We have HP SE6.3.0 installed in windows environment. We are trying to discover EMC Symmetrics thru the EMC solution enabler. When we started the discovery test we got the below error. Our EMC Solution enabler version is 7.1,
FAILED as EmcProvider for:
SymInitialize() failed with error code 512 (The remote client/server handshake failed.
Please consult symapi and storsrvd log files)
Points will be awarded,,,
Note that SE 6.3.0 was EOS on 5/31/2012. SE 9.5.1 is the current release.
This error message and resolution is detailed in the SE User Guide, pg. 109-112. be sure to use the documentation published as web release to the HP SSO portal.
Latest documentation is posted to selfsolve (http://support.openview.hp.com/selfsolve/manuals)
EMC Symmetrix SSL Certificate Verification
EMC Solutions Enabler APIs began enforcing SSL (Secure Sockets Layer) certificate verification
starting with version 6.4. Previous versions of HP Storage Essentials used a pre-6.4 version of the
EMC Symmetrix client APIs that was not subject to SSL certificate verification by the Solutions
Enabler server (not even with newer versions of Solutions Enabler, for example, 7.0). HP Storage
Essentials has updated its EMC Symmetrix client APIs to version 7.1 to enable new features such
as thin provisioning and disk tiering. This version of the APIs is subject to SSL certificate
verification by the Solutions Enabler server. HP Storage Essentials and EMC administrators need
to be aware of the new security features and how to update the default configuration if necessary so
that secure communication between HP Storage Essentials and the EMC Solutions Enabler server
can be successfully established.
By default, EMC Solutions Enabler 7.0 (and newer) enforces SSL certificate verification during an
SSL handshake between the Solutions Enabler server and a Solutions Enabler client (HP Storage
Essentials). For HP Storage Essentials (the client) to successfully communicate with an EMC
Solutions Enabler server (the server), an SSL handshake must be successfully completed. See the
"Client/server Security" section of the EMC Solutions Enabler Installation Guide for information on
configuring SSL and resolving common issues.
EMC SSL Certificates
EMC SSL certificates are required on both the Solutions Enabler server and the HP Storage
Essentialsclient machines. The EMC Solutions Enabler server automatically creates its SSL
certificates during installation. HP Storage Essentials automatically creates the required client side
EMC SSL certificates during installation. On both the Solutions Enabler and HP Storage Essentials
machines, these EMC SSL certificates are located in the following directory:
This location is a requirement of the EMC APIs and is not configurable on the HP Storage
Essentialsmachine. For HP Storage Essentials installed on a 64-bit Windows OS, a directory link is
\Program Files (x86)\EMC\SYMAPI\config\cert to \Program
By default, the SSL certificates contain the fully qualified host name of the machine they were
created on. The EMC certificate verification process is sensitive to DNS name resolution. The
most common reason for SSL handshake errors between HP Storage Essentials and Solutions
Enabler is due to DNS lookup errors on the host name and corresponding IP address of the host
name stored in the certificate; for example:
The EMC SSL certificate of the HP Storage Essentials host contains
. The IP address is 192.168.0.20.
The EMC SSL certificate of the Solutions Enabler host contains
. The IP address is 192.168.0.130.
During the SSL handshake between the HP Storage Essentials client and the Solutions Enabler
server, the Solutions Enabler server receives the HP Storage Essentials SSL client certificate,
pulls out the host name, and then tries to verify the certificate by:
nslookup mgmtsvrHouston01.datacenterAbc.hp.com, which returns 192.168.0.20 as expected
nslookup 192.168.0.20, which returns internalHost.datacenterAbc.hp.com, which does
not match what was in the certificate (mgmtsvrHouston01.datacenterAbc.hp.com)
The handshake, therefore, fails because nslookup on 192.168.0.20 fails to return the host name
specified in the certificate.
The same type of verification occurs on the HP Storage Essentials host, where it attempts to verify
the certificate sent by the Solutions Enabler server. In the event of a SSL handshake error, an error
is logged in the HP Storage Essentials cimom log. The error message in the HP Storage Essentials
cimom log looks similar to the following:
SymInitialize() failed with error code 512 (The remote client/server handshake failed. Please consult symapi and storsrvd log files.
On the Solutions Enabler server, a log entry is made in the current storsrvd log that contains
additional details about the reason for the SSL handshake failure.
If HP Storage Essentials encounters an SSL handshake failure, an event is posted with text similar
to the following:
ERROR: EMC Provider SSL handshake error with EMC Solution Enabler
server at 192.168.0.130. HP Storage Essentials is not able to
communicate with the EMC Solutions Enabler server. The most common
reason for this error is DNS issues between the EMC Solutions Enabler
host and HP Storage Essentials host. Each host must be able to (A)
successfully get the IP of the other via nslookup, AND (B) be able to
get back the correct fully qualified host name via a reverse nslookup
on the IP returned from (A). Refer to the HP Storage Essentials User's
Guide for information on EMC security features, common issues, and
workarounds. More details about this SSL handshake error can be found
in the storsrvd log on the Solutions Enabler server at 192.168.0.130.
Other common configuration considerations can result in an SSL handshake error when using the
default certificates, such as the Solutions Enabler or HP Storage Essentials host being multihomed
or belonging to a cluster. To resolve or work around the SSL handshake issues due to DNS
errors or special configurations (multi-homed, clustered, and so forth), there are two basic
Resolution/Workaround 1: Update the SSL Certificate Using the manage_server_cert Script
The manage_server_cert script resides in the same directory as the certificates on the HP Storage
Essentialshost and in the \Program Files\EMC\SYMCLI\bin directory on the Solutions Enabler
host. To use the manage_server_cert script on the Solutions Enabler host, you must be in the
certificate directory and specify the fully qualified name of the script because the script and the
certificates are different directories; for example:
C:\Program Files\EMC\SYMAPI\config\cert> "C:\Program
In the previous example where the SSL handshake failed due to na nslookup error, the issue could
be resolved by updating the SSL certificate on the HP Storage Essentials host by issuing the
manage_server_cert.bat create mgmtsvrHouston01.datacenterAbc.hp.com
This puts two host entries in the certificate. When the Solutions Enabler server receives this
certificate from the HP Storage Essentials client, it does an nslookup on
mgmtsvrHouston01.datacenterAbc.hp.com, which returns 192.168.0.20. It then does an nslookup
on 192.168.0.20, which returns internalHost.datacenterAbc.hp.com. This matches on the second
entry in the certificate and allows the reverse lookup verification to succeed.
If your HP Storage Essentials host cannot successfully resolve the Solutions Enabler server IP or
host name using nslookup but can ping it, you must add the Solutions Enabler IP and hostname to
the /etc/hosts file. You might also be able to fix the name resolution by adding the Solutions Enabler
domain suffix to the /etc/resolv.conf file.
The Client/server Security section of the EMC Solutions Enabler Installation Guide provides details
on SSL certificates and how to use the manage_server_cert script to manage the certificates for
Resolution/Workaround 2: Disable Client Certificate Verification on the Solutions Enabler Server
1. Set the storsrvd:security_clt_secure_lvl = NOVERIFY property in the
2. Restart the storsrvd daemon by rebooting the Solutions Enabler server or executing the
stordaemon shutdown -immediate storsrvd
stordaemon start storsrvd
The Solutions Enabler host will accept the HP Storage Essentials SSL certificate without executing
the verification step that attempts to verify the host name in the certificate by nslookup and reverse