggestions for code changes. One of them was the ability to set an > admin to transitional permanently because they tend to move around in the > network constantly, but I noticed IBM isn't very willing to help us out > here. I'm personally at a point where I'm seriously considering looking to > other vendors for our future backup solution, even though have been a > ADSM/TSM fan since version 2.1. :-( > Kind regards, > Eric van Loon > Air France/KLM Storage Engineering > > > -Original Message- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of > Zoltan Forray > Sent: dinsdag 28 augustus 2018 17:58 > To: ADSM-L@VM.MARIST.EDU > Subject: Re: Sessionsecurity challenge again > > I am sure glad you and others are working out the "challenges" with > sessionsecurity/TLS/SSL. We are still stuck at 7.1.7.x until we complete > get off the client web interface (deprecated with 7.1.8/8.1.2) and don't > look forward to these "challenges" once we upgrade all of our servers. > > On Tue, Aug 28, 2018 at 11:40 AM Loon, Eric van (ITOPT3) - KLM < > eric-van.l...@klm.com> wrote: > > > Hi guys! > > I'm struggling (again) with the sessionsecurity issue in our 7.1.9 > server. > > I have a client node which is in fact a node which moves around in a > > cluster. So sometime the node is on one cluster node active, the next > > time on the other one. Each time the node switches to the other > > server, the session is rejected by the TSM server: > > > > ANR0428W Session 70698 for node YS001LP9-SQL (TDP MSSQL Win64) refused > > - client is down-level with this server version. (SESSION: 70698) > > > > Once the node is updated and set to transitional it's working again, > > until it switches to the other node and there it fails with the same > > error. What is the proper way to solve this issue? > > Thanks for any help in advance! > > Kind regards, > > Eric van Loon > > Air France/KLM Storage Engineering > > > > For information, services and offers, please visit our web site: > > http://www.klm.com. This e-mail and any attachment may contain > > confidential and privileged material intended for the addressee only. > > If you are not the addressee, you are notified that no part of the > > e-mail or any attachment may be disclosed, copied or distributed, and > > that any other action related to this e-mail or attachment is strictly > > prohibited, and may be unlawful. If you have received this e-mail by > > error, please notify the sender immediately by return e-mail, and delete > this message. > > > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or > > its employees shall not be liable for the incorrect or incomplete > > transmission of this e-mail or any attachments, nor responsible for any > delay in receipt. > > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal > > Dutch > > Airlines) is registered in Amstelveen, The Netherlands, with > > registered number 33014286 > > > > > > > -- > *Zoltan Forray* > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon > Monitor Administrator VMware Administrator Virginia Commonwealth University > UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - > 804-828-4807 Don't be a phishing victim - VCU and other reputable > organizations will never use email to request that you reply with your > password, social security number or confidential personal information. For > more details visit http://phishing.vcu.edu/ >
Re: cluster backup with CSV
Yea, we use the replication approach for many of our machines to an offsite DR facility too. But they had to learn the hard way that it may good for recovery it doesn't address their need for having historical options of recovery, so backups I was asked to reinitiate the backups. For some people karma can be a valuable learning experience :) Rick Adamson Information Technology Southeastern Grocers LLC -Original Message- From: ADSM: Dist Stor Manager On Behalf Of Schneider, Jim Sent: Wednesday, August 29, 2018 12:00 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV * This email originated outside of the organization. Use caution when opening attachments or clicking links. * -- Rick, Thank you for the notes. My company collapsed both cluster servers into a single VM that is replicated via some vSphere magic to out alternate data center for resurrection during a DR. I currently have no cluster backups. I was providing notes on my TSM v5 cluster backup configuration as a starting point. Jim -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Rick Adamson Sent: Wednesday, August 29, 2018 7:30 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV Jim, Have you tried to create a cluster resource for the shared disk? The scheduler service will then failover with the disk and you will not need to manually start it every time there is a change in cluster node ownership. At a high level: In addition to what you have already done. Use Failover manager to create a new generic service resource. Add all cluster nodes as possible owners. Add the shared disk as a dependency. Specify the scheduler service that you need to failover. If you haven't done so open a command prompt and set the services password using dsmc. Something like: dsmc incr -nodename= -password= -optfile= There will be a place to enter a registry key path where the scheduler service encrypted password is kept, I ignore it during setup of the resource. then: Open registry editor and navigate to the scheduler service password location, it should be something like: HKLM\SOFTWARE\IBM\ADSM\CurrentVersion\BackupClient\Nodes\ Export that reg key and import it on all other cluster nodes. Open the properties page of the generic service resource you created above and add the path to registry key. Notes: I also edit the properties of the resource and disable its ability to cause failover, if the scheduler service happens to fail I don't want it to initiate a cluster failover. The scheduler service now needs to be stopped or started using the clustering/failover interface and not the services app. Hope that helps sorry if it's kind of vague I don't have access to my actual docs at the moment. Rick Adamson Information Technology Southeastern Grocers LLC -Original Message- From: ADSM: Dist Stor Manager On Behalf Of Schneider, Jim Sent: Tuesday, August 28, 2018 4:12 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV * This email originated outside of the organization. Use caution when opening attachments or clicking links. * -- I created a TSM directory on the shared drive, added a dsm.opt file with a domain statement. Registered a cluster name with TSM and created a scheduler service for it on each of the cluster nodes. Only one node was active at a time, and I had to restart the cluster scheduler service every time the active node changed to a different server. This was TSM 7. Things may have changed. I don't know if this is best but it worked. Jim Schneider -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Michael P Hizny Sent: Tuesday, August 28, 2018 2:56 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] cluster backup with CSV We have just set up a Microsoft cluster with a Cluster shared volume. After installing the TSM 8.1.4 client on both cluster nodes, we would like to back up the cluster shared volume but TSM does not see this volume from either node. Is there a way to back this up with TSM or a special configuration so this disk is recognized? Thanks, Mike Michael Hizny Binghamton University ** Information contained in this e-mail message and in any attachments thereto is confidential. If you are not the intended recipient, please destroy this message, delete any copies held on your systems, notify the sender immediately, and refrain from using or disclosing all or any part of its content to any other person. **CONFIDENTIALITY NOTICE** This electronic message contains information from Southeastern Grocers, Inc and is intended only for the use of the addressee. This message may contain information that
Re: cluster backup with CSV
Rick, Thank you for the notes. My company collapsed both cluster servers into a single VM that is replicated via some vSphere magic to out alternate data center for resurrection during a DR. I currently have no cluster backups. I was providing notes on my TSM v5 cluster backup configuration as a starting point. Jim -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Rick Adamson Sent: Wednesday, August 29, 2018 7:30 AM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV Jim, Have you tried to create a cluster resource for the shared disk? The scheduler service will then failover with the disk and you will not need to manually start it every time there is a change in cluster node ownership. At a high level: In addition to what you have already done. Use Failover manager to create a new generic service resource. Add all cluster nodes as possible owners. Add the shared disk as a dependency. Specify the scheduler service that you need to failover. If you haven't done so open a command prompt and set the services password using dsmc. Something like: dsmc incr -nodename= -password= -optfile= There will be a place to enter a registry key path where the scheduler service encrypted password is kept, I ignore it during setup of the resource. then: Open registry editor and navigate to the scheduler service password location, it should be something like: HKLM\SOFTWARE\IBM\ADSM\CurrentVersion\BackupClient\Nodes\ Export that reg key and import it on all other cluster nodes. Open the properties page of the generic service resource you created above and add the path to registry key. Notes: I also edit the properties of the resource and disable its ability to cause failover, if the scheduler service happens to fail I don't want it to initiate a cluster failover. The scheduler service now needs to be stopped or started using the clustering/failover interface and not the services app. Hope that helps sorry if it's kind of vague I don't have access to my actual docs at the moment. Rick Adamson Information Technology Southeastern Grocers LLC -Original Message- From: ADSM: Dist Stor Manager On Behalf Of Schneider, Jim Sent: Tuesday, August 28, 2018 4:12 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV * This email originated outside of the organization. Use caution when opening attachments or clicking links. * -- I created a TSM directory on the shared drive, added a dsm.opt file with a domain statement. Registered a cluster name with TSM and created a scheduler service for it on each of the cluster nodes. Only one node was active at a time, and I had to restart the cluster scheduler service every time the active node changed to a different server. This was TSM 7. Things may have changed. I don't know if this is best but it worked. Jim Schneider -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Michael P Hizny Sent: Tuesday, August 28, 2018 2:56 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] cluster backup with CSV We have just set up a Microsoft cluster with a Cluster shared volume. After installing the TSM 8.1.4 client on both cluster nodes, we would like to back up the cluster shared volume but TSM does not see this volume from either node. Is there a way to back this up with TSM or a special configuration so this disk is recognized? Thanks, Mike Michael Hizny Binghamton University ** Information contained in this e-mail message and in any attachments thereto is confidential. If you are not the intended recipient, please destroy this message, delete any copies held on your systems, notify the sender immediately, and refrain from using or disclosing all or any part of its content to any other person. **CONFIDENTIALITY NOTICE** This electronic message contains information from Southeastern Grocers, Inc and is intended only for the use of the addressee. This message may contain information that is privileged, confidential and/or exempt from disclosure under applicable Law. This message may not be read, used, distributed, forwarded, reproduced or stored by any other than the intended recipient. If you are not the intended recipient, please delete and notify the sender.
Re: Sessionsecurity challenge again
Создай 3 пула: - дисковый для стл (на пару гигабайт) - ленточный - контейнерный И направь туда данные в соответствии с тестами. Стл можно не перенсьраивать т.е при копировании в контейнер пусть будет тем же. С уважением, Ефим > 29 авг. 2018 г., в 10:08, Loon, Eric van (ITOPT3) - KLM > написал(а): > > Hi Zoltan, > In that case prepare yourself to be stuck on 7.1.7 forever. I have had a > meeting with some developers about the new security implementation and made > some suggestions for code changes. One of them was the ability to set an > admin to transitional permanently because they tend to move around in the > network constantly, but I noticed IBM isn't very willing to help us out here. > I'm personally at a point where I'm seriously considering looking to other > vendors for our future backup solution, even though have been a ADSM/TSM fan > since version 2.1. :-( > Kind regards, > Eric van Loon > Air France/KLM Storage Engineering > > > -Original Message- > From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of > Zoltan Forray > Sent: dinsdag 28 augustus 2018 17:58 > To: ADSM-L@VM.MARIST.EDU > Subject: Re: Sessionsecurity challenge again > > I am sure glad you and others are working out the "challenges" with > sessionsecurity/TLS/SSL. We are still stuck at 7.1.7.x until we complete get > off the client web interface (deprecated with 7.1.8/8.1.2) and don't look > forward to these "challenges" once we upgrade all of our servers. > >> On Tue, Aug 28, 2018 at 11:40 AM Loon, Eric van (ITOPT3) - KLM < >> eric-van.l...@klm.com> wrote: >> >> Hi guys! >> I'm struggling (again) with the sessionsecurity issue in our 7.1.9 server. >> I have a client node which is in fact a node which moves around in a >> cluster. So sometime the node is on one cluster node active, the next >> time on the other one. Each time the node switches to the other >> server, the session is rejected by the TSM server: >> >> ANR0428W Session 70698 for node YS001LP9-SQL (TDP MSSQL Win64) refused >> - client is down-level with this server version. (SESSION: 70698) >> >> Once the node is updated and set to transitional it's working again, >> until it switches to the other node and there it fails with the same >> error. What is the proper way to solve this issue? >> Thanks for any help in advance! >> Kind regards, >> Eric van Loon >> Air France/KLM Storage Engineering >> >> For information, services and offers, please visit our web site: >> http://www.klm.com. This e-mail and any attachment may contain >> confidential and privileged material intended for the addressee only. >> If you are not the addressee, you are notified that no part of the >> e-mail or any attachment may be disclosed, copied or distributed, and >> that any other action related to this e-mail or attachment is strictly >> prohibited, and may be unlawful. If you have received this e-mail by >> error, please notify the sender immediately by return e-mail, and delete >> this message. >> >> Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or >> its employees shall not be liable for the incorrect or incomplete >> transmission of this e-mail or any attachments, nor responsible for any >> delay in receipt. >> Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal >> Dutch >> Airlines) is registered in Amstelveen, The Netherlands, with >> registered number 33014286 >> >> > > > -- > *Zoltan Forray* > Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor > Administrator VMware Administrator Virginia Commonwealth University > UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - > 804-828-4807 Don't be a phishing victim - VCU and other reputable > organizations will never use email to request that you reply with your > password, social security number or confidential personal information. For > more details visit http://phishing.vcu.edu/ > > For information, services and offers, please visit our web site: > http://www.klm.com. This e-mail and any attachment may contain confidential > and privileged material intended for the addressee only. If you are not the > addressee, you are notified that no part of the e-mail or any attachment may > be disclosed, copied or distributed, and that any other action related to > this e-mail or attachment is strictly prohibited, and may be unlawful. If you > have received this e-mail by error, please notify the sender immediately by > return e-mail, and delete this message. > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its > employees shall not be liable for the incorrect or incomplete transmission of > this e-mail or any attachments, nor responsible for any delay in receipt. > Koninklijke Luchtvaart
Re: cluster backup with CSV
Jim, Have you tried to create a cluster resource for the shared disk? The scheduler service will then failover with the disk and you will not need to manually start it every time there is a change in cluster node ownership. At a high level: In addition to what you have already done. Use Failover manager to create a new generic service resource. Add all cluster nodes as possible owners. Add the shared disk as a dependency. Specify the scheduler service that you need to failover. If you haven't done so open a command prompt and set the services password using dsmc. Something like: dsmc incr -nodename= -password= -optfile= There will be a place to enter a registry key path where the scheduler service encrypted password is kept, I ignore it during setup of the resource. then: Open registry editor and navigate to the scheduler service password location, it should be something like: HKLM\SOFTWARE\IBM\ADSM\CurrentVersion\BackupClient\Nodes\ Export that reg key and import it on all other cluster nodes. Open the properties page of the generic service resource you created above and add the path to registry key. Notes: I also edit the properties of the resource and disable its ability to cause failover, if the scheduler service happens to fail I don't want it to initiate a cluster failover. The scheduler service now needs to be stopped or started using the clustering/failover interface and not the services app. Hope that helps sorry if it's kind of vague I don't have access to my actual docs at the moment. Rick Adamson Information Technology Southeastern Grocers LLC -Original Message- From: ADSM: Dist Stor Manager On Behalf Of Schneider, Jim Sent: Tuesday, August 28, 2018 4:12 PM To: ADSM-L@VM.MARIST.EDU Subject: Re: [ADSM-L] cluster backup with CSV * This email originated outside of the organization. Use caution when opening attachments or clicking links. * -- I created a TSM directory on the shared drive, added a dsm.opt file with a domain statement. Registered a cluster name with TSM and created a scheduler service for it on each of the cluster nodes. Only one node was active at a time, and I had to restart the cluster scheduler service every time the active node changed to a different server. This was TSM 7. Things may have changed. I don't know if this is best but it worked. Jim Schneider -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Michael P Hizny Sent: Tuesday, August 28, 2018 2:56 PM To: ADSM-L@VM.MARIST.EDU Subject: [ADSM-L] cluster backup with CSV We have just set up a Microsoft cluster with a Cluster shared volume. After installing the TSM 8.1.4 client on both cluster nodes, we would like to back up the cluster shared volume but TSM does not see this volume from either node. Is there a way to back this up with TSM or a special configuration so this disk is recognized? Thanks, Mike Michael Hizny Binghamton University ** Information contained in this e-mail message and in any attachments thereto is confidential. If you are not the intended recipient, please destroy this message, delete any copies held on your systems, notify the sender immediately, and refrain from using or disclosing all or any part of its content to any other person. **CONFIDENTIALITY NOTICE** This electronic message contains information from Southeastern Grocers, Inc and is intended only for the use of the addressee. This message may contain information that is privileged, confidential and/or exempt from disclosure under applicable Law. This message may not be read, used, distributed, forwarded, reproduced or stored by any other than the intended recipient. If you are not the intended recipient, please delete and notify the sender.
Re: Sessionsecurity challenge again
Hi Zoltan, In that case prepare yourself to be stuck on 7.1.7 forever. I have had a meeting with some developers about the new security implementation and made some suggestions for code changes. One of them was the ability to set an admin to transitional permanently because they tend to move around in the network constantly, but I noticed IBM isn't very willing to help us out here. I'm personally at a point where I'm seriously considering looking to other vendors for our future backup solution, even though have been a ADSM/TSM fan since version 2.1. :-( Kind regards, Eric van Loon Air France/KLM Storage Engineering -Original Message- From: ADSM: Dist Stor Manager [mailto:ADSM-L@VM.MARIST.EDU] On Behalf Of Zoltan Forray Sent: dinsdag 28 augustus 2018 17:58 To: ADSM-L@VM.MARIST.EDU Subject: Re: Sessionsecurity challenge again I am sure glad you and others are working out the "challenges" with sessionsecurity/TLS/SSL. We are still stuck at 7.1.7.x until we complete get off the client web interface (deprecated with 7.1.8/8.1.2) and don't look forward to these "challenges" once we upgrade all of our servers. On Tue, Aug 28, 2018 at 11:40 AM Loon, Eric van (ITOPT3) - KLM < eric-van.l...@klm.com> wrote: > Hi guys! > I'm struggling (again) with the sessionsecurity issue in our 7.1.9 server. > I have a client node which is in fact a node which moves around in a > cluster. So sometime the node is on one cluster node active, the next > time on the other one. Each time the node switches to the other > server, the session is rejected by the TSM server: > > ANR0428W Session 70698 for node YS001LP9-SQL (TDP MSSQL Win64) refused > - client is down-level with this server version. (SESSION: 70698) > > Once the node is updated and set to transitional it's working again, > until it switches to the other node and there it fails with the same > error. What is the proper way to solve this issue? > Thanks for any help in advance! > Kind regards, > Eric van Loon > Air France/KLM Storage Engineering > > For information, services and offers, please visit our web site: > http://www.klm.com. This e-mail and any attachment may contain > confidential and privileged material intended for the addressee only. > If you are not the addressee, you are notified that no part of the > e-mail or any attachment may be disclosed, copied or distributed, and > that any other action related to this e-mail or attachment is strictly > prohibited, and may be unlawful. If you have received this e-mail by > error, please notify the sender immediately by return e-mail, and delete this > message. > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or > its employees shall not be liable for the incorrect or incomplete > transmission of this e-mail or any attachments, nor responsible for any delay > in receipt. > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal > Dutch > Airlines) is registered in Amstelveen, The Netherlands, with > registered number 33014286 > > -- *Zoltan Forray* Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu zfor...@vcu.edu - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://phishing.vcu.edu/ For information, services and offers, please visit our web site: http://www.klm.com. This e-mail and any attachment may contain confidential and privileged material intended for the addressee only. If you are not the addressee, you are notified that no part of the e-mail or any attachment may be disclosed, copied or distributed, and that any other action related to this e-mail or attachment is strictly prohibited, and may be unlawful. If you have received this e-mail by error, please notify the sender immediately by return e-mail, and delete this message. Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its employees shall not be liable for the incorrect or incomplete transmission of this e-mail or any attachments, nor responsible for any delay in receipt. Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch Airlines) is registered in Amstelveen, The Netherlands, with registered number 33014286
