IDPA: IDPA Appliance Requirements with Linux Based DNS Servers for successful deployment

           

   Article Number:     538551                                   Article Version: 2     Article Type:    Break Fix 
   

 


Product:

 

Integrated Data Protection Appliance Family,DP4400 Appliance,DP5300 Appliance,DP5800 Appliance,DP8300 Appliance,DP8800 Appliance,Integrated Data Protection Appliance SW,Integrated Data Protection Appliance Software

 

Issue:

 

 

Requirements when using Linux Based DNS Servers :    
        

         
  •         When using Linux DNS servers, port 53 should be enabled between the IDPA Proxy and the DNS server. TCP port 53 being blocked either on the DNS server or in network firewall can cause this issue. By default port is disabled on Linux based DNS servers.     
  •    
   
         
  •         If RHEL 7.5 BIND DNS is in use, with port 53 open. Forward and reverse lookups may complete successfully.  However, the Avamar Proxy does an active DNS query during setup, and the BIND DNS would not respond. There is an option within the BIND “nameD” file called “Allow-Query” which by default is set to localhost.      
  •    
   
   
    Symptoms if the above requirements are not met :   
        
         
  •         IDPA Deployment fails on Avamar Proxy deployment with error "Manage entity not found with given name AVProxy mor type VirtualMachine. Unable to find task for given entity. error Message VirtualMachine AVProxy is not present on vCenter server "     
  •    
   
         
  •         In an Avamar Proxy Deployment workflow, after the IP address gets assigned to the Avamar Proxy, it tries to reach the DNS servers to lookup the hostname for the same. After a successful reverse lookup from the DNS, it then assigns the same hostname to the Proxy. If for some reason proxy is unable to reach the DNS servers or if it does not get the response or incorrect response, the proxy hostname gets marked as localhost.local.dom.     
  •    
   
    This causes the Avamar Proxy deployment to fail and the proxy gets deleted as part of cleanup steps in PDM. Refer KB   
                                                                

 

 

Cause:

 

 

When using Linux DNS servers, port 53 should be enabled between the IDPA Proxy and the DNS server. TCP port 53 being blocked either on the DNS server or in network firewall can cause this issue. By default port is disabled on Linux based DNS servers. The Linux based BIND DNS Servers should allow query to itself for the IDPA Subnet to avoid issues.    
   
   
     
                                                           

 

 

Resolution:

 

 

Verify if port 53 is blocked between the IDPA Components and the DNS servers    
   
    Run the following commands to test the same:       
       
        1: Login to the ACM CLI as 'root' user.        
       
        2: Run the following commands :  
   

         
  •         curl -kv <DNS_Server_IP_Address>:53     
  •    
           The above output should show as Connected for that port. If the connection fails, that confirms the port is blocked.    
         
  •         host -W 10 -T <Avamar_Proxy_VM_IP_Address>     
  •    
           The above command should return the Hostname of Avamar Proxy IP if the DNS server is accessible and Proxy IP is registered in DNS server.   
   
   
    Verify ‘allow-query’ field within the BIND (DNS) configuration allows queries from the IDPA Subnet (and, specifically, the vCenter and ESX IPs)   
   
    If RHEL 7.5 BIND DNS is in use, with port 53 open. Forward and reverse lookups may complete successfully. However, the Avamar Proxy does an active DNS query during setup, and the BIND DNS would not respond. There is an option within the BIND “nameD” file called “Allow-Query” which by default is set to localhost.    
        
         
  •         Add the entire subnet of the IDPA network, along with the specific IP addresses of the ESXI server and the ACM server for that option.  Once we added those parameters, RETRY the configuration.      
  •    
   
   
    Note: The following resolution only apply to Linux Based Servers.    
                                                                

 

 

Notes:

 

 

Refer the following Article for more details : https://support.emc.com/kb/538227