FQName in output nbemmcmd -listhosts -verbose for master - how to change it?
Hello
Recently a master server which was installed using short name instead of FQDN was moved from one Aactive Directory domain to the other. Since hostname remained the same I did not had to engage VRTS for this work.
Let's assume master server name was nbumaster and it was in domain premigration.com and output from
nbemmcmd -listhosts -verbose
was looking like:
C:\>nbemmcmd -listhosts -verbose NBEMMCMD, Version: 8.1.2 The following hosts were found: nbumaster MachineName = "nbumaster" FQName = "nbumaster.premigration.com" MachineDescription = "" MachineNbuType = server (6) nbumaster ClusterName = "" MachineName = "nbumaster" FQName = "nbumaster.premigration.com" GlobalDriveSeed = "VEND:#.:PROD:#.:IDX" LocalDriveSeed = "" MachineDescription = "" MachineFlags = 0x17 MachineNbuType = master (3) MachineState = active for tape and disk jobs (14) NetBackupVersion = 8.1.2.0 (812000) OperatingSystem = windows (11) ScanAbility = 5 Command completed successfully.
Now after migration to postmigration.com I see NBU is working well - starting OK, no issues with certificates, but when I do run the same command I still see in FQName fields premigration.com. Do you have any idea how to change it so output from this command will be showing nbumaster.postmigration.com ?? Will it hurt in the future??
I recently went through this when we changed domains (master is registered with shortname). Let me see if I can find the documentation for what to do about fixing the certs, it does require re-deploying new certs to all your clients, just a heads up. I would recommend working with a backline engineer or talking to your BCAM / BCS team at Veritas if you have that support and they will work with you. I'll post the info anyways though.
Also for the nbemm, we ended up opening a ticket and having a backline engineer work with us on changing that but the changes he thought didn't do anything and he suggested we just wait til 8.2 because it's easier to 'manage' the nbemm configs he said. They wanted us to restore the Catalog WITHOUT the DRPKG file, so that it would re-create the EMM DB entries. There is an option to perform a DR of the master upon install, no not select this option.
Alright, the cert info. First, verify that /usr/openv/var/global/webrootcert.pem is there (we had one of our master servers have this file missing).
In order to resolve the issue, we had to perform the following:
Install Web Certs
Path: /usr/openv/netbackup/bin/admincmd/
./nbcertconfig -u -i -u: Installs web service user certificate
./nbcertconfig -m -m: Installs machine certificate
./nbcertconfig -t -t: Installs tomcat certificate
./nbcertconfig -t -f -t: Installs tomcat certificate (force)
Note: If "-user" option is not specified then it reads "web service user" name from bp.conf (WEBSVC_USER).
If not in found in bp.conf then defaults to "nbwebsvc".
Configure Web Services
Path: /usr/openv/wmc/bin/install/
./configureWmc Configure web services preparation; sslStore, jkskeys, ports, webrootcert.pem…
./configureCerts Configure web services; update the Java Keystore files from the certificate files…
./setupWmc Setup web services; permissions…Verified / CertMapInfo File - against Master Server Host ID: The shouldn't match, this just proves it
cat /usr/openv/var/vxss/certmapinfo.json
[
{
"hostID": "0c2b7b20-bfba-424a-aea6-c5eac5a322cc",
"serverName": "<MASTER>",
"issuerName": "<MASTER>",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@<MASTER FQDN>/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/5a4d6050.crl",
"securityLevel": 1,
"crlNextRefreshTime": 1561678429,
"crlLastRefreshTime": 1561664029,
"masterHostId": "fa9d1ddf-7fe7-4b41-a813-562f749e3236"Executed New Cert for Master to Update Host ID / Mapping
./nbcertcmd -getCertificate -force -token
Now, both hostID and Master Host ID – match…
"hostID": "fa9d1ddf-7fe7-4b41-a813-562f749e3236",
"masterHostId": "fa9d1ddf-7fe7-4b41-a813-562f749e3236"Then we were able to update certs for Media Servers, and have them connect to the master.