Solved: Big problems with setting up snapmirror for buckets

Maurice-FreeOnes · ‎2023-02-02

Hello,

I have big problems with setting up snapmirror for buckets. I did spend a huge amount of time on this and it is still not working. I am pretty sure that I followed all steps and that all certificates are right now. In the jobs log overview I even see the bucket being created and after a while deleted again:

I also tried to do bucket snapmirrors within the same cluster, so no intercluster, but even there it doesn't want to work.

Running Version 9.11.1RC1 on all clusters.

I can't wait to hear the solution after spending all these hours on this issue ;(

thank you

Maurice

Maurice-FreeOnes

I got it solved, one of the problems was the firewall pff

View solution in original post

Ontapforrum · ‎2023-02-03

As you have already spent much time around this, I would suggest contact Support (log a ticket) as they can remote-in and better understand your environment, or point you in the right direction.

In the mean time, there are couple of pdfs that you may want to take a look just to ensure all the requisites and steps are met (In case you haven't see them).
https://www.netapp.com/media/17219-tr4814.pdf

https://www.netapp.com/pdf.html?item=/media/17229-tr4015pdf.pdf

Have you tried doing 'Packet trace' to see if there are any issues with certificates ?

Maurice-FreeOnes · ‎2023-02-08

I had an open ticket at NetApp that for our first 3 FAS2750 system the SnapMirror Synchronous license was missing. It was not cleared yet and didn't know it was this specific license which was missing. It seems like that this is the cause of all the troubles of what I found out in the logs.

Maurice-FreeOnes

I got the licenses right after quite some time and thought it would work after that. However it is still not working. Error message:

Operation with Snapmirror bucket relationship failed. Reason: Connection unavailable

I have disabled http (443) on both S3 SVM's so it can't be a certificate problem.

Anybody who can finally help me out?

thank you

Maurice

Ontapforrum

Please check this kb:

Creation of SnapMirror relationship between two S3 buckets fails with Connection unavailable:
https://kb.netapp.com/Advice_and_Troubleshooting/Data_Protection_and_Security/SnapMirror/Creation_of_SnapMirror_relationship_between_two_S3_buckets_fa...

Maurice-FreeOnes

I did already. The causes in the document:

• S3 SnapMirror will automatically use HTTPS for management when enabled on the source and/or destination S3 object store server
• Misconfigurations in the security certificates of the source and/or destination data SVM or installing the wrong certificate cause "connection unavailable" errors
• InterCluster LIFs on source and destination must also be able to connect to the source and destination S3 server data LIFs for the connection to succeed

Reason 1 can't be it, because I also tried it without https.

Reason 3 can't be it, because all ping tests we did arrive.

Reason 2, I first thought can't be the reason because like I said I disabled https. However when I read for the 30st time thru this document I thought that I maybe still would need this certificate installed when only using http. Can you confirm this?

When I tried the solution: vserver object-store-server create -vserver s3secondary -object-store-server s3secondary.fqdn.com -certificate-name s3secondary.fqdn.com

I got a dash (-) as result at certificate-name field for the specific S3 SVM. Howeve when I tried to install the certificate I got this as result:

"Enter certificates of certification authorities (CA) which form the certificate chain of the server certificate. This starts with the issuing CA certificate of the server certificate and can range up to the root CA certificate.

Do you want to continue entering root and/or intermediate certificates {y|n}: n

Error: command failed: duplicate entry"

Hope somebody can help me finally solve this problem.

thank you!

Maurice-FreeOnes

I got it solved, one of the problems was the firewall pff