Hi Guys, I have Netbackup 7.1.0.4 master server. I just installed KMS. The problem is after i created Key Group i got this error message: E:\Veritas\NetBackup\bin\admincmd>nbkmsutil.exe -createkg -kgname ENCR_offsite Failed to create a new Key Group EXIT error: cannot connect on socket EXIT status = 25 Please see the logs: 11:11:02.685 [4940.4944] <2> logparams: nbkmsutil.exe -createkg -kgname ENCR_offsite 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: <domain> 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: NBUSVR 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004 11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.384: AZ Service Host: nbusvr.domain.com 11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.385: AZ Service Port: 0 0 0x00000000 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ProcessRequest: Entering function... 11:11:02.701 [4940.4944] <2> nbkmsutil.::ValidateCmdStr: Cmd: -createkg 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ParseArgs: Entering function... 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::IsDuplicateOption: Option: 2 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::GetOptValueFromArgsList: Arg count: 2 11:11:02.701 [4940.4944] <2> nbkmsutil.::IsValidName: Name: ENCR_offsite 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ProcessRequest: Cmd bitmap: = 2 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::CreateKG: Entering function... 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::InitModifyFacetInstance: Entering function... 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Entering function... 11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to initialize the Orb 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: DOMAIN 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: NBUSVR 11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004 11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.384: AZ Service Host: nbusvr.domain.com 11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.385: AZ Service Port: 0 0 0x00000000 11:11:02.748 [4940.4944] <2> Orb::init: initializing ORB Default_CLIENT_Orb with: Unknown -ORBSvcConfDirective "-ORBDottedDecimalAddresses 0" -ORBSvcConfDirective "static VxSSIOP_Factory '-enable_keepalive -session_id_string_only NBUSSLSessionIDStr -qop NoProtection -eat_home_dir E:\Veritas\NETBAC~1\sec\at -eat_data_dir E:\Veritas\NETBAC~1\var\vxss\at'" -ORBSvcConfDirective "static EndpointSelectorFactory ''" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory VxSSIOP_Factory'" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory IIOP_Factory'" -ORBDefaultInitRef '' -ORBSvcConfDirective "static PBXIOP_Evaluator_Factory '-orb Default_CLIENT_Orb'" -ORBSvcConfDirective "static Resource_Factory '-ORBConnectionCacheMax 1024 '" -ORBSvcConf nul -ORBSvcConfDirective "static Server_Strategy_Factory '-ORBMaxRecvGIOPPayloadSize 268435456'"(../Orb.cpp:823) 11:11:02.748 [4940.4944] <2> Orb::init: caching EndpointSelectorFactory(../Orb.cpp:838) 11:11:02.748 [4940.4944] <2> Orb::setOrbRequestTimeout: timeout seconds: 14400(../Orb.cpp:1487) 11:11:02.748 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Orb initialization is succesful 11:11:02.748 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to connect to NBSL on: localhost 11:11:02.764 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying establish a session with NBSL 11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to get KMS manager 11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::InitModifyFacetInstance: Trying to get an instance of KMS modifyable facet 11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::CreateKG: Get defaults seeded Key Group Object 11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: Failed to create a new Key Group 11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: CORBA Exception caught as user exception, ID 'IDL:Symantec/NetBackup/SL/NBSLOpException:1.0' 11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: Error: [EC= 25] cannot connect on socket Any idea will appreaciate. Thanks.

Yes I think it has something to do with NBAC. We know nbkms is working. We can see ksstat return information as administrator. This matches the information provided in the link below exactly. Browse allowed - create not allowed. http://www.symantec.com/docs/HOWTO46974 You need to add Administrator to the "NBU_KMS admin" group. See Netbackup Security and encryption guide page 257.

Forum Discussion

phaul

Level 4

12 years ago

Solved

KMS Failed to create a new Key Group Exit Error: Cannot connect on socket

Hi Guys,

I have Netbackup 7.1.0.4 master server. I just installed KMS. The problem is after i created Key Group i got this error message:

E:\Veritas\NetBackup\bin\admincmd>nbkmsutil.exe -createkg -kgname ENCR_offsite

Failed to create a new Key Group

EXIT error: cannot connect on socket
EXIT status = 25

Please see the logs:

11:11:02.685 [4940.4944] <2> logparams: nbkmsutil.exe -createkg -kgname ENCR_offsite
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: <domain>
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: NBUSVR
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004
11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.384: AZ Service Host: nbusvr.domain.com
11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.385: AZ Service Port: 0 0 0x00000000
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ProcessRequest: Entering function...
11:11:02.701 [4940.4944] <2> nbkmsutil.::ValidateCmdStr: Cmd: -createkg
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ParseArgs: Entering function...
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::IsDuplicateOption: Option: 2
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::GetOptValueFromArgsList: Arg count: 2
11:11:02.701 [4940.4944] <2> nbkmsutil.::IsValidName: Name: ENCR_offsite
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ProcessRequest: Cmd bitmap: = 2
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::CreateKG: Entering function...
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::InitModifyFacetInstance: Entering function...
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Entering function...
11:11:02.701 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to initialize the Orb
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: DOMAIN
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.261: AT Domain Name: NBUSVR
11:11:02.701 [4940.4944] <2> nbconf_create_authentication_domain_rec: ../../libvlibs/nbconf_private.c.262: AT Domain Type: 4 4 0x00000004
11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.384: AZ Service Host: nbusvr.domain.com
11:11:02.701 [4940.4944] <2> nbconf_create_authorization_service_rec: ../../libvlibs/nbconf_private.c.385: AZ Service Port: 0 0 0x00000000
11:11:02.748 [4940.4944] <2> Orb::init: initializing ORB Default_CLIENT_Orb with: Unknown -ORBSvcConfDirective "-ORBDottedDecimalAddresses 0" -ORBSvcConfDirective "static VxSSIOP_Factory '-enable_keepalive -session_id_string_only NBUSSLSessionIDStr -qop NoProtection -eat_home_dir E:\Veritas\NETBAC~1\sec\at -eat_data_dir E:\Veritas\NETBAC~1\var\vxss\at'" -ORBSvcConfDirective "static EndpointSelectorFactory ''" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory VxSSIOP_Factory'" -ORBSvcConfDirective "static Resource_Factory '-ORBProtocolFactory IIOP_Factory'" -ORBDefaultInitRef '' -ORBSvcConfDirective "static PBXIOP_Evaluator_Factory '-orb Default_CLIENT_Orb'" -ORBSvcConfDirective "static Resource_Factory '-ORBConnectionCacheMax 1024 '" -ORBSvcConf nul -ORBSvcConfDirective "static Server_Strategy_Factory '-ORBMaxRecvGIOPPayloadSize 268435456'"(../Orb.cpp:823)
11:11:02.748 [4940.4944] <2> Orb::init: caching EndpointSelectorFactory(../Orb.cpp:838)
11:11:02.748 [4940.4944] <2> Orb::setOrbRequestTimeout: timeout seconds: 14400(../Orb.cpp:1487)
11:11:02.748 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Orb initialization is succesful
11:11:02.748 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to connect to NBSL on: localhost
11:11:02.764 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying establish a session with NBSL
11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::ConnectToKMS: Trying to get KMS manager
11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::InitModifyFacetInstance: Trying to get an instance of KMS modifyable facet
11:11:02.780 [4940.4944] <2> nbkmsutil.::NbKMSUtilCLI::CreateKG: Get defaults seeded Key Group Object
11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: Failed to create a new Key Group
11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: CORBA Exception caught as user exception, ID 'IDL:Symantec/NetBackup/SL/NBSLOpException:1.0'
11:11:02.796 [4940.4944] <16> nbkmsutil.::NbKMSUtilCLI::CreateKG: Error: [EC= 25] cannot connect on socket

Any idea will appreaciate.

Thanks.

Windows Server (2003-2008)

Nicolai
12 years ago
Yes I think it has something to do with NBAC.

We know nbkms is working. We can see ksstat return information as administrator. This matches the information provided in the link below exactly. Browse allowed - create not allowed.

http://www.symantec.com/docs/HOWTO46974

You need to add Administrator to the "NBU_KMS admin" group.

See Netbackup Security and encryption guide page 257.

7 Replies

Nicolai
Moderator
12 years ago
OK - KMS i running but not listing to you I think ;-)

As a test I killed NBKMS on a linux system and ran the same command as you:

# nbkmsutil -createkg -kgname ENCR_offsite

Failed to create a new Key Group

EXIT error: cannot connect on socket

EXIT status = 25

Same error as you see. I then started nbkms and re-ran the command:

# nbkms

[root@ural msdp-data]# nbkmsutil -createkg -kgname ENCR_offsite

New Key Group creation is successful

Can you run a command like ?:

# nbkmsutil -ksstats
Nicolai
Moderator
12 years ago
Yes I think it has something to do with NBAC.

We know nbkms is working. We can see ksstat return information as administrator. This matches the information provided in the link below exactly. Browse allowed - create not allowed.

http://www.symantec.com/docs/HOWTO46974

You need to add Administrator to the "NBU_KMS admin" group.

See Netbackup Security and encryption guide page 257.
Nicolai
Moderator
12 years ago
Did you remember to start the KMS service ?

See http://www.symantec.com/docs/TECH67972 for installation instructions of KMS
phaul
Level 4
12 years ago
Hi Mark,

I already started the KMS services. Pelase see bpps output

E:\Veritas\NetBackup\bin>bpps
* NBUSVR                                                 9/05/13 12:51:59.368
COMMAND           PID      LOAD             TIME   MEM                  START
bpcompatd        1328    0.000%            0.906   11M   9/05/13 10:57:22.515
dbsrv11          1472    0.000%            6.765   26M   9/05/13 10:57:28.781
nbatd            1596    0.000%            1.390   12M   9/05/13 10:57:29.390
nbevtmgr         1632    0.000%            0.953   25M   9/05/13 10:57:29.750
vnetd            1820    0.000%            0.296 6.0M   9/05/13 10:57:32.625
nbrmms           1848    0.000%            0.453   27M   9/05/13 10:57:32.703
nbrb             1916    0.000%            0.375   29M   9/05/13 10:57:33.609
nbsl             2044    0.000%            0.906   32M   9/05/13 10:57:34.406
nbsvcmon          312    0.000%            0.500   21M   9/05/13 10:57:35.250
nbstserv          340    0.000%            2.015   38M   9/05/13 10:57:35.500
nbazd            2116    0.000%            1.093   14M   9/05/13 10:57:37.187
nbars            2140    0.000%            0.437   27M   9/05/13 10:57:37.390
nbaudit          2176    0.000%            0.375   24M   9/05/13 10:57:38.078
nbemm            2264    0.000%            4.375   45M   9/05/13 10:57:38.484
bpinetd          2340    0.000%            0.062 8.2M   9/05/13 10:57:39.703
bpcd             2508    0.000%            0.343 6.8M   9/05/13 10:57:40.046
bpdbm            2568    0.000%            0.828   17M   9/05/13 10:57:40.265
bprd             2852    0.000%            0.984   18M   9/05/13 10:57:42.453
bpjobd           2868    0.000%            0.156   17M   9/05/13 10:57:42.781
vmd              2924    0.000%            0.312   18M   9/05/13 10:57:43.546
nbpem            1316    0.000%            0.406   27M   9/05/13 10:57:45.957
nbvault           272    0.000%            0.171   19M   9/05/13 10:57:46.957
ltid             3092    0.000%            0.343   21M   9/05/13 10:57:47.233
nbproxy          3128    0.000%            0.250   21M   9/05/13 10:57:47.405
tldd             3752    0.000%            0.125   17M   9/05/13 10:57:54.557
avrd             3764    0.000%            1.390   17M   9/05/13 10:57:54.592
tldcd            3960    0.000%            0.515   18M   9/05/13 10:57:57.005
nbproxy          2468    0.000%            0.109   18M   9/05/13 11:02:43.185
bpdbm            4236    0.000%            0.109   17M   9/05/13 12:45:51.990
nbkms            1424    0.000%            0.140   19M   9/05/13 12:50:41.101
bpps             3560    0.000%            0.015 4.8M   9/05/13 12:51:58.352

I already checked this technote which is the same guide in Netbackup Security Encryption Guide.

Thanks.
phaul
Level 4
12 years ago
Hi Nicolai,

I tried the trick you did but it still it didn't worked. :-(

E:\Veritas\NetBackup\bin\admincmd>nbkmsutil.exe -createkg -kgname ENCR_offsite

Failed to create a new Key Group

EXIT error: cannot connect on socket
EXIT status = 25

E:\Veritas\NetBackup\bin\admincmd>nbkmsutil.exe -ksstats

Total Key Groups : 0
Total Keys : 0
Outstanding Quiesce Calls: 0

nbkms.exe process is running. Is this something to do with NBAC? I also configured NBAC in my environment. But i'm using Administrator account.

Thank you.
phaul
Level 4
12 years ago
Hi Nicolai,

I just successfully created Key group. I just add the Administrator account to NBU_KMS_Admin on the Access Management like what you said.

E:\Veritas\NetBackup\bin\admincmd>nbkmsutil.exe -createkg -kgname ENCR_offsite

New Key Group creation is successful

Thanks for your help. :-)
Nicolai
Moderator
12 years ago
Glad I could help. You mentioning NBAC gave me the clue.

Best Regards

Nicolai

Forum Discussion

KMS Failed to create a new Key Group Exit Error: Cannot connect on socket

7 Replies

Related Content

Failed to create XBSA object - 3

Vmware credential validation failed. connect failed (-1)

Connection to Azure failing

BMR - failed to create bootable iso image Windows

Failed to initialize EMM connection.