Can't generate new certificate for client [xxxx] because there are too many of them already: [101]. Try revoking some first.

Last post 01-12-2017, 11:06 AM by Liam. 1 replies.
Sort Posts: Previous Next
  • Can't generate new certificate for client [xxxx] because there are too many of them already: [101]. Try revoking some first.
    Posted: 01-12-2017, 11:03 AM

    we have commvault 10 r2 with service pack 14

    I received alert in the event of my commserv a certification error for one of our client but that client is unconfigured, is the a way to delete all those cerfication via control panel other than one by one, and what can cause this to hapen

    thanks

  • Re: Can't generate new certificate for client [xxxx] because there are too many of them already: [101]. Try revoking some first.
    Posted: 01-12-2017, 11:06 AM
    • Aplynx is not online. Last active: 10-18-2019, 2:25 PM Liam
    • Top 10 Contributor
    • Joined on 05-04-2010
    • New Jersey
    • Master
    • Points 1,724
    Typically this event occurs when a machine has been cloned with CommVault software installed. The new machine continues to identify itself to CommVault as the source machine with what becomes an invalid certificate. Even though the client may be named differently the CommVault software would still identify itself as the source due to the install information in the registry. CommVault would need to be removed from the new machine to correct this issue. If you are unsure as to what is the new machine we should be able to track the request by turning up debug on the client.  You can use the Process Manager on the CommServe to up the debug level to 3 on the CVD Process.

    http://documentation.commvault.com/commvault/v10/article?p=features/services/advanced.htm#debug_level

    When the error occurs the following lines should show in the CVD.log with the Xs being the IP:

    ###### CvFwCtrlSvc::dispatch() - Got "sign" request from X.X.X.X

    ###### CvLinkSvc::worker() - 0xEDDD0001:{CvFwCtrlSvc.cpp[CvFwCtrlSvc::reqSignHnd(783)]/Int.1.0x1-Can't generate new certificate for client XXXX: it did not authenticate with the proper certificate}

    A simple way to test where the issue is coming from is to turn off the CommVault Services on one of the clients that is having the certificate issue. If the certification error shows up while the services are off, there is another server in the environment identifying as that machine. Then turning up the debug on the CommServe would show the IP of that machine.
The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2019 Commvault | All Rights Reserved. | Legal | Privacy Policy