IBM Support

IT24907: DSMC SET PASSWORD FAILS WITH ANS5283E IN FIPS-ENABLED ENV

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • If you try to execute command "dsmc set password" to locally
    store a password in FIPS-enabled operating system environment,
    the command will fail due to "ANS5283E The operation was
    unsuccessful.".
    
    L2/Customer Diagnostics:
    
    1: the following command failed:
    
    .# dsmc set password -type=vm vcenter_name.xxx.com ID@xxx.com pw
    
    ANS5283E The operation was unsuccessful.
    
    2: collect Linux strace for the failed command , the strace
    shows below message prior to the failure:
    
    open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 6
    read(6, "1\n", 31)                      = 2
    
    
    Above says  /proc/sys/crypto/fips_enabled has a setting of 1.
    "dsmc  set password" can fail if /proc/sys/crypto/fips_enabled
    has a non-zero value
    .
    a new message need to indicate this condition.
    
    Products affected:
    IBM Spectrum Protect Backup-Archive Client version
    7.1 and 8.1 on all Unix and Linux platforms.
    Note: In IBM Spectrum Protect for Virtual Environments,
    the Backup-Archive Client is also known as the
    data mover.
    
    This problem also affects IBM Spectrum Protect for Virtual
    Environments: Data Protection for VMware version 7.1 and 8.1
    on Linux x86_64 platform. If you are using Data Protection
    for VMware version 7.1 and 8.1 refer to APAR IT25350
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    * IBM Spectrum Protect backup-archive client versions 7.1 and  *
    * 8.1 on all AIX and Linux platforms                           *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    * See ERROR DESCRIPTION.                                       *
    ****************************************************************
    * RECOMMENDATION:                                              *
    * Apply fixing level when available. This problem is projected *
    * to be fixed IBM Spectrum Protect backup-archive client       *
    * version 8.1.6 and in the documentation.                      *
    * Note 1: This is subject to change at the discretion of IBM.  *
    *                                                              *
    * In the meantime, documentation updates for IBM Spectrum      *
    * Protect Backup-Archive Clients Installation and User's Guide *
    * V8.1.x for UNIX and Linux is at the following                *
    * website:                                                     *
    * http://www-01.ibm.com/support/docview.wss?uid=swg27048955    *
    ****************************************************************
    

Problem conclusion

  • The following new error message has been added to the
    backup-archive client code:
    "
    ANS1299E 'Unable to generate an encryption key for storing
    password'
    Explanation: You tried to start an operation that led to storing
    password on the IBM SP client side but the client was unable to
    generate an encryption key very likely due to a configured
    FIPS-enabled operating system environment.
    System Action: Processing stops.
    User Response: The IBM SP client doesn't support the Federal
    Information Processing Standard (FIPS) enabled operating system
    environment for locally stored passwords. See your system
    administrator for assistance in reconfiguring the FIPS-enabled
    operating system environment. For more details on FIPS support,
    see the following techdoc:
    http://www-01.ibm.com/support/docview.wss?uid=swg22007756
    "
    
    In the backup-archive client publications, in the Set Password
    command, the following restriction is added:
    "(AIX, Linux, Solaris) The set password command does not support
    the Federal Information Processing Standard (FIPS) enabled
    operating system environment for locally stored passwords."
    For more information on FIPS support, see technote 2007756.
    

Temporary fix

Comments

APAR Information

  • APAR number

    IT24907

  • Reported component name

    TSM CLIENT

  • Reported component ID

    5698ISMCL

  • Reported release

    81L

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt / Xsystem

  • Submitted date

    2018-04-27

  • Closed date

    2018-06-14

  • Last modified date

    2018-06-14

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

    IT25350

Modules/Macros

  • dsmc
    

Fix information

  • Fixed component name

    TSM CLIENT

  • Fixed component ID

    5698ISMCL

Applicable component levels

  • R81A PSY

       UP

  • R81L PSY

       UP

[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]

Document Information

Modified date:
14 June 2018