Important Update: Cohesity Products Knowledge Base Articles
All Cohesity Knowledge Base Articles are now managed via the Cohesity Support Portal: https://support.cohesity.com/s/searchunify. The Knowledge Base articles available here will not reflect the latest information or may no longer be accessible.
Problem
After an upgrade to Backup Exec 21.4 or 22 Storage devices are offline. Typically seen with Backup Exec media server that are in closed environments with limited access to current Windows Updates or Patches.
The following symptoms may be present after installing or upgrading to Backup Exec 21.4 or 22:
- Backup Exec services may not start or may not be stoppable (requires a reboot).
- Backup to Disk or Deduplicaton Storage may not come online.
- Backup Exec may be unable to create or add storage devices.
- Tape devices may error when Backup Exec attempts to uses them.
- Backup Exec Lockdown process or service may show as disabled in Backup Exec and cannot be enabled. Error when trying to enable Lockdown – “An error occurred updating the disk storage lockdown settings. Cannot update the lockdown settings. An internal error occurred”.
”.
Error Message
Adamm.log located in \Backup Exec\Logs folder may log the following errors:
PvlChanger::UpdateOnlineState()
Changer = 1007 "Disk Storage"
ERROR = The device is offline!
PvlChanger::MapErrorCode() - offline device
Drive = 1007 "Disk Storage"
ERROR = 0xE0008216 (E_CHG_DISCONNECTED_DURING_CMD)
Attempts to Enable or Disable Backup Exec Disk lockdown (Configuration and Settings - Backup Exec Settings - Network and Security - Disk Storage Lockdown Settings)
“An error occurred updating the disk storage lockdown settings. Cannot update the lockdown settings. An internal error occurred”
Cause
Windows Operating System Root CA Certificates not up to date or missing.
Backup Exec 21.4 and above uses DigiCert CA certificates where previous versions used Verisign CAs certificates.
Solution
- Running recent Windows update allows Windows to recognize DigiCert CA certificate. Root certificates need to be up to date. These are distributed by Microsoft.
- Copying CA from working BE 21.4 or 22 media server may resolve the issue if Windows update cannot be run to update the Operating System.
- If Windows update is the issue, the impacted systems will not be able to validate the Backup Exec binary certificate using Windows Explorer.
In some environments, the root certificates might be missing. The reasons for the missing root certificates include, but aren’t limited to:
- An administrator removed the certificate from the system.
- The system doesn’t have internet connectivity, which is needed to perform a Root AutoUpdate (automatic root update).
- A group policy in effect prevents the root certificate update.
- The registry value HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot\DisableRootAutoUpdate is set to 1.
- The registry key HKLM\SOFTWARE\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots exists.
- Installing Intermediate Cert. Auth. as Current User and not (LOCAL) System in CertMgr.msc
WORKAROUND
- Manually installed the certificate to the exe's without Windows update or copying the CA.
- Set registry key HKEY_LOCAL_MACHINE\Software\Wow6432Node\Policies\Microsoft\SystemCertificates\AuthRoot DWORD: DisableRootAutoUpdate to 0 and reboot. Run windows update .
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.