Release Notes

Dell EMC Integrated Data Protection Appliance

2.7

Release Notes
Rev. 02
November 2021
These release notes contain supplemental information about the Integrated Data Protection Appliance.

• Revision history.........................................................................................................................................................................................................2
• Product naming conventions and terminology changes.................................................................................................................................2
• Product description................................................................................................................................................................................................. 2
• New features............................................................................................................................................................................................................. 3
• Fixed issues................................................................................................................................................................................................................ 4
• Known issues............................................................................................................................................................................................................. 5
• False positives......................................................................................................................................................................................................... 15
• Limitations................................................................................................................................................................................................................ 16
• Environment and system requirements.............................................................................................................................................................17
• Documentation........................................................................................................................................................................................................ 17
• Troubleshooting and getting help.......................................................................................................................................................................19
Revision history
This section describes the updates that are made for each revision of the IDPA release.

Table 1. Revision history

Revision Date Description
02 November 2021 Bug fixes and minor documentation updates
01 September 2021 First release of this document for IDPA 2.7

Product naming conventions and terminology changes

The following table describes the recent name and terminology changes to Integrated Data Protection Appliance, starting with
version 2.7.

Table 2. Product naming conventions and terminology changes

Existing Product/Component Name New Name/Terminology
Virtual Machines Services
ESXi Hypervisor
vSphere Hypervisor Platform
vCenter/vCSA (VM) Hypervisor Manager
vCenter service daemon Hypervisor Manager Service Daemon
vSAN Storage Pool
ACM (VM) Appliance Configuration Manager (Service)
dpatools Infrastructure Management Service
PT-Agent Node Event Service
Avamar (VM) Protection Software (Service)
Avamar Proxy / vProxy (VM) VM Proxy (Service)
DD / DDVE Protection Storage
DPC (VM) Data Protection Central (Service)
DPA Reporting & Analytics
(DP)Search Search
CDRA (VM) Cloud DR (Service)
CDRS Cloud DR Server
Integrated Dell Remote Access Controller (iDRAC) iDRAC
iDRAC Service Module (iSM) / iSM service iDRAC Service Module

Product description
The Integrated Data Protection Appliance (IDPA) combines multiple hardware and software solutions into a single product.
The IDPA model DP4400 is a hyper-converged, 2U system that a user can install and configure onsite.
Other models of IDPA (DP5300, DP5800, DP8300, and DP8800) are shipped as a complete unit, with all hardware components
racked and cabled in the factory. Dell EMC Customer Support completes the installation and initial configuration. The solution
includes a Protection Software server as the backup server node with optional NDMP Accelerators, a Protection Storage

2
system as the protection storage node, Compute nodes for virtual components and software, a networking switch for improved
setup speed, and Cloud DR.
The system software for each component is installed and configured to the greatest extent possible before the appliance is
shipped. A backup application, Cloud DR, Protection Storage, Reporting & Analytics, Search, Data Protection Central, and the
Appliance Configuration Manager (ACM) come embedded in the appliance.
The Search, Reporting & Analytics, and Cloud DR are all optional to set up. Also, the Search, Reporting & Analytics, and Cloud
DR functions can be performed by a central corporate implementation of these functions.

New features
The following features are introduced in this release.

Release number 2.7

There is a new release number 2.7.

Self-contained deployment
Self-contained deployment refers to configuring the appliance network using the ACM IP for DNS, NTP, and Gateway. It is an
optional procedure and must be performed only if you do not have a valid IP address for DNS, NTP, and Gateway. After the
appliance is deployed and configured successfully, you can change the DNS, NTP, and Gateway from the ACM dashboard. The
self-contained deployment is possible only on IPV4 network. This feature is available for all the IDPA models.

ACM dashboard enhancements

● Data Protection Central (DPC) panel
The optional component DPC can be removed from the appliance using the option that is provided on the DPC panel on the
ACM dashboard.
● General Settings panel
The gear icon on the General Settings panel provides options to change the DNS, NTP, and Gateway IP addresses.
● Protection Storage panel
The gear icon on the Protection Storage panel provides option to create first Security Officer user.

Security enhancements
This release includes enhanced appliance security features which allow you to:
● Configure Integrated Lightweight Directory Access Protocol (LDAP) on all IDPA components, providing LDAP authentication
for centralized user management.
● Replace certificates with customized certificates.
● Disable default passwords.
● Use a single set of password rules across all IDPA components.

Install enhancements
This release provides a resilient installation procedure with reduced pre-deployment requirements. Install enhancements include:
● Reduced number of public IP addresses required.
● Reduced initial deployment delays by using out-of-box DNS.
● Resilient configuration with inbuilt retries.
● Flexibility to choose components to be configured.

3
Upgrade enhancements
This release provides a flexible automated upgrade process with reduced downtime and increased success rate. Upgrade
enhancements include automated infrastructure upgrades. Firmware updates are included in the upgrade to IDPA 2.7 and do
not require a separate firmware update process. This release also includes independent infrastructure and software upgrade
support.

Appliance infrastructure and monitoring enhancements

This release includes the following appliance infrastructure and monitoring enhancements:
● Automatic renewal of self-signed and CA signed Hypervisor Manager certificates. This includes STS, Machine SSL, VMCA
root, and Solution User certificates. The IDPA now generates alerts indicating Hypervisor Manager certificate renewal
success or failure.
● Hypervisor and Hypervisor Manager filesystem monitoring. The IDPA now generates alerts indicating Hypervisor and
Hypervisor Manager filesystem health.
● Consolidation of alerts from all IDPA sub-components.

Fixed issues
This section describes the issues that are fixed in this release.

Table 3. Fixed issues

Issue number Issue description
IDPA-8049 IDPA 2.7 fixes all security vulnerabilities in VMSA-2021-0020.
DDOS-89260 The configuration PDF downloaded from the ACM dashboard contains Search and Cloud DR details even
after removing the two components from the appliance.
DDOS-72184 After enabling FIPS, a suspended scheduler goes back to the running state.
DDOS-70303 Changing the appliance password fails if there are any backup jobs running. Change appliance password
does not warn about stopping all the backup running jobs before changing the password.
DDOS-71205 Protection Software change password workflow does not create a checkpoint immediately after changing
the appliance password.
If there is an abrupt system shutdown before the next checkpoint schedule, then recovery from the old
checkpoint is troublesome.

DDOS-69990 Unable to configure Search to use Secure AD.

261627 The Reporting & Analytics Web UI can be accessed through the DPCusing single sign-on (SSO). When
this Reporting & Analytics Web UI session times out, the following error message is displayed:Error
401: Unauthorized Action.Server responded with UNAUTHORIZED status code. You
should login again.

261614 Backups of the IDPA component Services fail with a status No Proxy. This issue occurs because the
IDPA internal ACM Proxy is incorrectly registered or the ACM Proxy UUID is missing.
261409 During the appliance restart that occurs after the upgrade, or from the ACM dashboard, the following
error is displayed: Failed to start the Search component services.

251706 The ACM configuration wizard which performs the IP address validations does not accept valid IPs ending
with x.x.x.255 even if the subnet is greater that 24. This issue applies to all the IPs provided during the
appliance configuration, including the IPs for the point products and network services.
257849 After a successful fresh installation, the Protection Software backup jobs stop responding and the
Protection Software Client download is in a hung state.
254933 After a successful fresh installation, the Backup Server panel on the ACM dashboard displays that the
backup agents installation has failed at 48% due to timeout. This issue causes all the backup jobs to fail.
230919 While configuring secure LDAP, the following error message might be displayed:

4
Table 3. Fixed issues (continued)
Issue number Issue description

Unable to connect to secure LDAP/AD. Please verify whether the LDAP/AD

Server provided is present as Alternate name in LDAPS Certificate.

232388 The Protection Storage disk IDs are missing from the Integrated Data Protection Appliance Configuration
PDF file that is downloaded from the ACM dashboard.
232567 When the Protection Storage file system is disabled, you cannot open the Protection Storage user
interface page using the link on the ACM dashboard.
210664 When all filesystem usage at the VM Proxy is 100%, backup process fails.
215107 Using Google Chrome browser v66.0.3359.139, users are unable to expand the individual log entry
windows on the Configuration Progress screen during the DP4400 configuration.
DDOS-64923 When you change the time zone or NTP from the ACM Dashboard, a progress message or status is not
displayed.
DDOS-59715 Self-protect of IDPA point products using the external VM proxy is not available when FIPS is enabled.
DDOS-70903 If one of the cluster Hypervisor hosting Protection Software restarts abruptly, then Protection Software
services will not start automatically. This is applicable only for 5x versions.
232874 You cannot download logs from Cloud DR when Cloud Collection Mode is selected.
The log collection links generated after selecting Cloud collection mode do not work.

Known issues
This section describes IDPA known issues.

Table 4. Known issues with workaround/resolutions

Issue number Problem description Workaround/resolution
DPC-6312 When upgrading the appliance from version 2.6.1 to Contact Dell Support for assistance.
version 2.7, the DPC upgrade failed during OS rollup.
NOTE: This issue is related to only 2.6.1 systems
that are upgraded from lower appliance versions
to 2.6.1.

IDPA-8032 During ACM deployment, on the License page when This issue occurs when the connection to ELMS is
you click Check online for Licenses, you receive the successful but valid licenses are not available for
following message and the Next button is not active: download. Manually obtain the correct licenses for
your system, and click Browse to manually select the
Licenses were downloaded successfully
licenses.
See License activation section in IDPA Installation
and Upgrade Guide and IDPA Deployment Guide.

Avamar-22044 The following error is displayed when trying to view a Ignore the error unless you had explicitly configured
Protection Software client summary from the Asset cloud copies to be created for the client.
Management page.
Failed to get DR copies
This error occurs even though neither local backup
nor a cloud copy was never performed for the client.

Avamar-21807 In the Protection Software UI, on the Restore When you manually enter the restore location, you
> Destination Location page under the Restore must make sure that the restore location syntax is
everything to a different location section, if correct to avoid restore failures.
you manually enter the restore location in an
incorrect format, for example, /<folder_name>/
<file_name> instead of /<directory_or

5
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description Workaround/resolution
folder_name>, the Protection Software does not
check to verify the restore location syntax and it
proceeds with the restore, throwing an error.
Avamar-22255 Instant Access fails with error Can't find VM Retry the instant access job.
Instant Access Agent.

Avamar-22107 In the Protection Software UI, on the Restore When you manually enter the restore location, you
> Destination Location page under the Restore must make sure that the restore location syntax is
everything to a different location section, if correct to avoid restore failures.
you manually enter the restore location in an
incorrect format, for example, /<folder_name>/
<file_name> instead of /<directory_or
folder_name>, the Protection Software does not
check to verify the restore location syntax and it
proceeds with the restore, throwing an error.
Avamar-22108 When deploying multiple proxies at the same time, Retry deploying the failed proxy.
one or more proxy deployment operations may fail.
Avamar-22206 Protection Software does not allow you to disable Disabling SNMP settings is not allowed while editing
the SNMP getter/setter option in the Edit Protection Storage settings on Protection Software,
DataDomain settings page. even though the check box for SNMP appears to be
enabled.
Avamar-22207 When enabling FIPS on the ACM dashboard, Contact Support to reset the DDBoost password and
FIPS enablement fails on Protection Storage (Data to enable FIPS on the appliance.
Domain) with the following error:
[Error] Integrating Protection
Storage DDBoost password into Backup
Server. [Error] Failed to enable FIPS.
This error message indicates that the DDBoost
password is not supported in the Protection
Software (Avamar). For example, it may be that
the DDBoost password is an MD5 password, and
the Protection Software does not support MD5
passwords.

Avamar-22213 The Event Management page on the Protection
Software UI displays the following warning:
Data Domain system not responsive to
requests.
Avamar-22218 After an installation or upgrade, the Event
Management page on the Protection Software UI
displays kernel errors on startup.
Avamar-22223 Hypervisor Manager is not visible in the Protection
Software UI under the Administration > System tab,
therefore preventing the user from registering or
unregistering the Hypervisor Manager.
Avamar-22228 In the Protection Software UI, when you select
Asset Management > Clients > < select client >
This warning is displayed when Protection Software
is unable to get a response from the Protection
Storage system. This issue can occur due to
various reasons. Ensure that the network connection
between Protection Software and Protection Storage
is active. If the issue persists, contact Dell Support
for assistance.
You can safely ignore these events.
This issue occurs when there is a broken connection
between one of the Hypervisor Managers and the
appliance. If Hypervisor Manager connections are
down because of a password change, update the
Hypervisor Manager password. If the Hypervisor
Manager is decommissioned and no longer required,
delete the Hypervisor Manager domain in the
Protection Software UI.
Contact Support to properly configure Cloud DR
Server in your environment.

6
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description Workaround/resolution

> View More, you may get the following error

message:
Get cloud copy failure Caused by:
CDRAOperationException occurred due
to: 500,
{"message":"","status":null,"code":50
0}
This is an internal server error message indicating
that appliance configuration is not complete because
Cloud DR Server has not been configured in Cloud
DR.

Avamar-22232 The Event Management page in the Protection You can safely ignore these events. These events
Software UI displays the following events during stop automatically when the DPC component is
upgrade: available after the upgrade.
RabbitMQ has no connection configured If the events persist even after the upgrade
to the Backup & Recovery Manager completes successfully, then contact Support for
server. assistance.
During the appliance upgrade, the Data Protection
Central (DPC) component and its services are
restarted. During this time, the Avamar RabbitMQ
service is unable to connect to the DPC which
causes the events to be generated.

Avamar-22239 After a power outage, in the Protection Software
UI, the vCenter, VMs, proxies, and backup policy
configuration data may not appear.
Avamar-22299, As part of the post upgrade tasks, the ACM takes
IDPA-7634 a checkpoint on Protection Software to protect
against data loss that may occur on account of an
abrupt shutdown or similar disruption.
The ACM overrides the Protection Software
maintenance scheduler to create the checkpoint
on Protection Software. Any Protection Software
maintenance activities that are in progress at that
time fail because of the override.
You must revert back to the last validated previous
Protection Software checkpoint manually and verify
that the Hypervisor Manager, clients, proxies, and
backup policy configuration data displays in the
Protection Software UI. If that is not the case,
contact Support for assistance.
The failure of the Protection Software-triggered
maintenance activities is an expected behavior. You
can ignore the failure of the maintenance activities
because the data is protected by the checkpoint that
ACM creates.
Ensure that you connect to the Protection Software
UI and acknowledge the alerts generated for
the failure. Also, verify that the next scheduled
maintenance activities (within the next 24 hours)
are successful. Contact Support if subsequent
maintenance activities continue to fail.
For more information, see KB Article 000191190.

Avamar - 32759 Avamar backup policy allows to add non-existing None

or invalid client in the Asset Management without
authentication or validation.
IDPA-5619 Multiple dynamic alerts are generated and emailed None.
from the ACM even after the VMware Update
Manager Service is disabled.
IDPA-7477 After upgrading the appliance, the Appliance panel Clear the cache and open the ACM in a new browser
on the ACM dashboard is not displayed, and window.
the following warning is displayed even when the
infrastructure upgrade is completed:
Appliance infrastructure components
upgrade is pending. Upgrade the

7
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description Workaround/resolution

infrastructure components to the

version bundled in PowerProtect DP
series appliance (Build ) to ensure
the appliance is on the recommended
software and infrastructure version.

IDPA-7730 When you configure the external LDAP environment Contact Support to properly configure LDAP domain
in the ACM dashboard, LDAP is not properly names that include a period in Search and DPC
configured if the domain name contains a period. components. For Search, refer to the Managing
For example, a domain name such as dc=xyz.ams Roles and Users chapter in the Dell EMC Search
throws a configuration error. Deployment and Administration Guide. For DPC, refer
to the Administration options in Data Protection
Central chapter in the Dell EMC Data Protection
Central Administration Guide.
IDPA-7798, During an appliance upgrade, alerts may be visible in These alerts are benign and can be ignored.
IDPA-7799 the Hypervisor Manager environment that pertain to NOTE: If there are any critical hardware-related
high CPU utilization on services, or the renaming or alerts, contact Support for assistance.
deleting of services as part of the appliance upgrade.
IDPA-7801 After successful network configuration of the To resolve this issue, you must unblock network port
appliance, the automatic license download process 443 in the network environment.
could take hours to complete. This happens if port
443 is blocked in the customer network environment.
DDOS-52580 The Protection Storage logs show many "sshd" None
core file generation is disabled
messages.
These log messages are created when FIPS is
enabled on the appliance, and you try to access
Protection Storage through SSH.

DDOS-108187 If the Protection Storage system has millions of files In order to avoid DDFS restarting, it is recommended
in a directory, DDFS may restart trying to read the that you restructure the directory layout to reduce
directory. the number of files in a single directory.
DPC-5869, After a power failure, when the DP4400 appliance Contact Support to restart the DPC services using
DPC-5900 comes back online, you may not be able to access the procedure in KB article 000190695.
the DPC UI from the ACM dashboard due to the elg
or msm-ui-main services not starting properly.
IDPA-5058 When the ACM dashboard auto logs off after Log in again to access the ACM dashboard or close
15 minutes of inactivity and the user does the browser window that is logged out and not in use.
not close the browser tab/window, the browser
keeps trying to connect to the ACM with the
expired authentication token. This causes multiple
authentication tokenization errors being logged in
the ACM server.log file.
IDPA-7346 During the appliance upgrade, you may get logged Log in to the ACM, and you are directed to the
out from the Upgrade page. Upgrade page.
Avamar-22142 Backup jobs may complete with exceptions when the Set the Encryption method to Data Domain system
Encryption method to Data Domain system is set to Default value.
to a Medium value.
IDPA-7534 During fresh installation, you cannot proceed from See the KB article 000081518 and resolve the issue.
the General Settings page because the Timezone
drop-down box is not populated.
The Timezone field is not populated when the
browser language settings has a different language
other than English.

8
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description Workaround/resolution
IDPA-7405 During the fresh installation of DP8400 and DP8900, Rollback the ACM and reimage the Protection
the Protection Software configuration fails with an Software.
empty passphrase error.
This issue occurs when you are installing the
Protection Storage package and the Avamar
Installer Manager UI is kept open.

Avamar 21543 The Protection Software UI System tab may display
a Failed to Get Private Entry error with the
following error message:
Http failure response for https://
dp4400-19-5.datadomain.com/acm/api/
keystore/web/cert: 503 Service
Unavailable
1. Log in to Avamar using SSH as an admin user.
2. Run the following command to delete the acm.pid
file: rm /usr/local/acm/bin/acm.pid
3. Run the following command to start
the acmservice: /usr/local/acm/bin/
acmservice start

Avamar-22221 File Level Restore (FLR) is not possible for any Perform a full restore of your backup locally, and then
backup stored in the cloud. If you try to restore a retrieve the files you want.
backup in the cloud you may get an error message in
the Restore Cloud Backup window after which the
FLR option is deselected.
Avamar-21993 Avamar Asset management allows the inclusion None
of any invalid or garbage valued clients without
performing any verification checks.
Avamar-21901 The Avamar policy page allows you to create a copy None
of an existing policy using an invalid name.
IDPA-3546 Unable to change the appliance password when jobs Change the appliance password during a maintenance
are running on the Protection Software. window when no jobs are running on the Protection
Software.
Avamar-22258 The following error message may be displayed after You can safely ignore this error.
a fresh install or when the appliance is upgraded to
its 2.7 version: RabbitMQ is misconfigured.
The problem could not be corrected.

Avamar - 22176 The Protection Software OS rollup may fail to install
during an upgrade.
IDPA-6188 During the software upgrade from version 2.6 to 2.7
or higher versions, the ACM fails to auto-redirect
after completing the upgrade readiness check, and
instead a Upgrade dialog box with a link is displayed.
Cancel the software update on the Avamar
Installation Manager UI. Then retry the Protection
Software upgrade on the ACM UI.
Manually click on the link to proceed with the
upgrade.
You can also try to open the following link in a
browser https://<ACM_IP>:9443/

IDPA-5756 When troubleshooting fresh install failures, the Perform the appliance rollback, wait for 5 minutes
Protection Storage configuration fails with Failed and then continue with the deployment.
to create ifgroup after the first attempt of
appliance rollback. But, without any intervention, the
ifgroup creation succeeds during the next attempt
of rollback.
Avamar-40228 The File Level Restore (FLR) displays a folder with To resolve the issue, see KB article 000165929.
data as empty on the MC GUI. This issue is because
of the usage of special characters.
DDOS-90529 When the time lags between the DPC and the 1. Connect to the DPC Service using SSH with
components configured for Single Sign-On (SSO), admin credentials.
then the SSO operations may fail. 2. Verify the correct NTP server is configured in the
ntp.conf file in the following location:

9
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description
DDOS-91798 The Protection Software Activity Page becomes
unresponsive when the user clicks Completed
Replication activity.
DDOS-65860 Backup jobs fail with avtar Error <41439>:
Using invalid token:xxx in the avtar backup
or restore log.
Here :xxx is a placeholder for the token. The token in For more information, see KB article 546535.
the error is a hash value of an empty token that the
avtar gets from the Protection Software server.
The DDR result code: 5002, desc: value
exceeds upper bound error is also logged in the
ddrmaint log.
When the ddrmaint service requests a Protection
Storage token for backups, a retry is triggered if the
network connection fails. After a certain number of
retries, the retry counter in ddboost leaks and the
token request fails.
DDOS-72483, Protection Software upgrade fails due to Protection
DDOS-72407, Storage reboot failure when you are upgrading to
DDOS-72408, IDPA 2.6.
DDOS-72409
DDOS-74615 The ACM Upgrade Progress page displays that
the Protection Software OS Rollup upgrade failed.
Attempting a retry for Protection Software from the
ACM Upgrade Progress page fails with the Package
is not available error.
DDOS-74026 The registry entry for the ethMa.80 IP address
on the Protection Storage system is removed post
upgrade.
DDOS-69689 The Data Protection Central reports that Protection
Storage is not registered for SSO.
DDOS-72560 Upgrade fails if two components in IDPA have the
same IP.
DDOS-73400 Upgrade for Backup server (Protection Software)
failed because of replication jobs running on the
remote destination.
10
Workaround/resolution
more/etc/ntp.conf
3. Check the status of the NTPD daemon using the
following command:
systemctl status ntpd
a. If the state is "inactive" then start the ntpd
service using systemctl start ntpd.
b. If the state is "disabled" then enable the ntpd
service using systemctl enable ntpd.
None.
For more information, see KB article 000182250.
Restart the ddrmaint service on the Protection
Software server using the ddrmaint-service
restart command.
To resolve the issue, see KB article 546411.
To resolve the issue, see KB article 546479.
You must reconfigure the interface with the same
IP address on the Protection Storage system, as a
workaround for this issue.
Delete the Data Protection Central trust
on the Protection Storage system using
the adminaccess trust del host
<IDPA_System_Manager_hostname> command.
After this, if the Data Protection Central hostname
is not resolvable from Protection Storage, add a
host-to-IP mapping on Protection Storage using the
net hosts add {<ipaddr> | <ipv6addr>}
<host-list> command.
Ensure that the IPs of the IDPA components are
unique and there is no IP address conflict.
Before starting the appliance upgrade, disable all
replication jobs on the source, so that replication jobs
are not triggered on the destination appliance.
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description
DDOS-73352 The firmware upgrade fails if the
DataProtectionConfiguration.xml file is missing on
the ACM.
DDOS-63142 While the ACM boots up, some errors are displayed
on the console.
DDOS-68603 Steps to add the CA signed certificate to ACM must
be repeated for IDPA 2.6.
DDOS-67878, Registering the IDPA components for SRS fails in
DDOS-67789, IPv6 network environments.
DDOS-67788
DDOS-67443 When a user connects to the Protection Storage
component using an SSH client, the Product serial
number tag (PSNT) displayed in the console banner
is incorrect.
261749 When IDPA loses power abruptly, for example, during Perform these steps to resolve the issue:
a power outage, some of the Protection Software
and Data Protection Central services might fail to
start in a timely manner.
261523 The Search component registers a client with
Protection Software to index the metadata. After
upgrading to IDPA version 2.6, Protection Software
UI displays that the client is unprotected. However,
this client resides on the Search Service and the
data that is associated with this client is backed
up regularly with the scheduled daily backup of the
Search Service.
261657 The backup copies for ACM, Reporting & Analytics,
Cloud DR, and Hypervisor Manager (when upgrading
from versions other than IDPA 2.5) are not available
after upgrading to IDPA 2.5.
Workaround/resolution
Before upgrading the firmware, ensure
that the /usr/local/dataprotection/var/
configmgr/server_data/config/
DataProtectionConfiguration.xml file
is available on the ACM.
If this file does unavailable, login to the
ACM Dashboard UI and select the option to
download the current configuration. Ensure that
the DataProtectionConfiguration.xml file is created
before proceeding.
You can ignore the errors. These errors do not impact
the functionality of IDPA.
If you have performed the steps described in the
"Adding a CA signed certificate" section of the Dell
EMC Integrated Data Protection Appliance Product
Guide, and added the CA signed certificate to ACM;
you must perform the same steps again for IDPA 2.6
to add the CA signed certificate in ACM in IDPA 2.6.
Registering for SRS is an optional task. You may
choose to skip registering the components for SRS.
If SRS is mandatory, then configure IDPA in an IPv4
network environment.
The Gen 13 hardware appliances do not have a
product serial number tag. Due to this, the value
displayed in the banner is a dummy value. You can
safely ignore this anomaly.
1. Manually start the Protection Software services
using the command: # dpnctl start all --
ignore_lock
2. Manually start the DPC SSO services using the
command: # service dpc-sso start
This issue is a false alarm and can be safely ignored.
IDPA is configured to protect itself from data loss.
This is an expected behavior. As part of the upgrade
operation, the ACM, Reporting & Analytics, Cloud
DR (when not configured) and Hypervisor Manager
Services are deleted and corresponding new Services
are deployed. Once the Cloud DR component is
configured, its upgrades are driven by the Cloud DR
Server component. The upgraded ACM, Reporting
& Analytics, Cloud DR and Hypervisor Manager
Services are backed up along with the rest of the
components as part of the scheduled daily backups.
For additional information about the appliance self-
initiated backups, see System self-protection section
in IDPA Product Guide.
11
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description Workaround/resolution
257875 Deploying the VM Proxy server fails if the DNS of You must temporarily open the DNS of the network
the network port 53 is blocked. port 53 for the duration of the configuration.
260493 The following issues occur when the file system on Contact Support to increase the capacity of the
the /storage/seat mountpoint of the Hypervisor file system that is mounted on /storage/seat
Manager Server Service is short of free space: mountpoint. For more information, see KB article
● All operations such as, optional point 540267.
product deployments from ACM dashboard,
upgrades, PDF download configuration,
and change password performed on the
Hypervisor Manager Server fail. The following
error is listed on the server.log
file: Exception occurred while
creating ViJava service instance
with persisted vCenter parameters.
java.lang.NullPointerException.
● When connecting to the Hypervisor Manager
Server user interface, the following error is
displayed: Could not connect to one
or more vCenter Server Systems:
https://vCenterFQDN:443/sdk.

250954 During the appliance upgrade, there are warnings Ignore the warnings, and continue the upgrade.
because of the higher version of the Cloud DR
component. The warnings are displayed if the Cloud
DR Server upgrades the Cloud DR component before
the appliance upgrade.
251361 Protection Storage user account gets locked due To unlock the Protection Storage user account,
to incorrect credentials in Data Protection Central perform the following steps:
Issue Summary <Issue ID>. ● Remove the Protection Storage system from Data
It is recommended that the Protection Storage Protection Central.
admin password is changed through the ACM ● Unlock the user account from the Protection
dashboard. If the password is changed directly on Storage system. For more information, see Data
the Protection Storage system, you must edit the Domain Administration Guide.
Protection Storage system in DPC to update the ● Add the Protection Storage system back to DPC
user credentials. If you fail to update the password in with the updated user credentials.
DPC, the Protection Storage system locks the user
account.

250098 After performing disk expansion, Datastore Acknowledge the alarm. For more information, see
usage on disk alarm is displayed on vSphere the IDPA KB article 526173.
Web console > Summary tab.
257188 In Protection Software, when you backup the Oracle To resolve the issue, see KB article 0469860.
RAC, the backup fails with Rman error:ORA-12162:
TNS:net service name is incorrectly
specified.

256568, When upgrading the appliance to 2.3.1 or 2.4.1, you
254464 must first update the firmware to the latest version
and then continue with the software upgrade.
Failing to update the firmware before running the
software upgrade workflow causes loss of capability
of receiving hardware fault alerts on the ACM.
254884, After upgrading the appliance to 2.3.1 or 2.4.1, there
254509, is a TLS error that is displayed on the iDRAC user
251505 interface, Settings > Service Module.
The error is due to the iDRAC Service Module
(iSM) on the server operating system which fails to
To resolve the issue, see the following:
● For DP4400, see Update the IDPA Firmware in
IDPA Installation Guide.
● For DP8xxx and DP5xxx, see Update the IDPA
Firmware in Field and Professional Services
Deployment Guide for DP5xxx and DP8xxx.
To resolve the TLS error, follow these steps:
1. Log in to the Hypervisor host and run
the following command:#/etc/init.d/dcism-
netmon-watchdog stop

12
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description
communicate with the iDRAC because of the TLS
handshake failure.
233508 When IDPA models with a physical Protection
Storage system (DP5300, DP5800, DP8300, and
DP8800) are upgraded to 2.3, a firmware error may
be encountered.
230806 When performing the upgrade using the Mozilla
Firefox browser, the upgrade progress page might
not be displayed.
232753 When the upgrade for Protection Software fails, the
retry operation might fail too.
225860 The validation check for 2.3 upgrade fails with
the error message stating that the upgrade of
the current Reporting & Analytics version to the
corresponding 2.3 Reporting & Analytics version is
not supported.
229047 The Reporting & Analytics services do not start up
when Reporting & Analytics Services are manually
powered on.
233552 After you upgrade the IDPA appliance from 2.1 to
2.3, and then you deploy the Cloud DR component
from the ACM Dashboard, it is observed that the
backup policy
DataDomainCloudDisasterRecovery_Backu
p created on Protection Software does not have
Cloud DR as a client.
232845 During DP4400 deployment, the following warning
alarms are displayed on vSphere Web console >
Summary tab:
● Datastore usage on disk
● Registration/unregistraion of
third-party IO filter storage
providers fails on a host
224493 The following message is displayed when performing
the Sync operation because the Hypervisor Manager
Server component upgrade is not successful and
the Hypervisor Manager Server is turned off or
inaccessible:
Verifying vCenter version
Failed to get version.
vCenter still at old version
Workaround/resolution
2. Wait for 30 seconds, and reinstall
the TLS certificate:#/etc/init.d/dcism-
netmon-watchdog start install
3. Wait for a minute, and refresh the iDRAC user
interface.
The TLS error is resolved.
If the TLS error is not resolved, reset iDRAC and
repeat steps 1 to 4 after iDRAC is fully up. If
the TLS error is still not resolved, contact Dell
support.
Contact the Technical Support for assistance.
Clear the browser cache and refresh the browser, or
use a supported version of Google Chrome browser.
Connect to the Protection Software Administration
UI and ensure that all services are started before
attempting the retry operation.
Upgrade the Reporting & Analytics component
manually. Contact Reporting & Analytics Support for
the appropriate binary.
Start the Reporting & Analytics services manually.
For instructions to start the services manually, see
the Troubleshooting startup section in IDPA Product
Guide.
Connect to the Protection Software
Administration UI, edit the
DataDomainCloudDisasterRecovery_Backup
policy and add Cloud DR as a client.
Acknowledge the alarms. For more information, see
the IDPA KB articles 526173 and 526174.
Connect to the Hypervisor Manager using the
Hypervisor Platform Web Client, verify that the
Hypervisor Manager Server Service is turned on and
accessible, and then perform the Sync operation.
13
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description
209463 This issue occurs with DP5300, DP5800, DP8300,
and DP8800 models. When you are using the ACM
configuration wizard and you skip the Dell EMC
Secure Remote Services configuration for IDPA and
continue with the configuration.
The SRS Serial Number field on the General
Settings page is not editable after performing these
steps:
1. Enter the SRS serial number on the General
Settings page.
2. Click Next.
3. Click Previous to go back to the General
Settings page.
You are unable to edit the Serial Number field.
227371 The IDPA appliance uses the 192.168.x.x network
internally to communicate with the different
components. If any of these IP addresses are already
in use, then there is an IP address conflict.
230468 After upgrading the appliance, there is a warning
on Hypervisor Manager about a potential vulnerable
issue that is described in CVE-2018-3646.
CVE-2018-3646 is one of the L1 Terminal Fault
(L1TF) speculative execution vulnerabilities and is
determined to have medium vulnerability score.
IDPA is a restricted environment where unverified
Services are not deployed on the Hypervisor. Also,
due to severe performance penalties, it is not
recommended to enable the fix on IDPA appliance.
232018 The retry and rollback operations fail if one of the
Hypervisor servers is shutdown or unavailable when
an upgrade operation fails.
230366 After upgrading the appliance, the Protection
Software MC GUI displays multiple system errors:
Event ConnectEMC notification failed
187844 The time that is recorded in the ACM server logs
does not match operating system time.
192524 Alerts that indicate the disk space threshold has
been exceeded appear in Hypervisor Manager.
14
Workaround/resolution
Edit the /usr/
local/dataprotection/var/configmgr/
server_data/skuconfig/selskuconfig.xml
file on the ACM, and remove the SerialID
value from it. The Serial Number field
on the General Settings page is editable
after updating the selskuconfig.xml file.
Resolve the IP address conflict, and try again.
If users are unable to use the default internal IP
range (192.168.x.x) then contact Dell EMC Support
for assistance with changing the internal IP range on
the appliance.
IDPA uses the Hypervisor version which has the
following fixes for this vulnerability, however one
of them is not enabled by default as it has severe
performance impact:
● Mitigation of the Sequential-Context attack
vector - this fix is applied automatically as soon
as you upgrade.
● Mitigation of the Concurrent-Context attack
vector - this fix is not enabled by default
This fix can be enabled using simple steps on
Hypervisor, but has severe performance penalties
if enabled. It is recommended not to enable it.
However, customers can enable it at their own
risk. For more information, see VMware KB article
55806.
Ensure that all Hypervisor servers are powered on
and available before performing a retry or rollback
operation.
This is a standard Protection Software behavior.
During upgrade, the MC service is disconnected and
a notification is generated. When the upgrade is
complete and all the services are up and running, this
notification still exists until it is acknowledged.
To synchronize the times, restart the
dataprotection_webapp service.
1. Connect to the ACM by using an SSH client to
access its IP address.
2. To stop the service, type: service
dataprotection_webapp stop
3. To start the service again, type: service
dataprotection_webapp start
The alert does not impact functionality and can be
ignored.
Table 4. Known issues with workaround/resolutions (continued)
Issue number Problem description
194689, 194906 The ACM does not accept non-English characters in
any field, including passwords.
196441 The log files for DPC do not contain information
about upgrades to the other components of the
IDPA.
197954 If more than 4000 events are selected to export
from the Event details panel on the Health tab, the
export job fails. The Event details panel displays 10
events on each page, so if the page count at the
bottom of the tab is 401 or higher, there are more
than 4000 events.
199598 The Health tab of the ACM does not explain the
Today option in the time filter box.
203386 If too many attempts are made to log in to DPC with
the wrong password, DPC prevents the admin user
from logging in. This can happen when the wrong
password is stored in the ACM.
211137 Forgot password option on Cloud DR login page
does not work if cloud account and email id are not
configured in Cloud DR configuration.
214645 DPC Alert received that user authentication and
connection to Protection Storage system has failed,
but there is no follow-on message stating that
the Protection Storage was reconnected. This issue
makes it confusing for users to understand the
status of the Protection Storage.
215307 On AUI, adding two DNS Server IPs in new AVProxy
settings fails restriction of supporting only one IP.
201754 After upgrading the IDPA appliance, the Protection
Software MC GUI displays an alert that
EMCConnect is not running. This alert does not
impact IDPA functionality, but causes DP Central to
report that Protection Software is unhealthy.
Workaround/resolution
Use only English characters.
Log files for the upgrades to all other components are
archived in /data01/upgradeLogs.
Do not try to export more than 4000 events at once.
If more than 400 pages of events exist on the Event
details panel, use filters to reduce the number of
events that are displayed and export multiple reports
if necessary.
Selecting Today lists events that have occurred from
midnight to the present.
Log in to the DPC console as the root user and run
the following command:
# pam_tally2 --user=admin --reset
User has to configure cloud account and email id
manually in Cloud DR.
Use the Dismiss Alert button at the top of the Alerts
screen to remove those stale alerts from DPC.
NOTE: See Dismissing health alerts section of
DPC Admin Guide for more details.
AUI allows to enter only one DNS address for creating
the Proxy.
Acknowledge the alert from the Protection Software
MC GUI.

False positives
This section describes the false positive issues ACM and appliances in this release of IDPA.

Table 5. False Positives

Issue number Problem description
SLES-12-010400 There must be no .shosts files on the SUSE operating system.
SLES-12-010410 There must be no shosts.equiv files on the SUSE operating system.
SLES-12-010610 The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence as follows:
systemctl
Info

SLES-12-010611 The SUSE operating system must disable the x86 Ctrl-Alt-Delete key sequence for
Graphical User Interfaces.
SLES-12-010650 The SUSE operating system root account must be the only account that has unrestricted
access to the system.

15
Table 5. False Positives (continued)
Issue number Problem description
SLES-12-030040 SuSEfirewall2 must protect against or limit the effects of Denial-of-Service (DoS) attacks
on the SUSE operating system. This must be done by implementing rate-limiting measures
on impacted network interfaces. ACM in IDPA 2.6 has the necessary firewall and rules in
place.
SLES-12-030100 All networked SUSE operating systems must have and implement SSH. to protect the
confidentiality and integrity of transmitted and received information, as well as information
during preparation for transmission - active
SLES-12-030150 The SUSE operating system must not allow automatic logon using SSH.
SLES-12-030260 The SUSE operating system SSH daemon must encrypt forwarded remote X connections
for interactive users.
NESSUS-136808 ISC BIND Denial of Service.
False positive as ACM in IDPA 2.6 uses SLES 12 SP4. According to the Suse CVE
knowledge base (KB) for CVE-2020-8617, this issue has been fixed in bind version
9.11.2-3.17.1. ACM in IDPA 2.6 uses the same bind version and this issue does not affect
IDPA 2.6.

Limitations
The following limitations are identified in this release.
● In-product activation is not supported in the following cases:
○ ACM is being used as DNS
○ On IPv6 enabled network
The IDPA Protection Storage system with integrated Cloud tier, typically contains the following capacity usage metrics:
○ Active Tier Capacity
○ Cloud Tier Capacity
○ Total Capacity
The Capacity panel on the Avamar Administrator dashboard displays the Protection Storage Total Capacity statistics and
not the Active Tier Capacity statistics. For more information about capacity statistics, see KB article 542695.
You can view the Protection Storage Active Tier Capacity usage at the following locations:
○ The ACM home page.
○ In Protection Storage UI, under Data Domain UI > Data Management.
○ The Protection Storage CLI.
● Limitations when FIPS is enabled:
○ Search and Cloud DR do not support FIPS. These components are unavailable when FIPS is enabled. VM Proxy is
available for backup outside PowerProtect.
○ No email alerts.
○ Once FIPS is enabled, you cannot revert or disable FIPS. Contact Dell EMC Support for assistance.
● After Network Configuration is successful, you cannot switch between IPv6 to IPv4. Contact Dell EMC Support for
assistance.

Issue number Description

DDOS-93905 The Heap based buffer overflow vulnerability (CVE-2021-3156) in SUSE SLES12 is noted for Reporting &
Analytics and ACM OS.
DDOS-67878 SRS registration for Protection Software grid does not work in IDPA configured with IPv6.
DDOS-67789 SRS registration for Reporting & Analytics does not work in IDPA configured with IPv6.
DDOS-67788 SRS registration for Protection Storage or physical Protection Storage does not work in IDPA configured with
IPv6.

16
Issue number Description
232027 If a component is inaccessible during the upgrade process, then the upgrade process fails for that component.
Furthermore, as the component is inaccessible, the rollback and retry operations also fail. Contact Support to
resolve the component inaccessibility and try again.

Environment and system requirements

In order for the IDPA to function properly, ensure that your environment meets these minimal requirements.

Software compatibility
See the Integrated Data Protection Appliance Software Compatibility Guide for compatibility and interoperability information.

Requirements for the ACM

Complete the following:
● Ensure the required licenses for the appliance and components are available. For more information about licensing, see
https://community.emc.com/community/labs/tes.
● Install Google Chrome 75 and above or Mozilla Firefox 50 and above.
● Ensure that all physical nodes are reachable.
NOTE: This requirement is applicable to DP5300, DP5800, DP8300, and DP8800.
● Optionally, you can configure the Secure Remote Services VE Gateway (Centralized configuration) for Protection Storage,
Protection Software, ACM, and Reporting & Analytics.
NOTE: For more information about Secure Remote Services, see the Secure Remote Services Technical Description
document.

Documentation
This section provides information about additional documents that you can refer for more information about IDPA and individual
components, and training resources.

Document references for IDPA

The IDPA documentation set includes the following publications:
● Integrated Data Protection Appliance Installation and Upgrade Guide
Instructions for installing the IDPA DP4400 hardware and software.
● Integrated Data Protection Appliance Field and Professional Services Deployment Guide for DP5xxx and DP8xxx
Instructions for installing and setting up IDPA DP5xxx and DP8xxx.
● Integrated Data Protection Appliance Product Guide
Provides the overview and administration information about the IDPA system.
● Integrated Data Protection Appliance Release Notes
Product information about the current IDPA release.
● Integrated Data Protection Appliance Security Configuration Guide
Information about the security features that are used to control user and network access, monitor system access and use,
and support the transmission of storage data.
● Integrated Data Protection Appliance Software Compatibility Guide

17
 Information about software components and versions that are used in the IDPA product.
● Integrated Data Protection Appliance Service Procedures Guide
Procedures for replacing or upgrading hardware components of the IDPA.
● Integrated Data Protection Appliance Field Replacement Guide for DP5xxx and DP8xx
Instructions for adding, replacing, and servicing DP5xxx and DP8xxx hardware components

Document references for individual components

The documentation for these components can be obtained from Online Support at the following location:
https://www.dell.com/support.

Protection Storage node

The following document contains information that is related to Protection Storage:
● Data Domain Operating System Administration Guide
This publication explains how to manage Protection Storage systems with an emphasis on procedures using the Protection
Storage Data Protection Central.

Protection Software node

The following documents contain information that is related to Protection Software:
● Avamar Administration Guide
This publication describes how to configure, administer, monitor, and maintain an Protection Software server.
● Avamar and Data Domain System Integration Guide
This guide includes procedures for configuring the Protection Software server to perform cloud tier operations on the
Protection Storage system.
● Avamar for VMware User Guide
This publication describes various methods and strategies for protecting VMware Services.
● Avamar NDMP Accelerator for Oracle ZFS User Guide
This publication describes how to install, configure, administer, and use the Protection Software NDMP Accelerator
(accelerator) to back up and restore supported Oracle ZFS storage appliances.
● Avamar NDMP Accelerator for NetApp Filers User Guide
This publication describes how to install, configure, administer, and use the Protection Software NDMP Accelerator
(accelerator) to back up and restore supported NetApp filers.
● Avamar NDMP Accelerator for EMC NAS Systems User Guide
This publication describes how to install, configure, administer, and use the Protection Software NDMP Accelerator
(accelerator) to back up and restore supported EMC Isilon, Unity, VNX, VNXe, and Celerra systems.
● Avamar for VMware User Guide
This publication describes various methods and strategies for protecting VMware Services.

DPC node
The following documents contain information that is related to Data Protection Central for IDPA:
● Data Protection Central Release Notes
Contains the most up-to-date information about the current release.

18
● Data Protection Central Getting Started Guide
This document includes information about how to deploy , and then get started with IDPA Appliance Data Protection Central
administration.
● Data Protection Central Administration Guide
This document includes information about how to administer DPC.
● Data Protection Central Security Configuration Guide
This document includes information about security features and capabilities of DPC.

Reporting & Analytics node

The following documents contain information that is related to Reporting & Analytics:
● Data Protection Advisor Installation and Administration Guide
This publication describes how to install, maintain, and configure Reporting & Analytics.
● Data Protection Advisor Product Guide
This document provides information about how to use the Reporting & Analytics web console to run and create reports, view
alerts, and view the status of replication operations.

Search
The following document contains information that is related to Search:
● Search Installation and Administration Guide
This publication describes how to install, maintain, and configure Search.

Cloud DR
The following documents contain information that is related to DD Cloud DR and Cloud DR:
● Data Domain Cloud Disaster Recovery Release Notes
Contains supplemental information about DD Cloud DR and the most up-to-date information about the current release.
● Data Domain Cloud Disaster Recovery Installation and Administration Guide
This document describes how to install, deploy, and use the DD Cloud DR product.

IDPA training resources

Video walkthroughs, demonstrations, and explanations of product features are available online.
You can obtain additional IDPA training and information at https://education.dellemc.com.

Troubleshooting and getting help

The support page provides access to licensing information, product documentation, advisories, and downloads, as well as how-
to and troubleshooting information. This information may enable you to resolve a product issue before you contact Customer
Support.
NOTE: The article number is changed for some of the KB articles. However, when you search using the old KB article
number, the correct article is displayed under the "Possible Matches".

19
Where to find product documentation
● https://www.dell.com/support
● https://www.dell.com/community

Where to get support

The Support website https://www.dell.com/support provides access to product licensing, documentation, advisories,
downloads, and how-to and troubleshooting information. The information can enable you to resolve a product issue before
you contact Support.
To access a product-specific page:
1. Go to https://www.dell.com/support.
2. In the search box, type a product name, and then from the list that appears, select the product.

Knowledgebase
The Knowledgebase contains applicable solutions that you can search for either by solution number (for example, KB000xxxxxx)
or by keyword.
To search the Knowledgebase:
1. Go to https://www.dell.com/support.
2. On the Support tab, click Knowledge Base.
3. In the search box, type either the solution number or keywords. Optionally, you can limit the search to specific products by
typing a product name in the search box, and then selecting the product from the list that appears.

Live chat
To participate in a live interactive chat with a support agent:
1. Go to https://www.dell.com/support.
2. On the Support tab, click Contact Support.
3. On the Contact Information page, click the relevant support, and then proceed.

Service requests
To obtain in-depth help from Licensing, submit a service request. To submit a service request:
1. Go to https://www.dell.com/support.
2. On the Support tab, click Service Requests.
NOTE: To create a service request, you must have a valid support agreement. For details about either an account or
obtaining a valid support agreement, contact a sales representative. To find the details of a service request, in the
Service Request Number field, type the service request number, and then click the right arrow.

To review an open service request:

1. Go to https://www.dell.com/support.
2. On the Support tab, click Service Requests.
3. On the Service Requests page, under Manage Your Service Requests, click View All Dell Service Requests.

Online communities
For peer contacts, conversations, and content on product support and solutions, go to the Community Network https://
www.dell.com/community. Interactively engage with customers, partners, and certified professionals online.

20
How to provide feedback
Feedback helps to improve the accuracy, organization, and overall quality of publications. Go to https://
contentfeedback.dell.com/s to provide feedback.

21
Notes, cautions, and warnings

NOTE: A NOTE indicates important information that helps you make better use of your product.

CAUTION: A CAUTION indicates either potential damage to hardware or loss of data and tells you how to avoid the
problem.

WARNING: A WARNING indicates a potential for property damage, personal injury, or death.

© 2017 - 2021 Dell Inc. or its subsidiaries. All rights reserved. Dell, EMC, and other trademarks are trademarks of Dell Inc. or its subsidiaries.
Other trademarks may be trademarks of their respective owners.