cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup 8.1 Appliance Master Plus Media, AIR setup is failing

dipendra
Level 4

Hello All,

Netbackup Appliance 5240 on 3.0 and upgraded to 3.1, AIR setup is not working. We have tried deleting & recreating token, deleting certificates and recreating it. Any help will be much appreciated.

Only error while creating trust is Error 41: Network timed out while the network is all perfect, sas utility output is OK.

bptestbpcd fails with below error, what should I do to fix ?

bptestbpcd -verbose -host <second master server>
<16>bptestbpcd main: Function ConnectToBPCD(second master server) failed: 7641
<16>bptestbpcd main: Failed to find a common CA Root for secure handshake
<16>bptestbpcd main: Failed to find a common CA Root to complete secure handshake: Connector CAs(["28d03521-5981-41e7-89f1-35fac719c481"]), Acceptor CAs(["09bfd19b-b6f1-4f73-b2d8-3173d46d30d2"]).: 7641
[PROXY] Encountered error (CERT_PROTOCOL_SELECT_COMMON_CA_ROOT) while processing(CertProtocol).: 4
Failed to find a common CA Root for secure handshake

1 ACCEPTED SOLUTION

Accepted Solutions

To resolve this no common root CA cert issue, you need to run this command locally on source and target replication master servers. This is due to new security checks from 8.1

nbseccmd -setuptrustedmaster -update -masterserver localmaster -remotemasterserver remotemaster -domainname domain.grp -username <user with admin priviledges on the remote master>
Password:<enter password>

Expected output:
CA certificate stored successfully from server remotemaster.
Host certificate received successfully from server remotemaster.
Trusted master operation successful

View solution in original post

4 REPLIES 4

dipendra
Level 4

I have tried the below technote as well, still the problem remains as is:

https://www.veritas.com/support/en_US/article.100039733.html 

Douglas_A
Level 6
Partner Accredited Certified

on the source and target AIR masters what does this command return

 

nbcertcmd -getCACertificate -server (master server name)

 

 

To resolve this no common root CA cert issue, you need to run this command locally on source and target replication master servers. This is due to new security checks from 8.1

nbseccmd -setuptrustedmaster -update -masterserver localmaster -remotemasterserver remotemaster -domainname domain.grp -username <user with admin priviledges on the remote master>
Password:<enter password>

Expected output:
CA certificate stored successfully from server remotemaster.
Host certificate received successfully from server remotemaster.
Trusted master operation successful

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Hopefully @dipendra will tell us if any progress was made over the last couple of months.