You must update server certificate to SHA-256 before upgrading clients or disable SSL in dsm.opt on all of them.
BAC 8.1.2 remembers server certificate and uses TLS by default, it will work with old 7.1.x SHA-1 (or MD5) certificate until you upgrade server and OC to 8.1.2. During upgrade server generates new SHA-256 certificate and clients no more able to connect to "untrusted server" with new certificate. As workaround you can remove dsmcert.idx, dsmcert.kdb, dsmcert.sth files from client folder and reset transport method for node after server update, but it's much easier to solve the issue in advance. Check the default cert with the following command: gsk8capicmd_64 -cert -list -db C:\tsminst1\cert.kdb -stashed For more details watch Tricia's video about TLS 1.2: https://youtu.be/QVPrxjmo_aU And see technote 2004844: https://www-01.ibm.com/support/docview.wss?uid=swg22004844 -----Original Message----- From: ADSM: Dist Stor Manager [mailto:[email protected]] On Behalf Of Zoltan Forray Sent: Tuesday, August 22, 2017 4:03 PM To: [email protected] Subject: [ADSM-L] 8.1.2 client and 7.1.7 servers Has anyone tried using the latest 8.1.2 clients with 7.1.7 servers? I haven't had the chance to test such a configuration (since my lone test server is at 8.1.1) and with the dire-warnings in the readme docs, I made sure everyone on my staff knows to NOT install 8.1.2 clients. From the readme/docs: Upgrade your IBM Spectrum Protectâ„¢ servers to Version 8.1.2 before you upgrade the backup-archive clients. If you do not upgrade your servers first, communication between servers and clients might be interrupted. -- *Zoltan Forray* Spectrum Protect (p.k.a. TSM) Software & Hardware Administrator Xymon Monitor Administrator VMware Administrator Virginia Commonwealth University UCC/Office of Technology Services www.ucc.vcu.edu [email protected] - 804-828-4807 Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. For more details visit http://infosecurity.vcu.edu/phishing.html
