SIRIS, ALTO, and NAS: Root certificate expiration

Follow

Topic

On May 3rd, 2020, the root certificate we use to encrypt communication between Datto backup devices and agents will expire. Datto has deployed updates to the Datto device IRIS software and the agent software on protected machines to update certificates automatically. A small number of devices and agents will not be able to receive these automatic updates and will require you to update them manually using the steps below.

Once certificates expire, any machines that have not updated to the latest IRIS and agent software will no longer be able to perform backups. This article outlines the steps you need to take to ensure your backups continue uninterrupted after that date. 

Environment

  • Datto SIRIS
  • Datto ALTO
  • Datto Windows Agent
  • Datto Linux Agent
  • ShadowSnap Agent

Description

To ensure your backups continue to complete successfully, take the following actions as soon as possible.

1. Verify the agent versions on your protected machines are up to date

Ensure that you have the latest version of the agent software on every protected machine in your fleet.  If you cannot update to the latest version, at a minimum, you will need to be on the latest minor update for the version you are currently using. To determine your current agent version number see How to find your current agent versions below.

Datto Windows Agents 

No action is needed if you are on any of the following versions of DWA:

  • DWA 2.0.12.0
  • DWA 2.1.33.0
  • DWA 2.2.8.0
  • DWA 2.4.3.0
  • DWA 2.5.0.0

If a protected machine is not on one of the above versions of DWA, you need to update to the latest 2.5 version of the Datto Windows Agent (click to download), or for legacy Windows XP, 2003 or Vista machines version 2.0.12 (click to download).

If you are on one of the above versions of the Datto Windows Agent and you are still receiving a notification either through the Datto Partner Portal or via the local Datto Device UI that your agent is using a soon to expire or expired certificate, verify your protected machine’s settings adhere to the following network requirements, if not adjust the protected system’s network and security settings accordingly:

  • The protected machine must have Internet access and be able to reach https://device.dattobackup.com/certApi.php for the initial installation and on-going operation of the Datto Windows Agent.
  • Inbound connectivity on the protected machine:
    • TCP port 25568 (for Datto Windows Agent service)

If you are still experiencing issues, see the article Advanced troubleshooting for root certificate expiration errors (partner login required)

Datto Linux Agents

You need to be running the newest Datto Linux Agent version that is compatible with your Linux distribution. For steps to configure your agent to update to the latest Datto Linux Agent version automatically, see SIRIS, ALTO, and NAS: Creating an auto-update script for the Datto Linux Agent.

If you are running a Linux distribution that is end-of-life and cannot be upgraded to the newest version of the Datto Linux Agent, or is not listed as supported by the Datto Linux Agent, contact Datto Technical Support for assistance.

For a full list of supported Linux distributions, see SIRIS, ALTO, and NAS: Datto Linux Agent supported Linux distributions.

If you are running the latest version of the Datto Linux Agent and you are receiving a notification either through the Datto Partner Portal or via the local Datto Device UI that your agent is using a soon to expire or expired certificate , verify your protected machine’s settings adhere to the following network requirements, if not adjust the protected system’s network and security settings accordingly:

If you are still experiencing issues, see the article Advanced troubleshooting for root certificate expiration errors (partner login required)

 ShadowSnap Agents

No software update should be required for ShadowSnap Agents. See our ShadowSnap Agent release notes for a list of current and past ShadowSnap version numbers. If you are still experiencing issues, see the article Advanced troubleshooting for root certificate expiration errors (partner login required)

How to find your current agent versions

If you're unsure which agent software versions your agents are running; you can generate a full report using Device Audit on the Partner Portal. When creating a Device Audit report, make sure to click Edit before running the report and ensure you've checked the following boxes under Volume Fields:

  • Group with device
  • Host
  • Agent Version

fig3.pngFigure 1: Device Audit options (click to enlarge)

You must complete the described steps before the May 3rd deadline. If you require assistance with this process, contact Datto Technical Support.

2. Check the IRIS (IBU) version on your Datto device

Verify that all your Datto devices have the newest IRIS release 3.97 installed. This update was pushed automatically from Datto, but you'll want to check to ensure it is installed on your Datto device. You can check which IRIS version you are currently running by going to the homepage of your device GUI, either locally or via the Datto Partner Portal. You'll see the IRIS version listed at the top of the page under Device Information. The first listing next to VERSION is your IRIS version.

fig1.pngFigure 2: IRIS version (click to enlarge)
You can also find the IRIS version listed in the Partner Portal. Navigate to Status → BCDR Status and click on the name of the Datto device. The IRIS version displays under Hardware & Software Status.
fig2.pngFigure 3: Partner Portal (click to enlarge)
If any of your Datto devices show a Device / Image version older than 3.97, you need to contact Datto Technical support for assistance in upgrading to the newest version.

Video tutorial

The below video walks you through the steps required to check your software version numbers and update your software if needed.

Root CA Update - datto


Was this article helpful?

9 out of 24 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage