Forum Discussion

Dan_Giberson's avatar
Dan_Giberson
Level 5
14 years ago

PCI Remediation - challenges

We are in the process of "hardening" our PCI (Payment Card Industry) servers and unfortunately our NBU servers have fallen into scope. So far the registry changes and service changes haven't had much of an impact, however I have had the following error pop up. I don't think it is a major error, but I wanted to get some feed back.

16 2 0 0 srvlcnbs01.******.priv *NULL* nbproxy BPCDConnectionHolder: NB API: bpcr_connect_and_verify() failed with status:25. Special Error Code: 0

This is constantly repeating itself in the Event Viewer. Any thoughts?

7.1.x and Earlier
Backup and Recovery
Best Practice
Emerging Threats
Error messages
NetBackup
Security Risks

8 Replies

Sort By
  • Dan_Giberson's avatar
    Dan_Giberson
    Level 5
    14 years ago
    As far as I can see this is only showing up in the Event Viewer logs in the Master server. Backups appear to be working ( I will be doing a test restore to confirm), and I have turned on nbproxy logging too.
  • Marianne's avatar
    Marianne
    Level 6
    14 years ago
    Is the Event Viewer log the only error you are experiencing?
    Where are you seeing this error - NBU master? media server? client?
    Are backups still working?
    Create nbproxy log on the system where you are seeing this error. Hopefully we'll get a bit more info there...
  • Dan_Giberson's avatar
    Dan_Giberson
    Level 5
    14 years ago
    This could be painful...so far I haven't found anything, but I will keep looking. The bpcd logs haven't provided much for help either.

    The following services have been disabled:
    CIS Windows 2003 MS 4.1.21 Remote Access Connection Manager
    CIS Windows 2003 MS 4.1.23 Remote Desktop Help Session Manager
    CIS Windows 2003 MS 4.1.25 Remote Procedure Call (RPC) Locator
    CIS Windows 2003 MS 4.1.34 Telephony
    CIS Windows 2003 MS 4.1.39 Wireless Configuration
    CIS Windows 2003 MS 4.1.5 File Replication
    CIS Windows 2003 MS 4.1.8 Help and Support
    WestJet CIS Windows 2003 MS 4.1.38 Volume Shadow Service


    We have turned back on the RPC service, but the rest are set to disabled.
  • Marianne's avatar
    Marianne
    Level 6
    14 years ago
    Maybe as a start create bpcd log directory and see if any errors are logged there.

    Else you can carefully go through the list of changes made by the hardening process and see which one(s) could possibly block port communication.

    A couple of TechNotes that could be relevant:
    http://seer.entsupport.symantec.com/docs/327202.htm
    http://seer.entsupport.symantec.com/docs/257698.htm
    http://seer.entsupport.symantec.com/docs/275200.htm

  • Dan_Giberson's avatar
    Dan_Giberson
    Level 5
    14 years ago
    I saw that thread originally, however we are running OpsCenter instead of NOM. I even powered off that server for 30 minutes to test, but I was still getting the same errors. Thanks for the suggestion though.
  • Dan_Giberson's avatar
    Dan_Giberson
    Level 5
    14 years ago
    Sorry...it is W2K3 R2.

    Both services are listed in the services file and are listening when I run a netstat -a.

    As for hardening, I didn't list all the changes at first as I didin't want to make the post unreadable. If you want a list of the changes that we are making let me know.

    Thanks for the help.
  • Marianne's avatar
    Marianne
    Level 6
    14 years ago
    You need to find out what exactly 'hardening' does.
    It seems that TCP/IP ports have been closed or services entries removed. First of all, find 'services' file. You did not mention O/S version, but it should be in C:\Windows\System32\drivers\etc folder. Look for bpcd and vnetd:
    bpcd        13782/tcp
    vnetd        13724/tcp

    See if vnetd and bpcd are LISTENING in 'netstat -a' output.

    See if Windows Firewall has been enabled and verify that bpcd and vnetd are allowed.