cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Multiplex w/ KMS

Go to solution
Jevon
Level 4

‎04-22-2013 06:27 AM

NetBackup 7.1.0.4 with the IBM TS3310 tape library.

It would seem I cannot perform Multiplex w/ Encryption (KMS).  The backup runs without error (false positive?). The tape is unreadable afterwards.

Anyone else share this experience?  How did you fix it?

 

30 REPLIES 30

Go to solution
Rick_Stone
Level 2
Employee Certified

‎07-11-2013 12:06 PM

It is unlikely that the retention level or timestamps had anything to do with not being able to decrypt your data.  With KMS encryption, during a read process, the tape drive will encounter an encrypted block of data on the tape and notify the BPTM process via SCSI commands.  BPTM will then communicate with NBKMS on the master server to retrieve the encryption key.  Without actually seeing a restore failure from a full BPTM log we can't know if the tape drive is telling us if the data is encrypted or not.

One of the comments earlier mentioned that this is likely a firmware issue, and I would agree to that.
What model of tape drive are you using and what is the firmware version?  It wouldn't be the first time that we have encountered defective firmware that would cause this issue.  Check out the following technote:

www.symantec.com/docs/TECH204085

0 Kudos

Go to solution
Jevon
Level 4

‎07-11-2013 01:28 PM

1st Tape Library: ult3580-td4 Firmware: C7Q4

2nd Tape Library: ULT3580-HH5 - Firmware: B171

I don't recall seeing that doc before.  Yes, it could very much be the cause as the firmware is the same.  Funny, since I upgraded the firware quiet a bit since this problem was first detected.  Also, the only time it came up was when MPX was involved.  All non-multiplexed tapes decrypted fine.

If the problem comes up again, I'll post some BPTM details.

0 Kudos

Go to solution
mph999
Level 6
Employee Accredited

‎07-11-2013 02:42 PM

There is a bug that affects certain makes of drive due to a firmware issue. The drive is unable to correctly position after reading the backup header for the restore that is requested. Although this is not a NetBackup fault, there is a EEB that provides a workaround by getting the drive to read trough the headers as opposed to an ' mt -f ' which is what is failing. I'll try and find the details for his issue tomorrow (Fri) Martin
0 Kudos

Go to solution
jim_dalton
Level 6

‎07-15-2013 09:14 AM

Oddly I seem to be experiencing this issue...mpx encrypted backup, one key in the keygroup. Backup ( a good while ago) clean

16:39:47.340 [21900] <2> io_position_for_read: positioning 004291 to file number 25
16:39:47.340 [21900] <2> io_position_for_read: locating to absolute block number 291572
16:41:24.021 [21900] <2> io_position_for_read: locate block is done
16:41:24.132 [21900] <2> io_position_for_read: successfully positioned 004291 to file number 25, mpx_header = 3
16:41:24.134 [21900] <2> establish_decryption_key: next block encryption status: LON 0x00000000000472f7, algorithm index 1, encryption status 0x3
 

Restore job fails with permission denied on the device.

Had a firmware update on my LTO4s recently...would love to know the answer.

Im on 7504 Solaris Sparc.

Jim

0 Kudos

Go to solution
jim_dalton
Level 6

‎07-15-2013 09:18 AM

16:41:25.261 [21900] <16> mpx_read_data: cannot read image from media id 004291, drive index 3, Permission denied
 

Then error 40 from tar, then error 85 from media manager.

Love it.

Jim

0 Kudos

Go to solution
Rick_Stone
Level 2
Employee Certified

‎07-15-2013 10:18 AM

16:41:24.134 [21900] <2> establish_decryption_key: next block encryption status: LON 0x00000000000472f7, algorithm index 1, encryption status 0x3
 

A return of 0x3 for encryption status indicates a response from the tape drive telling us that the data on the tape is not encrypted.  Because the drive is telling us the data is not encrypted, BPTM will not retrieve the encryption key details from NBKMS on the master server and will try to restore the data, which will result in status 85 in BPTM.

Since it is the drive telling NetBackup (via SCSI command) that the data is not encrypted, I would take a look at your firmware.  You say you just updated it recently.  What version are your tape drives currently running?

0 Kudos

Go to solution
mph999
Level 6
Employee Accredited

‎07-15-2013 10:26 AM

Opps apologies, forgot about this, I'll log in later and check the etracks. M
0 Kudos

Go to solution
mph999
Level 6
Employee Accredited

‎07-16-2013 04:31 PM

OK, found it.

eTrack  3093882 - and I have just realised this is the eTrack I posted previously.

This seems to be reported against 3592 drives, I am not sure what type you have.

It might be reasonable to try the etrack, but, depending on how the EEB works, it may be a code change that only affects 3592 drives, if you have another type, then it may need updating, but for this to happen Engineering will have to investigate that the issue is the same.

Perhaps you can post the case number up here, I'll contact the TSE involved and suggest they escalate to BL.

This issue / case has been going on too long.

Martin

0 Kudos

Go to solution
jim_dalton
Level 6

‎07-24-2013 03:39 AM

Good,interesting info Rick. I'm usng LTO4, and worried it thinks the data arent encrypted. Where does this info 0x03 originate? From the drive, by looking at the tape? If so then looking like a drive f/ware issues.

My drives are all at c7q0, im ultrium4.

Jim

0 Kudos

Go to solution
jim_dalton
Level 6

‎07-26-2013 02:46 AM

BBH4 works (IBM ultriums), just tested it.But it sems to me this is 2011 f/ware?

0 Kudos

Go to solution
Jevon
Level 4

‎08-30-2013 07:56 AM

The solution was to upgrade the firmware.  I finally got around to getting IBM to provide me with a newer firmware:  C7QH for the ULT3580-TD4 LTO4 tape drive.

0 Kudos