Sorry, that was missing from my posting. Our admin used regedit export/import to move the TSM registry keys to another machine. Keys moved: HKEY_LOCAL_MACHINE\SOFTWARE\IBM\ADSM\CurrentVersion\Nodes\<nodename>\<tsmserver>
This is what I think how TSM works: The encryption key is encrypted using the hostname returned by the operating sytem. Then the encryption key is saved in the registry. To backup or restore data TSM needs to decrypt the encryption key using the hostname returned by the operating system. That's why I think you can't move the encrypted key to another machine. TSM would use the hostname returned by the operating system (this is not the same as on the original machine) to decrypt the encryption key. Here TSM would return an error because the decryption fails. But when we moved the registry keys to another machine (different hostname) TSM didn't ask for the encryption key. In our opinion this is a security flaw. We want to use encryption so that data can only be restored to the original machine (= hostname). I hope I could make myself clear. Please excuse my bad english but - unfortunately - I'm no native speaker. Thanks Thomas Rupp -----Ursprüngliche Nachricht----- Von: ADSM: Dist Stor Manager [mailto:[email protected]] Im Auftrag von Wanda Prather Gesendet: Freitag, 23. Jänner 2009 02:17 An: [email protected] Betreff: Re: [ADSM-L] Move Encryption Key to another machine I'm confused; TSM doesn't support restoring system state to a different hostname, so I don't know what would be considered "working as designed" in that case! How are you moving the registry? Vorarlberger Illwerke Aktiengesellschaft ein Unternehmen von illwerke vkw Rechtsform: Aktiengesellschaft, Sitz: Bregenz, Firmenbuchnummer: FN 59202m Firmenbuchgericht: LG Feldkirch, DVR 0008753, UID-Nr.: ATU 36737402 Vorarlberger Kraftwerke Aktiengesellschaft ein Unternehmen von illwerke vkw Rechtsform: Aktiengesellschaft, Sitz: Bregenz, Firmenbuchnummer: FN58920y Firmenbuchgericht: LG Feldkirch, DVR 0027961, UID-Nr.: ATU 36737304
