Disabling SSLv3 in VMware vCenter settings causes VMware backups with SAN transport to fail with error status 23 and 6
Problem
SSLv3 support may be disabled in favour of TLSv1 in vCenter. This will cause VMware backups with SAN transport to fail with error codes 23 and 6.
Error Message
The following error message will be shown in backup job detailed status:
2/11/2015 2:58:48 PM - Error bpbrm(pid=7016) from client 2003VM1-SAN: ERR - Error opening the snapshot disks using given transport mode: Status 23
2/11/2015 2:58:49 PM - Info bpbkar32(pid=7960) bpbkar waited 0 times for empty buffer, delayed 0 times.
2/11/2015 2:58:54 PM - Error bpbrm(pid=7016) could not send server status message
2/11/2015 2:58:54 PM - Critical bpbrm(pid=7016) unexpected termination of client 2003VM1-SAN
2/11/2015 2:58:54 PM - Info bpbkar32(pid=0) done. status: 6: the backup failed to back up the requested files
VxMS provider log will show the following error messages:
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [06836 error 'HttpConnectionPool-000000'] [ConnectComplete] Connect failed to <cs p:0000000002854f00, TCP:vcenter5:443>; cnx: (null), error: class Vmacore::Ssl::SSLException(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [06836 trivia 'Default'] Setting error in state 1 : class Vmacore::Ssl::SSLException(SSL Exception: error:140000DB:SSL routines:SSL routines:short read)
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [06836 trivia 'vmomi.soapStub[1]'] Request completed [class Vmacore::Http::UserAgentImpl::AsyncSendRequestHelper:0000000003562E98]
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [06836 trivia 'ThreadPool'] HandleWork() leaving
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [06836 trivia 'HttpConnectionPool-000000'] [DecConnectionCount] Number of connections to <cs p:0000000002854f00, TCP:vcenter5:443> decremented to 0
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [07260 trivia 'ThreadPool'] ThreadPool[idle:4, busy_io:0, busy_long:0] HandleWork(type: 0, fun: class boost::_bi::bind_t<void,class boost::_mfi::mf3<void,class Vmacore::System::ThreadPoolAsio,class boost::shared_ptr<class Vmacore::Exception> const & __ptr64,int,class Vmacore::Functor<void,class Vmacore::Exception * __ptr64,int,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil> const & __ptr64>,class boost::_bi::list4<class boost::_bi::value<class Vmacore::Ref<class Vmacore::System::ThreadPoolAsio> >,class boost::_bi::value<class boost::shared_ptr<class Vmacore::Exception> >,class boost::_bi::value<int>,class boost::_bi::value<class Vmacore::Functor<void,class Vmacore::Exception * __ptr64,int,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil,class Vmacore::Nil> > > >)
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [07260 trivia 'ThreadPool'] HandleWork() leaving
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [07568 error 'Default'] Cannot use advanced transport modes for vcenter5/moref=vm-175/snapshot-241: Other error encountered: SSL Exception: error:140000DB:SSL routines:SSL routines:short read.
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] 2015-02-11T14:58:36.093-05:00 [07568 info 'Default'] Successfully released all resources.
14:58:36.0093 : g_vixInterfaceLogger:libvix.cpp:1825 <DEBUG> : [VFM_ESINFO] VixDiskLib: Advanced transport modes not available for opening moref=vm-175.
Cause
NetBackup versions up to 7.6.1 include a version of VMware Virtual Disk Development Kit (VDDK) which does not support TLSv1 and requires SSLv3.
Solution
VDDK 5.5.4 supports TLSv1 and is currently scheduled to be included in NetBackup 7.6.1.1.
Do not disable SSLv3 in vCenter until all VMware backup hosts are upgraded to NetBackup version includes VDDK 5.5.4 or above.
For more information refer to the following VMware document:
VDDK 5.5.4 Release Notes
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.