Data Domain Webpage Will Not Allow Login
Data Domains are a beast that does not break, (or very rarely) and because of this, they can sometimes be forgotten about. Then one day we decide to check on it and discover that we can’t login. We know our username and password are correct, but we get an error stating, “Incorrect username or password”.
So we try multiple accounts, like the Sysadmin, SecurityAdmin, and DDBoost accounts, but none of these allows access. We login to our Avamar and see that it is still backing up servers without issues, so this tells us that the DDBoost account is working, as this is the account Avamar uses for backups, yet we can’t login with that account. Our only option to access the Data Domain is to use SSH to access the Command Line Interface or CLI.
We can access the CLI using a terminal emulator, such as Putty (which can be found here), or SecureCRT (which is a paid licensed and can be found here), or whichever is your particular favorite. We use the sysadmin account and password and we are allowed into the CLI. With the DDBoost still working for our backups, and the sysadmin still allowing us to access the CLI, we are given clues to the accounts status. They both are working, but not on the webpage to access the Data Domain GUI.
Let’s look at all the users account to see their status by issuing the “user show list” command.
user show list
We can see the output of our command below
All of our accounts are enabled and have not expired.
Now that we know, that it is not the accounts we use to access the webpage, lets check our security certificates. adminaccess certificate show
adminaccess certificate show
At the time I was creating this tutorial it was June 24th 2025. As we can see from the above output of our command, the https certificate has expired on June 19th 2025. We now know that this is the reason for the error we were getting.
Let’s enter the following command which will generate a new https (SSL) certificate. This will only affect the https self-signed-cert and will not affect the over security certificates.
adminaccess certificate generate self-signed-cert
A new certificate has been generated.
If we go back to the webpage and retry our sysadmin account we no longer receive the error, but we still can not get past the login webpage. This maybe because it is cached in our web browser. In my case I just closed the window I had open and reopened it back to the webpage. We should get a webpage asking if we trust this site or go back to safety. We will proceed anyway and the login page opens. When we enter the login credentials we now gain access to the Data Domain webpage.
For some context for those not familiar with website certificates. Certificates are used to create a trust between a web browser and a webpage. The web browser on your PC will not trust the website if its certificates have expired. A webpage on the internet gets its certificates from a certificate authority trusted by most web browsers. In the Data Domain’s case, it is not on the internet, but is instead located in our local domain. In order for there to be trust, it receives a self signed certificate, which means it is trusted locally in our domain. For this reason our error was that it had an “Incorrect username or password” as the expired certificate told the browser that there is zero trust (no trust) between it and the Data Domain. The error was generic in nature as this was the only explanation the Data Domain could give. “I don’t trust your login credentials because there is zero trust between the browser and the Data Domain caused by expired certificates”.
There is obviously more to SSL/TLS certificates, but that is a more high level view of what is happening.
I hope this was found to be helpful to you.
