"There are no volume policies in this site that are valid for this volume" error message received when trying to add a new Celerra volume as an FSA target.
| Article:TECH173241 | | | Created: 2011-10-31 | | | Updated: 2012-08-16 | | | Article URL http://www.symantec.com/docs/TECH173241 |
Problem
The error: "There are no volume policies in this site that are valid for this volume" appears in the Enterprise Vault console, while trying to add a new Celerra volume as an FSA target.
Use fiddler (a third party web debugger software that can be downloaded from http://www.fiddler2.com), to gather a log from the Enterprise Vault server side while trying to add the new volume.
What should be shown in the fiddler logs is the client-server http communication. The logs gathered will look similar to the following example:
1) The client (EV server) contacts the file mover API (DHSM) passing as an argument the command: <?dhsm?> <DHSM_GET_API_ATTRS/>
That command returns file mover API capabilities as a list of attribute and also the API revision number.
This is the http message issued:
POST http://celerrafiler.customerdomain.com.local:5080/dhsm HTTP/1.1
Content-Type: text/xml
Host: celerrafiler.customerdomain.com.local:5080
Content-Length: 30
Expect: 100-continue
Connection: Keep-Alive
<?dhsm?> <DHSM_GET_API_ATTRS/>
2) The EMC Celerra DHSM then returns error 401 Unauthorized, asking the client to authenticate and specifying in the returning message,
that the type of authentication that the EMC File mover service is expecting uses MD5 as the password encryption algorithm.
HTTP/1.1 401 Unauthorized
Connection: Keep-Alive
Content-Length: 0
Keep-Alive: max=299, timeout=60
WWW-Authenticate: Digest realm="DHSM_Authorization",nonce="1316513997",opaque="f2c85f708d4873b82b58d123a9ed6224",algorithm="MD5",qop="auth"
Server: EMC File Mover service
Date: Tue, 20 Sep 2011 10:19:57 GMT
3) The client responds trying to authenticate (DHSM Authorization / MD5)
POST http://celerrafiler.customerdomain.com.local:5080/dhsm HTTP/1.1 Content-Type: text/xml Authorization: Digest username="AdminDP",realm="DHSM_Authorization",nonce="1316513997",uri="/dhsm",algorithm="MD5",cnonce="1615c0f2c2317baee8dcd29f25b042a9",nc=00000001,qop="auth",response="7113bd5f4b67d9b249214db2679e2644",opaque="f2c85f708d4873b82b58d123a9ed6224" Host: celerrafiler.customerdomain.com.local:5080 Content-Length: 30 Expect: 100-continue <?dhsm?> <DHSM_GET_API_ATTRS/>
4) Then, the Celerra DHSM returns Error 500: Internal Server Error
HTTP/1.1 500 Internal Server Error Connection: Keep-Alive Content-Length: 0 Keep-Alive: max=298, timeout=60 Server: EMC File Mover service Date: Tue, 20 Sep 2011 10:19:57 GMT
Furthermore, the message: "There are no volume policies in this site that are valid for this volume"
it is shown in the Enterprise Vault console.
Error
There are no volume policies in this site that are valid for this volume .
Environment
Enterprise Vault 9.02
Dart OS 5.6
Cause
There are two possible causes for this error:
1) More than one DHSM connection configured for the File System.
2) The configured DHSM connection authentication in the Celerra filer has been created incorrectly and the algorithm for password encryption is not setup to MD5.
Solution
1) First of all ensure that there are not more than one secondary DHSM connections configured for file system.
If two connections are configured on a production file system, Enterprise Vault could return the "There are no volume policies in this site that are valid for this volume " error message.
For ensuring that there is only one secondary connection defined for the file system, connect through putty to the EMC Celerra device and type the following command:
$ ./fs_dhsm -c <fs_name> -i
Where <fs_name> is the name of the file system. Ensure to execute the command fs_dhsm in the folder where it resides (normally /nas/bin)
Below in the example is an output returned by the command: fs_dhsm -c <fs_name> -i, where two CIFS connections are defined
$fs_dhsm -c dhsm_pfs
dhsm_pfs:
state = enabled
offline attr = on
popup timeout = 0
backup = passthrough
read policy override = none
log file = on
max log size = 10MB
cid = 0
type = CIFS
secondary = \\arkivio.local\archive\ <file:///\\arkivio.local\archive\>
state = enabled
read policy override = none
write policy = full
local_server = CIFS.LOCAL
admin = local\nasadmin
wins =
cid = 1
type = CIFS
secondary = \\symantec.local\archive\ <file:///\\symantec.local\archive\>
state = enabled
read policy override = none
write policy = full
local_server = CIFS.LOCAL
admin = local\nasadmin
As seen above there are two CIFS connections defined with (CID 0 and CID 1).
In this example the second connection should be removed using the command fs_dhsm -delete, as the connection to be used with Enterprise Vault needs to be created as an HTTP connection instead of CIFS.
2) Another possible reason that can be causing the problem is related with the type of encryption used for the authentication.
If the celerra user created during the configuration of the Celerra device for Enterprise Vault has not been created with MD5 encryption, then the authentication request
will fail with error 500.
Steps to solve the issue:
Delete the incorrectly created user:
server_user <server_x> -delete <DataMover_user_name>
Create the user with the right MD5 encryption:
server_user <server_x> -add -md5 -passwd <DataMover_user_name>
<server_x> is the name of the Data Mover
<DataMover_user_name> is the name of the account (A Celerra account) that EV needs to use for authentication.
Note: This user is a Data Mover user that Enterprise Vault will use to authenticate in the EMC Celerra device, not a Active Directory domain user (see related article TECH52430)
|
|
Related Articles
Article URL http://www.symantec.com/docs/TECH173241
Terms of use for this information are found in Legal Notices
Thank you.