APAR status
Closed as program error.
Error description
The serveradmin password in the vSnap can expire, causing backups to fail if this password was used to define the vSnap in the Spectrum Protect Plus user interface. Verify the password expiration rules on the vSnap using following command: [serveradmin@vsnap1 ~]$ sudo chage -l serveradmin Last password change : Aug 14, 2020 Password expires : Nov 12, 2020 Password inactive : Feb 10, 2021 Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 90 Number of days of warning before password expires : 7 The expected value for the Maximum number of days between password change should be set to 99999. This will avoid password expiration IBM Spectrum Protect Plus Versions Affected: IBM Spectrum Protect Plus 10.1.5 Initial Impact: Medium Additional Keywords: SPP, SPPlus, TS003985472
Local fix
1. Reset password using 'vsnap user update' 2. Update password expiration rules: sudo chage -I -1 -m 0 -M 99999 -E -1 serveradmin
Problem summary
**************************************************************** * USERS AFFECTED: * * IBM Spectrum Protect Plus level 10.1.5 and 10.1.6. * **************************************************************** * PROBLEM DESCRIPTION: * * See ERROR DESCRIPTION * **************************************************************** * RECOMMENDATION: * * Apply the fixing level when available. This problem is * * currently projected to be fixed in IBM Spectrum Protect Plus * * level 10.1.7. Note that this is subject to change at the * * discretion of IBM. * ****************************************************************
Problem conclusion
Starting with V10.1.5, IBM Spectrum Protect Plus and vSnap OVAs had additional OS hardening enabled by default which included password expiry. As a side effect, this causes functionality problems. When the password expires at the OS level on a vSnap server and it is changed, IBM Spectrum Protect Plus fails to communicate with the vSnap because the API relies on the same credentials. To resolve this issue, password expiry is no longer enabled by default on new OVAs starting with 10.1.7. For existing systems, password expiry is disabled during upgrade to 10.1.7. Users who want to use additional hardening can still opt-in and enable password expiry using documented steps. Additional documentation has been added to describe how to avoid functionality issues that may result from password expiry. See https://www.ibm.com/support/knowledgecenter/SSNQFQ_10.1.7/spp/c_ spp_serveradmin_account.html
Temporary fix
Comments
APAR Information
APAR number
IT34060
Reported component name
SP PLUS
Reported component ID
5737SPLUS
Reported release
A15
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt / Xsystem
Submitted date
2020-08-31
Closed date
2020-11-16
Last modified date
2020-11-19
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SP PLUS
Fixed component ID
5737SPLUS
Applicable component levels
[{"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSNQFQ","label":"IBM Spectrum Protect Plus"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"A15","Line of Business":{"code":"LOB26","label":"Storage"}}]
Document Information
Modified date:
31 January 2024