A fix is available
APAR status
Closed as program error.
Error description
If you try to execute command "dsmc set password" to locally store a password in FIPS-enabled operating system environment, the command will fail due to "ANS5283E The operation was unsuccessful.". L2/Customer Diagnostics: 1: the following command failed: .# dsmc set password -type=vm vcenter_name.xxx.com ID@xxx.com pw ANS5283E The operation was unsuccessful. 2: collect Linux strace for the failed command , the strace shows below message prior to the failure: open("/proc/sys/crypto/fips_enabled", O_RDONLY) = 6 read(6, "1\n", 31) = 2 Above says /proc/sys/crypto/fips_enabled has a setting of 1. "dsmc set password" can fail if /proc/sys/crypto/fips_enabled has a non-zero value . a new message need to indicate this condition. Products affected: IBM Spectrum Protect Backup-Archive Client version 7.1 and 8.1 on all Unix and Linux platforms. Note: In IBM Spectrum Protect for Virtual Environments, the Backup-Archive Client is also known as the data mover. This problem also affects IBM Spectrum Protect for Virtual Environments: Data Protection for VMware version 7.1 and 8.1 on Linux x86_64 platform. If you are using Data Protection for VMware version 7.1 and 8.1 refer to APAR IT25350
Local fix
1: follow redhat procedure to disable FIPS: https://access.redhat.com/solutions/2422061 2: verify the FIPS is disabled after step 1: cat /proc/sys/crypto/fips_enabled has a value 0
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect backup-archive client versions 7.1 and * * 8.1 on all AIX and Linux platforms * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION. * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is projected * * to be fixed IBM Spectrum Protect backup-archive client * * version 8.1.6 and in the documentation. * * Note 1: This is subject to change at the discretion of IBM. * * * * In the meantime, documentation updates for IBM Spectrum * * Protect Backup-Archive Clients Installation and User's Guide * * V8.1.x for UNIX and Linux is at the following * * website: * * http://www-01.ibm.com/support/docview.wss?uid=swg27048955 * ****************************************************************
Problem conclusion
The following new error message has been added to the backup-archive client code: " ANS1299E 'Unable to generate an encryption key for storing password' Explanation: You tried to start an operation that led to storing password on the IBM SP client side but the client was unable to generate an encryption key very likely due to a configured FIPS-enabled operating system environment. System Action: Processing stops. User Response: The IBM SP client doesn't support the Federal Information Processing Standard (FIPS) enabled operating system environment for locally stored passwords. See your system administrator for assistance in reconfiguring the FIPS-enabled operating system environment. For more details on FIPS support, see the following techdoc: http://www-01.ibm.com/support/docview.wss?uid=swg22007756 " In the backup-archive client publications, in the Set Password command, the following restriction is added: "(AIX, Linux, Solaris) The set password command does not support the Federal Information Processing Standard (FIPS) enabled operating system environment for locally stored passwords." For more information on FIPS support, see technote 2007756.
Temporary fix
Comments
APAR Information
APAR number
IT24907
Reported component name
TSM CLIENT
Reported component ID
5698ISMCL
Reported release
81L
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2018-04-27
Closed date
2018-06-14
Last modified date
2018-06-14
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
dsmc
Fix information
Fixed component name
TSM CLIENT
Fixed component ID
5698ISMCL
Applicable component levels
R81A PSY
UP
R81L PSY
UP
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSGSG7","label":"Tivoli Storage Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"81L","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
14 June 2018