cancel
Showing results for 
Search instead for 
Did you mean: 

Protection

Symptoms

Client is unable to get a certificate  (CACertificate can be received) with unusual error:

 

nbu-client # /usr/openv/netbackup/bin/nbcertcmd -getCertificate
nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local
EXIT STATUS 5908: Unknown error occurred.
In nbcertcmd log:

 

 

13:38:27.725 [4785.4785] <2> getHostIdCertStatus: Checking if hostID exist of host nbu-mas.domain.local
13:38:27.725 [4785.4785] <2> readJsonMapFile: Json mapping file [/usr/openv/var/vxss/certmapinfo.json] does not exist
13:38:27.725 [4785.4785] <2> readCertMapInfoInstallPath: Mapping file does not exists
13:38:27.725 [4785.4785] <2> getHostIdCertStatus: getHostID  failed, error :5949.
..............................................................
13:38:30.364 [4785.4785] <2> curlSendRequest: actual http response : 500 expected http result: 200
13:38:30.364 [4785.4785] <2> parse_json_error_response: Error code returned by server is :5908
13:38:30.364 [4785.4785] <2> parse_json_error_response: Developer error message return by server :com.fasterxml.jackson.databind.exc.MismatchedInputException: No content to map due to end-of-input at [Source: (String)""; line: 1, column: 0]
13:38:30.364 [4785.4785] <16> nbcert_curl_gethostcertificate: Failed to perform getcertificate, with error code : 5908
13:38:30.364 [4785.4785] <2> NBClientCURL:~NBClientCURL: Performing curl_easy_cleanup()
13:38:30.364 [4785.4785] <16> GetHostCertificate: nbcertcmd command failed to get certificate. retval = 5908

 

Diagnosis

Everything looks fine except the ability to get a certificate. Rest API looks fine:

 

[root@nbu-client nbcert]# curl -X GET https://nbu-mas.domain.local:1556/netbackup/security/certificates/crl --insecure    -H 'Accept: application/pkix-crl' -H 'Authorization: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx' > /tmp/crl
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   316  100   316    0     0   2088      0 --:--:-- --:--:-- --:--:--  2078
but master-server wasn't able to get certificate even for itself:

 

 

[root@nbu-mas tmp]#  /usr/openv/netbackup/bin/nbcertcmd  -getcertificate -force
nbcertcmd: The -getCertificate operation failed for server nbu-mas.domain.local.
EXIT STATUS 5986: Certificate request for host was rejected as the host could not be validated as a master server.

 

Solution

The root cause of the problem is that the master server's CLIENT_NAME record in bp.conf was mistakenly removed.

Return it back and restart nbwmc service to make it work:

 

[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc terminate
[root@nbu-mas tmp]# /usr/openv/netbackup/bin/nbwmc start
Starting NetBackup Web Management Console could take a couple of minutes ... started.

 

Contributors