Forum Discussion

Kai2209's avatar
Kai2209
Level 4
5 years ago
Solved

Certificate on master server expired

i have a problem with a NB master server 8.0 which was not used for more than one year. Now i cannot connect since the security certificate is expired. It is the master server itself.

I tried to renew on the server with "nbcertcmd -renewCertificate" but without success.

Then i tried to revoke the certificate and reissue with a generated token but to do so i have to login to WEB Mangement service with "bpnbat -login -logintype WEB". But this is also failing. (Login to Authentication Broker only is successful but does not help)

Any help is appreciated

thanks

Kai

  • Kai2209 try all down this , if possible please share every command's result/output.

      UNIX/Linux:

       1) /usr/openv/netbackup/bin/nbwmc -terminate
       2) /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
       3) /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
       4) On 8.0 and 8.1: /usr/openv/netbackup/bin/admincmd/nbcertconfig -t      
          On 8.1.1 and 8.1.2:  /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
       5) /usr/openv/wmc/bin/install/configureWmc
       6) /usr/openv/wmc/bin/install/configureCerts
       7) /usr/openv/wmc/bin/install/setupWmc
       8) /usr/openv/netbackup/bin/nbwmc -start
       9) /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
      10) /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
          If the operation fails, perform the steps at "Create a token" section then return to this step.
      11) Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file

      Windows:

       0) set WEBSVC_PASSWORD=<nbwebsvc password>
       1) C:\Windows\System32\sc.exe stop "NetBackup Web Management Console"
       2) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -u -i
       3) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -m
       4) On 8.0 and 8.1: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t      
          On 8.1.1 and 8.1.2: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
       5) <Install_Path>\NetBackup\wmc\bin\install\configureWmc
       6) <Install_Path>\NetBackup\wmc\bin\install\configureCerts
       7) <Install_Path>\NetBackup\wmc\bin\install\setupWmc
       8) C:\Windows\System32\sc.exe start "NetBackup Web Management Console"
       9) <Install_Path>\NetBackup\bin\nbcertcmd -getCACertificate
      10) <Install_Path>\NetBackup\bin\nbcertcmd -getCertificate -force
          If the operation fails, perform the steps at "Create a token" section then return to this step.
      11) Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file

     

    make sure that all commands complete succesfully

    which OS do you have on your master server?

     

  • Have you tried to manually restart nbwmc?
    Can you confirm that nbwebsvc account has a password that does not expire?

    • davidmoline's avatar
      davidmoline
      Level 6

      If you still have the machine state as it was before you started, you could simply change the system time to before the certificate expires. NetBackup should be stopped and restarted, the certificate should then auto renew (although you may want to use the "nbcertcmd -renewcertificate" command to speed this up.

    • Kai2209's avatar
      Kai2209
      Level 4

      Marinanne,

      yes i have stopped and restarted netbackup services and nbwmc is running. Or should i restart the single service separately?

      nbwebsvc has no passwd.

      davidmoline,

      it is not a vm so i cant revert. But no jobs are running (except a daily cleanup jobs) on the system until now. Do you think i can change the time without having a corrupt database at the end?

      thanks again

      • Hamza_H's avatar
        Hamza_H
        Moderator

        Hello,

        did you try this?: https://www.veritas.com/support/en_US/article.100043900

        UNIX/Linux Steps:

        1. /usr/openv/netbackup/bin/admincmd/nbcertconfig -t
          Note: The -t and -f options will be needed for NetBackup versions 8.1.1 and higher.
          /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
        2. /usr/openv/wmc/bin/install/configureCerts
        3. /usr/openv/wmc/bin/install/setupWmc
        4. /usr/openv/netbackup/bin/nbwmc stop
        5. /usr/openv/netbackup/bin/nbwmc start
        6. /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
        7. usr/openv/netbackup/bin/nbcertcmd -getCertificate -force

        Windows Steps:

        1. On the Master, run services.msc and locate NetBackup Web Management Console service (nbwmc)
        2. Identify the account used to start the nbwmc service
        3. Locate /  Acquire the password for this account
        4. Open an Administrator CMD prompt on the Master
        5. Create the following Environment Variable for the CMD window by running: set WEBSVC_PASSWORD=<passwordHere>
        6. Run: install_path\NetBackup\bin\admincmd\nbcertconfig -t
          Note: The -t and -f options will be needed for NetBackup versions 8.1.1 and higher.
          install_path\NetBackup\bin\admincmd\nbcertconfig -t -f
          • If this fails, it is likely to be due to an incorrect password.
            To verify the password is correct, use the following command to spawn a new CMD prompt window running as the account in question: runas /user:<user> cmd.exe
            Example local account: runas /user:nbwebsvc cmd.exe
            Example domain account: runas /user:COMPANY\nbwebsvc cmd.exe
          • If the new CMD window opens successfully, it means the credentials were correct and the new window can simply be closed.
          • If the new CMD window fails to open, examine the on-screen language to identify why.
        7. CD into install_path\NetBackup\wmc\bin\install
        8. Run: configureCerts.bat
        9. Run: setupWmc
        10. Restart the nbwmc service
        11. Run: nbcertcmd -getCACertificate
        12. Run: nbcertcmd -getCertificate -force