APAR status
Closed as program error.
Error description
When an SLA is configured to copy data to Microsoft Azure Blob Storage, the copy job can fail with the following error: CTGGA0309 Copy failed for snapshot <snapshot details>. Error: TransferError: Transfer failed: Failed to upload object to core.windows.net:443. Reason: Put x509: certificate signed by unknown authority. Object Path: <url> Restore from similar Azure endpoint can also fail. The job log initially shows a more generic error: CTGGA0870 Failed to clone volume <name>. Reason: VolumeCreateError: Failed to create volume: Could not find device path for serial <number> The detailed log message in the cloud driver log on the vSnap server shows: ERR: downloadHandler.Read(1, 1) failed, reason: ERR: ReadPart(<container ID:ID:ID>) failed, reason (Get https://<Clou dName>.blob.core.windows.net:443/containerhot/<container ID>?timeout=60: x509: certificate signed by unknown authority) The problem occurs because the vSnap host relies on its operating system SSL certificate bundle for connecting to public cloud. When the certificate bundle on the vSnap host is out of date or is corrupted, the certificate validation can fail. IBM Spectrum Protect Plus Versions Affected: IBM Spectrum Protect Plus 10.1.5 deployed from OVA (Open Virtual Appliance). vSnap hosts installed on virtual or physical supported Operating Systems or upgraded from an older OVA are not affected. Initial Impact: Medium Additional Keywords: SPP, SPPlus, TS003454082, cloud, blob, azure, MS
Local fix
Run the following on the vSnap: sudo yum --enablerepo=base,updates update ca-certificates or sudo yum --enablerepo=base,updates reinstall ca-certificates Then reboot the vSnap and try the restore again.
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus level 10.1.5. and 10.1.6 * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION * **************************************************************** * RECOMMENDATION: * * Apply fixing level when available. This problem is currently * * projected to be fixed in IBM Spectrum Protect Plus level * * 10.1.7. Note that this is subject to change at the * * discretion of IBM. * ****************************************************************
Problem conclusion
The problem occurs because the vSnap host relies on its operating system SSL certificate bundle for connecting to the public cloud. When the certificate bundle on the vSnap host is out of date or is corrupted, the certificate validation can fail. The problem has been resolved by packaging the certificate bundle as part of the vSnap installer. This ensures that anytime the vSnap software is updated, an updated certificate bundle is installed alongside it.
Temporary fix
Comments
APAR Information
APAR number
IT33694
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A15
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-07-27
Closed date
2020-09-29
Last modified date
2020-09-29
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A15","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
31 January 2024