Forum Discussion

andrew_mcc1's avatar
andrew_mcc1
Level 6
6 years ago

How to renew NBU 812 Master Server security certificate?

Hi, Does anyone know how to renew a NBU 812. Master Server security certificate? 

Scenario is a lab master server that isn't always running; if left shutdown for more than ~10-14 days the Web Management Console fails to start and I get "Unable to login,status : 7656"  and Certificate Revocation List (CRL) older than 7 days errors when trying to log in to the Admin Console. Also "nbcertcmd -listCertDetails" shows its security certificate has expired.

The documentation and technotes I can find seem to cover renewing certificates on clients or media servers assuming the master is running.

Thanks, Andrew

8.1.2
windows server 2012
  • Amol_Nair's avatar
    Amol_Nair
    6 years ago
    Unfortunately starting NetBackup 8.1 if nbwmc isn’t starting or running properly you would end up with all kinds of problems with the GUI or certificate related commands..

    The key step to start troubleshooting around certificate related issues is to ensure that nbwmc is running correctly.

16 Replies

Sort By
Replies have been turned off for this discussion
    • RiaanBadenhorst's avatar
      RiaanBadenhorst
      Level 6
      6 years ago

      Or if you've already upgraded and now its messed up (i had that too) do this

      Regenerated Tomcat certificates following below article;
       
      set WEBSVC_PASSWORD=<Password of User>
      nbcertconfig -t -user <User Name>
       
      Then do this
       
      Rename credentials directory location: %install_dir%\NetBackup\var\vxss.

      Execute bpnbaz -configureauth -force and nbcertcmd -getcertificate -force
       
      If that doesn't do it, call support :)
      • andrew_mcc1's avatar
        andrew_mcc1
        Level 6
        6 years ago

        Riaan, Thanks for this; yes I had tried "nbcertcmd -renewCertificate" which failed:

          nbcertcmd: The -renewCertificate operation failed.
          EXIT STATUS 5930: The request could not be authorized

        I tried your other suggestion but that failed at the bpnbaz command:

          C:\Users\Administrator>bpnbaz -configureauth -force
          Gathering configuration information.
          Waiting for the security services to start operation.
          Generating identity for host 'xxx.yyy.com'
          Setting up security on target host: xxx.yyy.com
          Unable to configure target host.

        I'll try and get a support call raised but any other thoughts? As its a lab machine I can change dates back in the meantime which does work.

        Anyway many thanks, Andrew