In FIPS enabled environment, NetBackup backup/restore of Nutanix AHV VMs (Virtual Machines) using iSCSI fails
Problem
In FIPS enabled environment, NetBackup backup/restore of Nutanix AHV VMs using iSCSI fails since it ends up using the MD5 which is not FIPS compliant algorithm for CHAP (Challenge Handshake Authentication Protocol) based authentication and handshake fails with Nutanix Volume Group.
Error Message
iscsid: Ignoring CHAP algorithm request for MD5 due to crypto lib configuration
iscsid: Couldn't set CHAP algorithm list
This error can be seen in the system messages log files.
Cause
The error occurs if the FIPS mode is enabled on the NetBackup backup/recovery host. This is a known issue from Nutanix. Nutanix AHV cluster currently do not support FIPS mode in the iSCSI communication/authentication.
Due to this issue, backup/restores of Nutanix AHV VMs:
- Falls back to NFS for NetBackup Linux host
- Fails for NetBackup Windows host
Solution
To use the iSCSI for the data transfer, FIPS mode must be disabled on the NetBackup backup/recovery host until Nutanix enables the support for FIPS mode in the iSCSI.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.