Known Issues with IBM Spectrum Protect Operations Center V7.1.3

Answer

Log-in and general issues

• User cannot log in to the Operations Center by using an Apple iPad device

Storage pools

• When you use the Add Storage Pool wizard to create a directory-container storage pool, the importance of defining a protection pool might not be clear

Clients

• Decommissioning a virtual machine on a source replication server does not decommission it on the target replication server

Symptom

When you are using an Apple iPad device that is running on iOS 8.x, you cannot log in to the Operations Center. You can enter your login credentials, but the Operations Center does not load. A progress icon indicates that the Operations Center is loading, but it does not complete. The following error message is displayed.

An error occurred when connecting to the Operations Center web server. Verify that you are using a supported web browser and try to log in again. Supported browsers include Firefox ESR 24 or later, Internet Explorer 10 or 11, Chrome, or Safari on the iPad.

Note: Apple iPad devices that are running on iOS 9.x are not supported.

Cause

When Apple Safari is running on iOS 8.x, it does not trust the default self-signed certificate, which is created when you install the Operations Center. Because the certificate is not trusted, the browser does not establish a WebSocket connection with the Operations Center. The browser and the Operations Center cannot communicate. This problem occurs even if you are prompted to accept the certificate and you select to trust it.

Solution

Replace the self-signed certificate that is created when the Operations Center is installed with a certificate from a certificate authority or with a new self-signed certificate that the browser can trust.

The browser cannot trust the default self-signed certificate because it does not reference the fully qualified domain name of the Operations Center server and does not mark itself as a certificate with authority to verify. To fix the problem, create a new certificate an install it on the Apple iPad device.

To create a new self-signed certificate, complete the following steps. These instructions use the keytool utility, which is installed in installation_dir\ui\jre\bin\,

1. Stop the Operations Center web server. For information on stopping and starting the web server, see https://www.ibm.com/support/knowledgecenter/SSGSG7_7.1.3/srv.install/t_oc_inst_web_server_startstop.html

2. Make a backup copy of the Operations Center keystore in case you need to revert to the original keystore. The Operations Center keystore is named gui-truststore.jks in the directory installation_dir\ui\Liberty\usr\servers\guiServer.

3. Use the keytool utility to delete the existing self-signed certificate. You must know the keystore password to delete the self-signed certificate. The self-signed certificate is named default. Issue the following command to delete it:

keytool -delete -alias default -keystore gui-truststore.jks

4. Use the keytool utility to create the self-signed certificate that can be trusted by the browser that is running on the iPad device. Enter the following command:

keytool -genkeypair -keyalg RSA -sigalg SHA2withRSA -alias default -keystore gui-truststore.jks -storepass trust-store-password -validity 365 -keysize 2048 -dname "cn=oc-hostname, ou=guiServer, o=ibm" -ext BC

Where:

• trust-store-password is the password for the truststore file of the Operations Center. You create this password during the installation of the Operations Center.

Tip: If your password contains characters that are reserved characters for your operating system or command shell, you must escape those characters.

If you do not know the password, open the bootstrap.properties file, which is in the directory installation_dir\ui\Liberty\usr\servers\guiServer. The tsm.truststore.pswd property contains the password for the truststore file. If the password is unencrypted, you can use it to open the truststore file.

If the password is encrypted, you can reset it. For information on resetting the password for the Operations Center truststore file, refer to the IBM Knowledge Center.

Tip: You can determine if the password is encrypted by looking at the first five characters of the tsm.truststore.pswd property. Encrypted passwords are identified by the text string {xor}. For example:

tsm.truststore.pswd={xor}MiYPPiwsKDAtOw==
• oc-hostname is the fully qualified domain name of the server that is used to access the Operations Center. You must specify the fully qualified domain name. Do not specify only the machine name with the domain suffix set.

5. Start the Operations Center web server.


To install the new certificate on the Apple iPad device, complete the following steps:

1. Use the keytool utility to export the certificate to a file. Issue the following command to export the certificate to a file that is named oc-certificate.cer.

keytool -export -alias default -file oc-certificate.cer -keystore gui-truststore.jks

2. Move the certificate file to the Apple iPad device. For example, you might email the file or make it available on the network so it can be downloaded to the device.

3. Open the certificate file on the Apple iPad device. You are prompted to install the certificate. Follow the prompts to install the certificate.


Return to list

Symptom

When you use the Add Storage Pool wizard to create a directory-container storage pool, the wizard might not prompt you to specify a protection pool. The wizard might not describe the importance of specifying a protection pool.

Because directory-container storage pools do not support storage pool migration and backup actions, the only way to protect the data in these pools is by configuring server-to-server replication and by specifying an associated protection storage pool. A protection storage pool is another directory-container storage pool on the target replication server. By creating an administrative schedule to run the PROTECT STGPOOL command, you can regularly back up data in a directory-container storage pool on the source replication server to its protection pool on the target replication server. Regularly backing up data to the protection pool can also improve replication performance because replication processing needs to synchronize metadata only.

Cause

The Add Storage Pool wizard does not prompt you to specify a protection pool if the server is not configured as the source server for replication, or if there is no storage pool on the target server that can be the protection pool. The protection pool must be another directory-container storage pool.

Because configuring protection pools and protection schedules is important, certain wizards in the Operations Center can guide you through the configuration. However, the wizards can help with the configuration only if prerequisite conditions are met. The following wizards can also configure storage pool protection, but only if the following conditions are satisfied:

• The Add Server Pair wizard defines a source and target server relationship for replicating client data. This wizard also creates a daily replication schedule named REPLICATE. If directory-container storage pools are defined on source and target servers, the wizard also guides you through the process of configuring storage pool protection.
• The Add Storage Pool wizard defines a storage pool to a server. If you are adding a directory-container storage pool on the source server of a replication server pair, the wizard can also guide you through the process of configuring storage pool protection. You can use the wizard to configure storage pool protection only if the following conditions are true:
• On the target server, at least one directory-container storage pool is already defined.
• The replication server pair uses a single replication schedule that is named REPLICATE, with a value specified for the MAXRUNTIME parameter. Such a schedule can be created by the Add Server Pair wizard or by a Tivoli Storage Manager blueprint configuration script.

Solution

Before you start either the Add Server Pair wizard or the Add Storage Pool wizard, make sure that the prerequisites are met, so the wizard can help you configure storage pool protection.

If you complete configuration tasks in an order that prevents either wizard from also configuring storage pool protection, you can configure storage pool protection manually. From the Storage Pool Details page in the Operations Center, you can specify the protection pool for a directory-container storage pool. To back up the storage pool data to the protection pool regularly, create an administrative command schedule on the source server to run the PROTECT STGPOOL command. Schedule protection so it runs often enough to keep pace with incoming data, but completes before client replication starts.

Return to list

Symptom

You decommissioned a client on a source replication server, but it is not decommissioned on the target replication server.

Cause

Clients represent applications, systems, or virtual machines. From the Clients page in the Operations Center, you can decommission any of these types of clients to remove them from the production environment. When you decommission a client on a server that is the source server for replication, the client is also decommissioned on the target server. However, decommissioning on the target server works only for application and systems clients. If you decommission a virtual machine on a source server, it is not decommissioned on the target server.

Solution

Decommission the client on the target server. Clients that are registered to target replication servers and are configured to receive the replicated data are not shown in the Clients table, so you must decommission them by using the command-line interface. After you decommission a virtual machine on a source server, complete the following steps to decommission it on the target server:

1. Make sure that you know the name of the target server and the name of the client that hosts the virtual machine. The server name is displayed in the Target Server column of the Clients table. The name of the client that owns the file space that represents the virtual machine is displayed in the VM Owner column of the Clients table.

2. Open the Command Builder. To open the command builder, hover over the globe icon , and select Command Builder.

3. In the command builder, select the target server from the list of servers. Commands that you enter at the command prompt are now directed to this server.

4. Issue the DECOMMISSION VM command to decommission the virtual machine. For example, to decommission the virtual machine CODY, which is hosted on the data center node DEPT06NODE, enter:

decommission vm dept06node cody

Return to list