Certificates and CLIENT_NAME on the master-server
Symptoms
Client is unable to get a certificate (CACertificate can be received) with unusual error:
nbu-client # /usr/openv/netbackup/bin/nbcertcmd -getCertificate nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local EXIT STATUS 5908: Unknown error occurred.In nbcertcmd log:
13:38:27.725 [4785.4785] <2> getHostIdCertStatus: Checking if hostID exist of host nbu-mas.domain.local 13:38:27.725 [4785.4785] <2> readJsonMapFile: Json mapping file [/usr/openv/var/vxss/certmapinfo.json] does not exist 13:38:27.725 [4785.4785] <2> readCertMapInfoInstallPath: Mapping file does not exists 13:38:27.725 [4785.4785] <2> getHostIdCertStatus: getHostID failed, error :5949. .............................................................. 13:38:30.364 [4785.4785] <2> curlSendRequest: actual http response : 500 expected http result: 200 13:38:30.364 [4785.4785] <2> parse_json_error_response: Error code returned by server is :5908 13:38:30.364 [4785.4785] <2> parse_json_error_response: Developer error message return by server :com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input at [Source: (String)""; line: 1, column: 0] 13:38:30.364 [4785.4785] <16> nbcert_curl_gethostcertificate: Failed to perform getcertificate, with error code : 5908 13:38:30.364 [4785.4785] <2> NBClientCURL:~NBClientCURL: Performing curl_easy_cleanup() 13:38:30.364 [4785.4785] <16> GetHostCertificate: nbcertcmd command failed to get certificate. retval = 5908
Diagnosis
Everything looks fine except the ability to get a certificate. Rest API looks fine:
[root@nbu-client nbcert]# curl -X GET https://nbu-mas.domain.local:1556/netbackup/security/certificates/crl --insecure -H 'Accept: application/pkix-crl' -H 'Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' > /tmp/crl % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 316 100 316 0 0 2088 0 --:--:-- --:--:-- --:--:-- 2078but master-server wasn't able to get certificate even for itself:
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbcertcmd -getcertificate -force nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local. EXIT STATUS 5986: Certificate request for host was rejected as the host could not be validated as a master server.
Solution
The root cause of the problem is that the master server's CLIENT_NAME record in bp.conf was mistakenly removed.
Return it back and restart nbwmc service to make it work:
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc terminate [root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc start Starting NetBackup Web Management Console could take a couple of minutes ... started.
Updated 5 years ago
Version 2.0