Source:FAQ - Network
Can I disable HTTP for connections to REST server?
SEP sesam enables communication between the REST server and user interface components (Web UI, GUI, CLI) through both HTTP and HTTPS protocols. By default, HTTPS is used for communication to ensure security, but HTTP is also permitted to simplify initial setup.
In environments, where the use of HTTP is not allowed for security reasons, the HTTP protocol can be disabled. This ensures that all network traffic is routed exclusively through the secure HTTPS protocol.
Note | |
This procedure applies to 5.1.0 Apollon only. Since Apollon V2 using HTTP is no longer permitted. |
To disable the HTTP and redirect all network traffic to HTTPS, modify the sm.ini file. In the [UI] section, set the http.protocol property to false:
[UI] http.protocol=false
Save the file and restart the SEP sesam REST server to apply the changes.
Note that you can disable unsecure HTTP and FTP protocols for data transfer. For more information, see Disabling unsecure transport modes.
How to check SEP sesam Client access status?
You can use the Check Access State option in the SEP sesam GUI to determine whether the client is accessible, that is, to verify that the SEP sesam software is present on the client, the network connection works and hence the client is reachable from the SEP sesam Server. For details, see Checking Access State.
How can I verify that the SEP sesam Server has full access to a specific client?
Even if you can reach a client from the SEP sesam Server with nslookup and ping over DNS names, it is still possible that the SEP sesam Server cannot connect to the client. In this case, check the availability of the client from the SEP sesam Server with the following command:
For Linux/UNIX client:
sm_ctrlc -l root {nameofclient} sbc
sm_ssh -l root {nameofclient} sbc
For Windows client:
sm_ctrlc -l system {nameofclient} sbc
sm_ssh -l system {nameofclient} sbc
The output should be similar to the following standard output of the sbc command (example for a Linux client):
smsrv:~ # sm_ctrlc -l root dbsrv.local sbc 2016-11-22 13:11:44: sbc-3036: Info: # @(#)SESAM BACKUP CLIENT FOR UNIX FILE SYSTEMS, VERSION: 4.4R3 Build: 3ed0977 20161122 11:34:51 Linux x86_64 sles11fix # 2016-11-22 13:11:44: sbc-3162: Info: Client Host name: buildfix11 2016-11-22 13:11:44: sbc-3253: Info: Sesam version: [server,4.4.3.24,20161122114206] 2016-11-22 13:11:44: sbc-3257: Info: Sesam package: [sesam_srv-4.4.3-24_pg.sles11.x86_64.rpm] 2016-11-22 13:11:44: sbc-3019: Info: OS info: SUSE Linux Enterprise Server 11 (x86_64) 2016-11-22 13:11:44: sbc-3000: Info: usage: sbc -b|r|g|p|k|h [-C <control_host>] [-d <device>] [-f <list_source>] [-F <data_format>] [-i <saveset_info>] [-j <job_name>] [-l <level>] [-L <control_target>] [-n <segment_number>] [-o {options}] [-O <STOR/RETR_direct>] [-R <restore_target>] [-s <saveset_spec>][-S <storage_node>] [-t <tape_spec>] [-T <since_time>][-x <exclude_patterns>] [-X <exclude list>] [-v <level>] [-V <throughput_interval>] # Backup # [<backup_source1>[ <backup_source2> <backup_sourceN>]] | # Restore # [<restore_source1>[ <restore_source2> <restore_sourceN>]] | # Get # [<remote_file> [<local_file>]] | # Put # [<local_file> [<remote_file>]] {options}: comma separated list of compress, encrypt[_plain]=[{aes}|{bf}]<passwd> noacl # process without ACL (Trustees) only for backup: verify # verify data after backup plain # do not descend into subdirectories hard=defer # defer hardlinks hard=sort # expect i-node sorted input ignore_finder # ignore errors from sbc_find only for restore: rename, overwrite # rename/overwrite if file exists over=new, over=old # overwrites newer/older files plain, tree # restore plain/tree in target dir next # start from subsequent tape 2016-11-22 13:11:44: sbc-3001: Info: Exiting.
When a network problem occurs, the output may look like:
2016-10-26 13:25:59: scc-1128: Error: Network communication problem: STDLIB error: 110 - Connection timed out. connect() call failed for host: [dbsrv.sep.de].
Or a connection from SEP sesam Server to the SEP sesam Client may be forbidden:
2016-10-26 13:28:29: scc-1128: Error: Network communication problem: CTRLD reply: 2016-10-26 13:37:55: scd-1136: Error: Host [smsrv.local] is not allowed to connect or security problem for user: [root].
Which are SEP sesam default TCP ports?
SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. The required ports may be SEP sesam version-specific; as of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports than in the previous versions. For the complete list of SEP sesam ports and their configuration, see List of Ports Used by SEP sesam.
Why do I get the error: "Network communication problem: SOCKET error: 10038 – The descriptor is not a socket" when I try to connect to a client?
The Layered Service Provider (LSP) chain is defective or damaged. The cause can be an antivirus program or a virus. Another option is that the DLLs were switched during installation or uninstallation. This results in sub-processes not being able to inherit/open your socket handles.
In the following example, the SEP sesam CTRL connection takes the SM_CTRLD_MAIN daemon call from SM_CTRLC, opens the necessary sockets and passes them onto the newly created sub-process SM_CTRLD. Due to the defective LSP, the sockets cannot use this information and return the following error during an operation such as setsockopt():
10038 – The descriptor is not a socket.
Use the following free tools on the SEP sesam Client:
- lspfix.exe – identifies blocked DLLs, for example, bmnet.dll and removes them
- listdlls.exe – checks the chain of DLLs (alternatively use
sm_list -f {PID of SM_CTRLD_MAIN
)
Corrective measures:
- Check if the Layered Service Provider (LSP) links with lspfix.
- Check the sm_ctrld[_main].exe indirectly used DLLs with listdlls.
- Remove the conflicting DLL with lspfix.
An example of a correct listdlls for an environment:
#> listdlls.exe sm_ctrld D:\kit\su\src\gui>listdlls sm_ctrld . ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals ------------------------------------------------------------------------------ sm_ctrld_main.exe pid: 4872 Command line: D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe -D . Base Size Version Path 0x00400000 0x23000 D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe 0x7c910000 0xb7000 5.01.2600.2180 D:\WINDOWS\system32\ntdll.dll 0x7c800000 0x106000 5.01.2600.2945 D:\WINDOWS\system32\kernel32.dll 0x71a10000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\WS2_32.dll 0x77be0000 0x58000 7.00.2600.2180 D:\WINDOWS\system32\msvcrt.dll 0x71a00000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\WS2HELP.dll 0x77da0000 0xaa000 5.01.2600.2180 D:\WINDOWS\system32\ADVAPI32.dll 0x77e50000 0x91000 5.01.2600.2180 D:\WINDOWS\system32\RPCRT4.dll 0x719b0000 0x40000 5.01.2600.2180 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x77ef0000 0x47000 5.01.2600.3099 D:\WINDOWS\system32\GDI32.dll 0x7e360000 0x90000 5.01.2600.3099 D:\WINDOWS\system32\USER32.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll
After removing the defective DLL, the socket can be inherited by the sub-process SM_CTRLD.
Why is the throughput for local backups very low?
In some Linux systems, e.g., SLES12, the local loopback device lo is often configured with MTU (Maximum Transmission Unit) size 65536 (64K). This may decrease the local transfer throughput because the MTU size is equal to the transfer buffer size used in SEP sesam.
To check and modify the MTU size for local loopback, proceed as follows:
- To check the local loopback MTU size: ifconfig lo
- To set the MTU size to 16K: ifconfig lo mtu 16384
- Add or change MTU='16384' in /etc/sysconfig/network/ifcfg-lo for SLES12
Example:
srv1:/ # ifconfig lo lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:61869492 errors:0 dropped:0 overruns:0 frame:0 TX packets:61869492 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:5001500685 (4769.8 Mb) TX bytes:5001500685 (4769.8 Mb) srv1:/ # ifconfig lo mtu 16384 srv1:/ # grep MTU ifcfg-lo /etc/sysconfig/network/ifcfg-lo srv1:/ # echo MTU=16384 >> /etc/sysconfig/network/ifcfg-lo
For more information, see SUSE blog: Network, CPU Tuning and Optimization and nixCraft article Linux MTU Change Size.