none
DPM 2012 SP1 - reading encrypted tape on another DPM server in another domain RRS feed

  • Question

  • I've figured out that in DPM2012 SP1 you have to import the certificate with the key into BOTH the DPM restore store AND the DPM backup store to be able to make an encrypted backup.

    So I have got my certificate (made for information from a template created by copying the webserver template, and giving access to the DPM server, since DPM on server 2012 does not have IIS installed by default).

    I have imported it into the DPMBackup and DPM restore store, with the private key.

    I have put the CA cert from the other domain in the trusted root authority store.

    I keep trying to recatalog the tape with no success.

    Any more ideas?

    There are no errors in the event logs.


    CarolChi

    Tuesday, May 7, 2013 2:06 PM

All replies

  • This DPM server is not authorized to read or write to this encrypted tape because there is no valid certificate in DPMBackupStore and DPMRestoreStore which can decrypt data. (ID 24071)

    I have two certificates in the both stores in the recovery environment: one for encrypting the tapes, from the local domain, and the certificate from the other domain where the imported tape came from.

    Type: Tape recatalog
    Status: Failed
    Description: This DPM server is not authorized to read or write to this encrypted tape because there is no valid certificate in DPMBackupStore and DPMRestoreStore which can decrypt data. (ID 24071)
     More information
    End time: 08/05/2013 14:40:17
    Start time: 08/05/2013 14:39:30
    Library: Hewlett Packard DAT160 USB drive
    Tape Label (Barcode): DATA-00000041 (None)

     


    CarolChi

    Wednesday, May 8, 2013 12:44 PM
  • In the absence of any response I am still trying.

    My two DPM servers are running on different OS versions. The first one (doing the backup) is on 2012. The one I am recovering to is 2008R2. Both are 64 bit and the DPM version is the same.

    However I do see that the purpose of the certificate (tape encryption) is visible on the first (2012) server and unknown on the recovery server (2008R2).

    Tape Backup (1.3.6.1.4.1.311.21.8.12056401.10967939.4605863.12045359.7549692.4.2974263.13310144) does not seem to be known to server 2008R2

    Could this be my problem?

     Cert on 2012 systemSame certificate on recovery server (2008R2)


    CarolChi

    Wednesday, May 8, 2013 2:03 PM
  • It may go without saying, but the certificate must also be installed to Trusted Root Certification Authorities.
    Tuesday, August 27, 2013 7:12 PM