Document ID: 117545
Updated: Mar 26, 2014
Contributed by Scott Hills, Cisco TAC Engineer.
This document describes that when the Disaster Recovery web page is used to make a Backup and Restore Unity Connection, there can be problems. This article covers one such situation.
When you log into the Disaster Recovery web page and click any option, no pages load.
Ensure that Disaster Recovery logging is enabled and turned to Debug.
- Go to the Cisco Unified Serviceability web page.
- Choose Trace > Configuration.
- From the Server* drop-down list, choose the server.
- From the Service Group* drop-down list, choose Backup and Restore Services.
- From the Service* drop-down list, choose Cisco DRF Local (Active).
- Ensure that the Trace On check box is checked.
- From the Debug Trace Level drop-down list, choose Debug.
Next, reproduce the issue. You might need to restart the DRF master and Local Services in order to conduct a fresh test.
- Choose Cisco Unified Serviceability.
- Choose Tools > Control Center - Network Services.
- Find Backup and Restore Services and Stop and Start Cisco DRF Local and Cisco DRF Master.
Then use the Real Time Monitoring Tool in order to collect the traces:
- Go to Trace & Log Central.
- Choose Collect Files.
- Click Next in order to Select System Services/Applications.
- Check both check boxes beside Cisco DRF Local and Cisco DRF Master.
- Click Next.
- Set the time range of your test and select a Download location.
- Click Finish. This starts the collection of logs to the location you specified.
Below are excerpts from logs be sure to notice on the DRF Master Log is showing Unable to create input/output stream to client Fatal Alert received: Bad Certificate.
The DRF Local Logs show:
2014-02-10 11:08:15,342 DEBUG [main] - drfNetServerClient.
Reconnect: Sending version id: 184.108.40.20600-11
2014-02-10 11:08:15,382 ERROR [main] - NetworkServerClient::Send failure;
2014-02-10 11:08:15,384 FATAL [NetMessageDispatch] - drfLocalAgent.drfLocal
Worker: Unable to send 'Local Agent' client identifier message to Master Agent.
This may be due to Master or Local Agent being down.
The Master Logs show:
2014-02-10 11:19:37,844 DEBUG [NetServerWorker] - Validated Client. IP =
10.1.1.1 Hostname = labtest.cisco.com. Request is from a Node within the
2014-02-10 11:19:37,844 DEBUG [NetServerWorker] - drfNetServerWorker.drfNet
ServerWorker: Socket Object InpuputStream to be created
2014-02-10 11:19:37,850 ERROR [NetServerWorker] - drfNetServerWorker.drfNet
ServerWorker: Unable to create input/output stream to client Fatal Alert
received: Bad Certificate
In this case there is a problem with the IPSec certificate on the server and you need to regenerate it, delete the ipsec-trust certificate, and load a new one. Complete these steps in order to address the issue:
- Log onto the OS Administration page.
- Choose Security > Certificate Management > find.
- Click ipsec.pem file and then click regenerate.
- After the successful generation of the ipsec.pem file, download the file.
- Go back to the certificate management page.
- Delete the current corrupted ipsec-trust entry.
- Upload the downloaded ipsec.pem file as a ipsec-trust.
- Restart DRF Master and DRF Local.
The Cisco Support Community is a forum for you to ask and answer questions, share suggestions, and collaborate with your peers.
Refer to Cisco Technical Tips Conventions for information on conventions used in this document.