Diagnose:
Cause for policy errors are recorded in /var/log/isi_migrate log.
For example, once we were pointing to the correct DNS/Smartconnect target name, the next error indicating why the policy failed was:
"Primary authentication fails"
Here is the link to the KB for resolving that policy failure cause:
KB 212644: SyncIQ job fails with error Primary authentication fails
Impact: SyncIQ policies will fail to replicate data without the password on the policy if a SyncIQ pre-shared secret (PSK) is configured on the target cluster
Issue: Clusters can be configured with a SyncIQ pre-shared secret key (PSK) to prevent unauthorized replication of data to the target cluster.
When a target cluster is configured with the PSK, any attempt to run a replication job without the PSK specified in the Sync Policy will fail.
Cause: Target clusters can be configured with a SyncIQ PSK to prevent unauthorized data replication to the cluster. The cause of failure will be identified in the isi_migrate.log with message similar to "Primary authentication fails"
The target PSK must be added to each Sync policy to successfully replicate data to that target cluster.
Resolution:
1) Read the Sync pre-shared secret key (PSK) from the target cluster (requires admin access to the target cluster):
Target# cat /ifs/.ifsvar/modules/tsm/passwd
2) Apply the PSK to the policy with
Syntax for 7.1.x and 7.2.x
isi sync policies modify <policy> --password <PSK>
or for interactive query:
isi sync policies modify <policy> --set-password {respond to interactive prompts}
For earlier OneFS versions (7.0.x)
isi sync policy modify <policy> --passwd=<PSK>
3) Validating the password is set on the policy can be confirmed by viewing the policy
Syntax for 7.1.x and 7.2.x
isi sync policies view <policy>
For earlier OneFS versions (7.0.x)
isi sync policy view <policy>
(If a password is set, output includes Password = Yes)
4) (Optional) To remove the Sync PSK password,
a) remove the PSK file on the target (rm /ifs/.ifsvar/modules/tsm/passwd) and
b) replace the PSK string in above commands with ENTR (enter a null) on all policies replicating data to that target.