SIRIS, ALTO, and NAS: Disaster recovery: Updating expired root certificates for restored backup points created prior to May 3rd, 2020

Follow

Topic

On May 3rd, 2020, the root certificates that Datto uses to encrypt communication between Datto backup devices and agents is due to expire.  In late March, Datto released new agent software to automatically update these certificates. This means that backup points that you created prior to these updates could restore to a state where certificates are expired and may require additional steps after restoration to ensure backups can resume. 

Environment

  • Datto SIRIS
  • Datto ALTO
  • Datto Windows Agent
  • Datto Linux Agent
  • ShadowSnap Agent
  • Datto Bare Metal Restore
  • Datto Image Export
  • Datto Rapid Rollback

Description

If, after restoring a system via bare metal restore, image export or rapid rollback, your Datto device displays a banner stating that certificates have expired on your restored agents. You will need to take one or more of the actions listed below.

1. Check the Agent version on your restored machine

Ensure that you have the latest version of the agent software on the machine If you cannot update to the latest version, at a minimum, you will need to be on the latest minor update for the version you are currently using. To determine your current agent version number see How to find your current agent versions below.

Datto Windows Agents 

No action should be needed if you are on any of the following versions of DWA:

  • DWA 2.0.12.0
  • DWA 2.1.33.0
  • DWA 2.2.8.0
  • DWA 2.4.3.0
  • DWA 2.5.0.0 or newer

If a restored machine is not on one of the above versions of DWA, you need to update to the latest version of the Datto Windows Agent (click to download), or for legacy Windows XP, 2003 or Vista machines version 2.0.12 (click to download). 

Datto Linux Agents

You need to be running the newest Datto Linux Agent version that is compatible with your Linux distribution. For steps to configure your agent to update to the latest Datto Linux Agent version automatically, see SIRIS, ALTO, and NAS: Creating an auto-update script for the Datto Linux Agent.

If you are running a Linux distribution that is end-of-life and cannot be upgraded to the newest version of the Datto Linux Agent, or is not listed as supported by the Datto Linux Agent, Contact Datto Technical Support for assistance.

For a full list of supported Linux distributions, see SIRIS, ALTO, and NAS: Datto Linux Agent supported Linux distributions.

ShadowSnap Agents

No update should be required, but we recommend the latest version.

2. Check the IRIS (IBU) version on your Datto device

Verify that all your Datto devices have the newest IRIS release 3.97 installed. This update was pushed automatically from Datto, but you'll want to check to ensure it is installed on your Datto device. You can check which IRIS version you are currently running by going to the homepage of your device GUI, either locally or via the Datto Partner Portal. You'll see the IRIS version listed at the top of the page under Device Information. The first listing next to VERSION is your IRIS version.

fig1.pngFigure 1: IRIS version (click to enlarge)
You can also find the IRIS version listed in the Partner Portal. Navigate to Status → BCDR Status and click on the name of the Datto device. The IRIS version displays under Hardware & Software Status.
fig2.pngFigure 2: Partner Portal (click to enlarge)
If any of your Datto devices show a Device / Image version older than 3.97, you need to contact Datto Technical support for assistance in upgrading to the newest version.

How to find your current agent versions

If you're unsure which agent software versions your agents are running; you can generate a full report using Device Audit on the Partner Portal. When creating a Device Audit report, make sure to click Edit before running the report and ensure you've checked the following boxes under Volume Fields:

  • Group with device
  • Host
  • Agent Version

fig3.pngFigure 3: Device Audit options (click to enlarge)

Video tutorial

The below video walks you through the steps required to check your software version numbers and update your software if needed.

Root CA Update - datto

 If you require any assistance with this process, contact Datto Technical Support.


Was this article helpful?

0 out of 0 found this helpful

You must sign in before voting on this article.

Want to talk about it? Have a feature request?

Head on over to our Datto Community Forum or the Datto Community Online.

For more Business Management resources, see the Datto RMM Online Help and the Autotask PSA Online Help .

Still have questions? Get live help.

Datto Homepage