Error occurs when a backup is run using SCP as the transfer protocol
search cancel

Error occurs when a backup is run using SCP as the transfer protocol

book

Article ID: 164956

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Backup fails in Messaging Gateway when using the SCP transfer protocol. The logs reference failure of FIPS integrity verification.

In the Control Center BrightmailLog.log file, similar to the following is found:
Mar 26 2017 01:03:09 [BrightmailScheduler_Worker-8] [ScriptHelper] ERROR - Cannot backup the database.
Mar 26 2017 01:03:09 [BrightmailScheduler_Worker-8] [ScriptHelper] ERROR - Failed to transmit the file: Problem performing scp: FIPS integrity 
verification test failed.lost connection. ERROR: Unable to send to the specified URL.
Mar 26 2017 01:03:09 [BrightmailScheduler_Worker-8] [ScheduledBackupTask] ERROR - Error occurred while attempting to execute scheduled backup.
com.symantec.smg.controlcenter.BrightmailException
    at com.symantec.smg.controlcenter.agent.ScriptHelper.generateError(ScriptHelper.java:2486)
    at com.symantec.smg.controlcenter.disasterrecovery.backup.BackupManager.backupNow(BackupManager.java:321)
    at com.symantec.smg.controlcenter.disasterrecovery.backup.scheduled.ScheduledBackupTask.executeTask(ScheduledBackupTask.java:123)
    at com.symantec.smg.controlcenter.internal.scheduledtask.ScheduledTask.execute(ScheduledTask.java:133)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:195)
    at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:520)

Cause

This issue is a security feature of SSH and occurs when the Messaging Gateway SCP function (an SSH function) determines the host key of the receiving system has changed.

More information on the host key can be found at https://www.ssh.com/ssh/host-key.

Resolution

To correct this issue, first make sure that Messaging Gateway is not connecting to an unexpected system and there is no man-in-the-middle intercepting the transfer.

Then, if the connection is as expected, clear the previous key from the Messaging Gateway so it can be recreated:

  1. Log into the Messaging Gateway command line with the default admin account.
  2. Run the following commands:
    • rsa-key clear known_hosts
    • rsa-key test <[email protected]>
      • Replace "<[email protected]>" with the username and the hostname or IP (The same used in the scp command that generated the error)
      • For example "rsa-key test <[email protected]>"
      • You will be prompted for the password for that user
      • A successfull command will return the fqhn of the server.
  3. Run the backup again.

Note: Use the "rsa-key test" command to add the host key of any necessary hosts that the Messaging Gateway may make scp connections to.

Powered by Wolken Software