Forum Discussion

ally_wilson's avatar
ally_wilson
Level 2
8 years ago

Generate token for reinstall of client remotely?

We use Chocolatey to install Netbackup client on our servers. We've recently moved to NB 8.1. from 7.7.3.

Whilst testing with the chocolatey client to install and uninstall the client, I've noticed that to then re-install the client I need to get a new token generated on the master server.


Does anyone know of a way to generate the token remotely (we have Windows and Appliance master servers)? I was hoping the talk of an API would allow me to do this, but I didn't get very far with that. 


Either that, or completely remove the client from the master, so that a reinstall would see it as 'new'?

8
reinstall
token
token reinstall
windows server 2012

6 Replies

  • Lowell_Palecek's avatar
    Lowell_Palecek
    Level 6
    8 years ago

    It may be too late for you, but a word to others. Don't uninstall and reinstall the clients if you don't have to. Upgrade them instead. From the master server's point of view, there had been a client named X. Now there seems to be a new host trying to register as client X. You need to assure the master that it's ok.

    This needs a reissue token rather than a regular installation token. The bad news is that the reissue token is specific to one client, which will make it more work to automate. A regular installation token can be used to install N clients. Here's the syntax from the NetBackup Command Reference Manual:

    nbcertcmd -createToken -name token_name [-reissue -host host_name | -hostId host_id] [-maxUses number] [-validFor numDnumHnumM] [-reason description_for_auditing] [-server master_server_name]

  • Nicolai's avatar
    Nicolai
    Moderator
    8 years ago

    A token cannot be generated remote - it must either be re-issues or generated on the master server.

    A token is a security measurement - the master servers ensure clients are what they claim to be.

    Then imaging if  token could be generated on the client - then every client could claim being whatever a evil admin would have them to be.

    Hope this explain

    Best Regards

    Nicolai

    • manan1's avatar
      manan1
      Level 2
      8 years ago

      Hi ally_wilson

      I am trying to install client on server 2016 through chocolatey package. But its failing.

      Can you share how you have created package for NB Client?

      Thanks

      Manan

      • ally_wilson's avatar
        ally_wilson
        Level 2
        8 years ago

        Sure, make sure your "silentclient.cmd" is working then zip it all up.

        chocolateyinstall.ps1 looks like this:

        $ErrorActionPreference = 'Stop';
$packageName= 'netbackupclient'
$toolsDir   = "$(Split-Path -parent $MyInvocation.MyCommand.Definition)"
$validExitCodes = @(0)
If ((Test-Path $env:Temp\netbackupclient-8.1.zip) -ne $true){
    Invoke-Webrequest -Uri "https://choco.domain.name.net:8443/netbackupclient/netbackupclient-8.1.zip" -OutFile "$env:TEMP\netbackupclient-8.1.zip"
    }

If ((Test-Path $env:Temp\netbackupclient) -ne $true){
    New-Item -ItemType Directory $env:TEMP\netbackupclient
    Expand-Archive $env:TEMP\netbackupclient-8.1.zip -DestinationPath $env:TEMP\netbackupclient\
    }

$whereIam = Get-Location

Set-Location $env:TEMP\netbackupclient\
$cmdBatch = "/c `"$env:TEMP\netbackupclient\silentclient.cmd`""
Start-ChocolateyProcessAsAdmin -Statements $cmdBatch -ExeToRun "cmd.exe" -validExitCodes $validExitCodes
set-location $whereIam
Remove-item -recurse $env:TEMP\netbackupclient -Force
Remove-item $env:TEMP\netbackupclient-8.1.zip -Force

         

        Not particularly elegant.

         

        Due to the inability to reinstall without generating a reissued token though means we've abandoned this until Veritas gets their **bleep** in order.