IBM Support

IT24786: SERVER MASTER ENCRYPTION KEY NOT BACKED UP BY DEFAULT FOLLOWING UPGRADE TO 7.1.8 OR 8.1.2

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Following an upgrade to 7.1.8 or 8.1.2 or higher, database
    backup does not automatically back up the server master
    encryption key even though the default for the PROTECTKEYS
    parameter on the SET DBRECOVERY and BACKUP DB commands changed
    to YES in these levels.
    

Local fix

  • Issue the SET DBRECOVERY command with the PROTECTKEYS= and
    PASSWORD= parameters to explicitly specify the default to be
    used by the BACKUP DB command.
    

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * All IBM Spectrum Protect server users.                       *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See error description.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is currently *
    * projected to be fixed in level 8.1.6. Note that this is      *
    * subject to change at the discretion of IBM.                  *
    ****************************************************************
    

Problem conclusion

  • This problem was fixed.
    
    The server will issue new message ANR2304E on startup and at
    hourly intervals if the PROTECTKEYS parameter has never been
    configured.   Database backups will fail with message
    
    ANR1748E The PASSWORD parameter is required when PROTECTKEYS is
    enabled.
    
    until both PROTECTKEYS=YES and PASSWORD= are configured using
    the SET DBRECOVERY command, or until PROTECTKEYS=NO is
    configured.
    
    ANR2304E Database backup configuration is not complete. Neither
    the PROTECTKEYS parameter nor the PASSWORD parameter in SET
    DBRECOVERY has been set.
    
    Explanation:
    The master encryption key that is used to protect storage pool
    data, administrator passwords, and node passwords should be
    protected during database backups. The PROTECTKEYS parameter, as
    set by the SET DBRECOVERY command, has not been set.  The
    default is PROTECTKEYS=YES, but database backups cannot proceed
    unless both PROTECTKEYS=YES and PASSWORD= are specified.
    
    System Action:
    Server operations continue.
    
    User Response:
    Issue the SET DBRECOVERY command, specifying the PROTECTKEYS=YES
    and PASSWORD= parameters to enable encryption key protection for
    database backups.
    
    Affected platforms for reported release:  AIX, HP-UX, Solaris,
    Linux, and Windows.
    Platforms fixed:  AIX, Linux, and Windows.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT24786

  • Reported component name

    TSM SERVER

  • Reported component ID

    5698ISMSV

  • Reported release

    81L

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-04-19

  • Closed date

    2018-04-19

  • Last modified date

    2018-04-19

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    TSM SERVER

  • Fixed component ID

    5698ISMSV

Applicable component levels

[{"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L"}]

Document Information

Modified date:
06 September 2023