Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Data Domain: DD Boost user shows locked status

Summary: This article describes an issue when ddboost user shows locked status on the UI. Leading to backup failure and backup application complaining that there is no communication with storage server Data Domain. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

How to Verify

The only way to detect that the password has expired or within 7 days of expiry is to SSH to the DD system using the ddboost user from backup application.

As such it is hard to verify that the password age is close to being expired or expired.

Example 
ssh ddboost@"testdd.emc.com"
Data Domain OS
You are required to change your password immediately (password aged)
Last login: Thu Apr 21 13:41:18 PDT 2016 from testavamar.emc.com on ssh
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for ddboost.
(current) UNIX password:

Issues Seen

  • The ddboost user has a status of "locked" on web UI System Manager.
  • Backup Applications such as Avamar, Networker, and NetBackup will encounter backup failures to DD
  • Backup Application complains as having no communication with storage server Data Domain
  • You can see this status in the "DD Boost" or "Access -> Local Users" tab on the left hand menu
DD Boost status in Data Domain System Manager
Locked status and maximum days between change
 

Cause

Root Cause

The root cause of ddboost user becoming locked is because the Password has expired.

Reason

  • Run the command
# user password aging show
  • You will most likely see the "Maximum Days Between Change" is set to 90 
  • Also on the web UI, you can see this under "Access -> Local Users (shown in red in figure above)
 
Web GUI password info
  • This is because after DDOS upgrades to 5.6 or above, the Maximum Days Between Change is set to default of 90 days
  • Even if you change the password aging to higher than 90 days, on subsequent upgrades (i.e from 6.0 to 6.1), it is set back to default of 90 days again
 

Resolution

Temporary


When a ddboost user gets locked:
 
1. Log in to the Data Domain system as sysadmin user (or any other user with admin roles)
2. Enable the ddboost user 
# user enable <ddboost-user>
3. Verify that the ddboost user is now enabled. 
# user show list

After you perform above action, you should have access again and no further issues for another 90 days.
 

Resolution

1. Set a reminder on your side to change your ddboost password within every 90 days if you want to keep the 90-day default value.
(Remember, the only way you get a warning to change from DD is if you SSH to the system using ddboost user within 7 days of password expiry)

This may not be practical so a better solution is to;

2Modify the max-days-between-change value of 90 to a higher value on your DD system; 
# user password aging set <affected ddboost user name> max-days-between-change 99999
Example # user password aging set ddboost_user_1 max-days-between-change 99999
  
# user password aging show 

The value provided above means that you do not need to change the ddboost password ever (273 years to be exact!).
However you can modify to any length of time you prefer.

Important Note: Remember to check and set this again after future DDOS upgrades.

Additional Information


If you still cannot access or backup to DD using ddboost user after the actions above you may have hit a timeout due to multiple attempts by backup application to access the DD, and therefore the ddboost account would remain locked for a period of time (dependent on how many failed login attempts).   It may be necessary to stop the backup application services that communicate with the DD to ensure that the timeout is not reset continuously.

Engage Dell support and open a ticket with Data Domain Support if you are still having issues after performing the actions outlined in this article.

Additional Information

This content is translated in other languages: 
https://downloads.dell.com/TranslatedPDF/ES_KB520213.pdf
https://downloads.dell.com/TranslatedPDF/DE_KB520213.pdf
https://downloads.dell.com/TranslatedPDF/FR_KB520213.pdf
https://downloads.dell.com/TranslatedPDF/IT_KB520213.pdf
https://downloads.dell.com/TranslatedPDF/JA_KB520213.pdf
https://downloads.dell.com/TranslatedPDF/KO_KB520213.pdf

Affected Products

Data Domain

Products

Data Domain, Data Domain Boost
Article Properties
Article Number: 000057030
Article Type: Solution
Last Modified: 19 Jan 2024
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.