Forum Discussion

emyatsuna's avatar
emyatsuna
Level 3
5 years ago

Attempt to deploy host certificate failed with status code [5989]

Hi All,

I have a client without netbackup installed. I need to install netbackup client inside it.
However, the client has a certificate entry already in the netbackup master.
I did the usual generate token from master then add the token in the silent.cmd. I've set the following parameters:

SET AUTHORIZATION_TOKEN=TOKEN
SET CA_CERTIFICATE_FINGERPRINT=FINGERPRINT_FROM_MASTER_CERTIFICATE

Run the script but I'm getting errors.
Would like to know what could have happened in below.

EXIT STATUS 5989: Reissue token is mandatory as a certificate is already issued to this host. Revoke the existing certificate if it is active and map this host name to the associated host ID.
--------------------------------------------------------------------------<
+ : Attempt to deploy host certificate failed with status code [5989].
NetBackup security requirements are documented at https://www.veritas.com/support/en_US/article.000127129.
CustomAction Immediate_DeploySecurityCertificates returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
+ : Action ended: Immediate_DeploySecurityCertificates. Return value 3.

NetBackup Client Version 8.2.

Appreciate any help for this.

Thank you.

    • emyatsuna's avatar
      emyatsuna
      Level 3

      Hi Marianne thanks for your reply. Have tried the solution but it seems that we need to install via GUI first then skip the token part then run the nbcertcmd after. Is there a way to add token in the silentclient.cmd, re-run cmd file then install netbackup silently?

      • Tape_Archived's avatar
        Tape_Archived
        Moderator

        Try these steps for the client where you reinstalled the client. Even if you add token in silent command it may not work for Netbackup client id (name) which is already exists/configured in the Netbackup database.

        • Revoke certificate
        • Verify there is no Certificate on or delete if you see any using nbcertcmd -listallcertficiates
        • Reissue Token
        • Add FQDN or other hotsnames (short name or full name if applicable in your env) to the host id using java console
        • Then run the command with the new token to get the cert installed