Source:FAQ - Network

From SEPsesam
Other languages:

Can I disable HTTP for connections to REST server?

SEP sesam enables communication between the REST server and user interface components (Web UI, GUI, CLI) through both HTTP and HTTPS protocols. By default, HTTPS is used for communication to ensure security, but HTTP is also permitted to simplify initial setup.

In environments, where the use of HTTP is not allowed for security reasons, the HTTP protocol can be disabled. This ensures that all network traffic is routed exclusively through the secure HTTPS protocol.

Information sign.png Note
This procedure applies to 5.1.0 Apollon only. Since Apollon V2 using HTTP is no longer permitted.

To disable the HTTP and redirect all network traffic to HTTPS, modify the sm.ini file. In the [UI] section, set the http.protocol property to false: 

[UI]
http.protocol=false

Save the file and restart the SEP sesam REST server to apply the changes.

Note that you can disable unsecure HTTP and FTP protocols for data transfer. For more information, see Disabling unsecure transport modes.

How to check SEP sesam Client access status?

You can use the Check Access State option in the SEP sesam GUI to determine whether the client is accessible, that is, to verify that the SEP sesam software is present on the client, the network connection works and hence the client is reachable from the SEP sesam Server. For details, see Checking Access State.

How can I verify that the SEP sesam Server has full access to a specific client?

Even if you can reach a client from the SEP sesam Server with nslookup and ping over DNS names, it is still possible that the SEP sesam Server cannot connect to the client. In this case, check the availability of the client from the SEP sesam Server with the following command:

For Linux/UNIX client: 

sm_ctrlc -l root {nameofclient} sbc

sm_ssh -l root {nameofclient} sbc

For Windows client: 

sm_ctrlc -l system {nameofclient} sbc

sm_ssh -l system {nameofclient} sbc

The output should be similar to the following standard output of the sbc command (example for a Linux client): 

  smsrv:~ # sm_ctrlc -l root dbsrv.local sbc
2016-11-22 13:11:44: sbc-3036: Info:     # @(#)SESAM BACKUP CLIENT FOR UNIX FILE SYSTEMS, VERSION: 4.4R3 Build: 3ed0977 20161122 11:34:51 Linux x86_64 sles11fix #
2016-11-22 13:11:44: sbc-3162: Info:     Client Host name: buildfix11
2016-11-22 13:11:44: sbc-3253: Info:     Sesam version: [server,4.4.3.24,20161122114206]
2016-11-22 13:11:44: sbc-3257: Info:     Sesam package: [sesam_srv-4.4.3-24_pg.sles11.x86_64.rpm]
2016-11-22 13:11:44: sbc-3019: Info:     OS info:          SUSE Linux Enterprise Server 11 (x86_64)
2016-11-22 13:11:44: sbc-3000: Info:

usage:
 sbc -b|r|g|p|k|h   [-C <control_host>] [-d <device>] [-f <list_source>]
          [-F <data_format>] [-i <saveset_info>] [-j <job_name>]
          [-l <level>] [-L <control_target>] [-n <segment_number>]
          [-o {options}] [-O <STOR/RETR_direct>]
          [-R <restore_target>] [-s <saveset_spec>][-S <storage_node>]
          [-t <tape_spec>] [-T <since_time>][-x <exclude_patterns>]
          [-X <exclude list>] [-v <level>] [-V <throughput_interval>]
# Backup  #   [<backup_source1>[ <backup_source2> <backup_sourceN>]] |
# Restore #   [<restore_source1>[ <restore_source2> <restore_sourceN>]] |
# Get     #   [<remote_file> [<local_file>]] |
# Put     #   [<local_file> [<remote_file>]]
{options}: comma separated list of
                     compress, encrypt[_plain]=[{aes}|{bf}]<passwd>
                     noacl                 # process without ACL (Trustees)
 only for backup:    verify                # verify data after backup
                     plain                 # do not descend into subdirectories
                     hard=defer            # defer hardlinks
                     hard=sort             # expect i-node sorted input
                     ignore_finder         # ignore errors from sbc_find
 only for restore:   rename, overwrite     # rename/overwrite if file exists
                     over=new, over=old    # overwrites newer/older files
                     plain, tree           # restore plain/tree in target dir
                     next                  # start from subsequent tape
2016-11-22 13:11:44: sbc-3001: Info:     Exiting.

When a network problem occurs, the output may look like: 

  2016-10-26 13:25:59: scc-1128: Error: Network communication problem: STDLIB
  error: 110 - Connection timed out. connect() call failed for host:
  [dbsrv.sep.de].

Or a connection from SEP sesam Server to the SEP sesam Client may be forbidden: 

  2016-10-26 13:28:29: scc-1128: Error: Network communication problem: CTRLD
  reply: 2016-10-26 13:37:55: scd-1136: Error: Host [smsrv.local] is not
  allowed to connect or security problem for user: [root].

Which are SEP sesam default TCP ports?

SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. The required ports may be SEP sesam version-specific; as of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports than in the previous versions. For the complete list of SEP sesam ports and their configuration, see List of Ports Used by SEP sesam.

Why do I get the error: "Network communication problem: SOCKET error: 10038 – The descriptor is not a socket" when I try to connect to a client?

The Layered Service Provider (LSP) chain is defective or damaged. The cause can be an antivirus program or a virus. Another option is that the DLLs were switched during installation or uninstallation. This results in sub-processes not being able to inherit/open your socket handles.

In the following example, the SEP sesam CTRL connection takes the SM_CTRLD_MAIN daemon call from SM_CTRLC, opens the necessary sockets and passes them onto the newly created sub-process SM_CTRLD. Due to the defective LSP, the sockets cannot use this information and return the following error during an operation such as setsockopt(): 

10038 – The descriptor is not a socket.

Use the following free tools on the SEP sesam Client:

  • lspfix.exe – identifies blocked DLLs, for example, bmnet.dll and removes them
  • listdlls.exe – checks the chain of DLLs (alternatively use sm_list -f {PID of SM_CTRLD_MAIN)

Corrective measures:

  1. Check if the Layered Service Provider (LSP) links with lspfix.
  2. Check the sm_ctrld[_main].exe indirectly used DLLs with listdlls.
  3. Remove the conflicting DLL with lspfix.

An example of a correct listdlls for an environment: 

      #> listdlls.exe sm_ctrld
      D:\kit\su\src\gui>listdlls sm_ctrld
      .
      ListDLLs v2.25 - DLL lister for Win9x/NT
      Copyright (C) 1997-2004 Mark Russinovich
      Sysinternals
      ------------------------------------------------------------------------------
      sm_ctrld_main.exe pid: 4872
      Command line: D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe -D
      .
      Base Size Version Path
      0x00400000 0x23000
      D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe
      0x7c910000 0xb7000 5.01.2600.2180 D:\WINDOWS\system32\ntdll.dll
      0x7c800000 0x106000 5.01.2600.2945 D:\WINDOWS\system32\kernel32.dll
      0x71a10000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\WS2_32.dll
      0x77be0000 0x58000 7.00.2600.2180 D:\WINDOWS\system32\msvcrt.dll
      0x71a00000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\WS2HELP.dll
      0x77da0000 0xaa000 5.01.2600.2180 D:\WINDOWS\system32\ADVAPI32.dll
      0x77e50000 0x91000 5.01.2600.2180 D:\WINDOWS\system32\RPCRT4.dll
      0x719b0000 0x40000 5.01.2600.2180 D:\WINDOWS\system32\mswsock.dll
      0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll
      0x77ef0000 0x47000 5.01.2600.3099 D:\WINDOWS\system32\GDI32.dll
      0x7e360000 0x90000 5.01.2600.3099 D:\WINDOWS\system32\USER32.dll
      0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll

After removing the defective DLL, the socket can be inherited by the sub-process SM_CTRLD.

Why is the throughput for local backups very low?

In some Linux systems, e.g., SLES12, the local loopback device lo is often configured with MTU (Maximum Transmission Unit) size 65536 (64K). This may decrease the local transfer throughput because the MTU size is equal to the transfer buffer size used in SEP sesam.

To check and modify the MTU size for local loopback, proceed as follows:

  1. To check the local loopback MTU size: ifconfig lo
  2. To set the MTU size to 16K: ifconfig lo mtu 16384
  3. Add or change MTU='16384' in /etc/sysconfig/network/ifcfg-lo for SLES12

Example: 

 srv1:/ # ifconfig lo
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:61869492 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61869492 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:5001500685 (4769.8 Mb)  TX bytes:5001500685 (4769.8 Mb)
 srv1:/ # ifconfig lo mtu 16384
 srv1:/ # grep MTU ifcfg-lo /etc/sysconfig/network/ifcfg-lo
 srv1:/ # echo MTU=16384 >> /etc/sysconfig/network/ifcfg-lo

For more information, see SUSE blog: Network, CPU Tuning and Optimization and nixCraft article Linux MTU Change Size.

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.
Retrieved from "https://wiki.sep.de/wiki/index.php?title=Source:FAQ_-_Network&oldid=349910"