Forum Discussion

Lotfi_BOUCHERIT's avatar
4 years ago

Installing Netbackup 8.0 to Centos 7 - unable to retrieve master certificate

Hello,

We have an old physical server that is running CentOS 7, and we need to install Netbackup agent to it to secure our data,

We have our master server in Windows Server 2012 R2, so we try to install Netbackup agent 8.0 to our client. the setup was successful.

The first thing that we tried to do, is retrieving master server CA Certificate with the command, nbcertcmd getCertificate, but we receive the following error:

[root@siege-gea-nas bin]# ./nbcertcmd -getCertificate -server siege-adm-003.domain.local
Request to get the certificate deployment level failed.
EXIT STATUS 8500: Connection with the web service was not established.

we tested network connectivity, and name resolutions and they work correctly. we even made sure that there's no firewall, weither in the master, media servers, or in the centos client.

Could you please, tell us what we can do to install the client successfully?

  • Hi Lotfi_BOUCHERIT 

    The first command to obtain the CA cedrtificate is "nbcertcmd -getCACertificate" (with optional server argument if required). Once you have the CA cefrtificate you can then run your command to get the host certificate. 

    This begs the question though, how did you install the client? Certificate dpeloyment is normally done for you as part of the install. And if you have just manually installed the RPMs (which is one way), have you setup the bp.conf file so it knows what all the servers are (and its client name etc.).

    One additional thing to check is that ports 1556 and 13724 (both bi-directional) are open between the master and this client. [update - ignore this I missed you had already checked firewalls]

    David

    • Lotfi_BOUCHERIT's avatar
      Lotfi_BOUCHERIT
      Level 5

      Hello davidmoline 

      Thank you for your answer.

      Here are the answers for your questions:

      - How the client was installed? i downloaded Clients package from Veritas, then installed redhat agent (similar to centos architecture).

      - For the command ./nbcertcmd -getCACertificate -server MASTER-SERVER, it does give the same error message.

      - For network ports, i assure you, no firewalls enabled weither in netbackup servers nor the linux host (tested with telnet ip port commands)

      Thank you in advance,

       

      • DPeaco's avatar
        DPeaco
        Moderator

        Lotfi_BOUCHERIT 

        I think....what davidmoline was asking about on the client install......is.....During the client install, it does the certificate work and if it can't, it asks if you want to continue with the install even thought the certificate exchange could not be done. 

        At least I "think" that's what David was asking on that question.

        You'll need to check to make sure that TLS/SSL for port 443 is allowed TCP bi-directional. This can also prevent the certificate exchange from happening. This has been our experiences with these issues over the past 2 years.

        I've also found that it does help, at times, to add the new client host to the master server in a dummy backup policy and then do the client install or manually run the commands for the CA Certificate between master and client: