cancel
Showing results for 
Search instead for 
Did you mean: 

7.7.2 Remote Admin GUI (windows) and 7.7.2 master (RHEL) certificate issues

tythecellist
Level 4
Partner

Friends, please forgive the posting on what I think is a familiar topic.  But I've searched through the forum and I've read through the admin guide I for 7.7.2 and I've tried all of the suggestions, including those found in the "Help" section, without success.  I've also opened a support case with my RPS at Veritas which is unresolved.

I have

  • a master server running 7.7.2 NetBackup on RHEL
  • a windows host onto which the 7.7.2 Remote Admin Console (java) has been installed

When I attempt to run the admin GUI, I get a pop-up warning as follows:

Capture.PNG

I'm led to believe that I want to be running /usr/openv/netbackup/bin/admincmd/bpnbaz -setupat    on the master, but I'm not 100% clear on a) if this is accurate since it's not a clustered master environment and b) whether I must then restart nbsl for the change to be seen.

I sure would appreciate some assistance.  This is driving me crazy.

3 REPLIES 3

nbutech
Level 6
Accredited Certified

Yes installing security certificate is mandatory

 

The certificates are issued by certificate authority on master server.

A clear procedure on how to issue and deploy certificates on hosts is documented in admin guide I for Netbackup 7.7.2

http://www.veritas.com/docs/000100623

 

Refer from page 47 to clear information 

nbutech
Level 6
Accredited Certified

To deploy a security certificate for media servers or clients
1 Run the following command on the master server, depending on your
environment. Specify the name of an individual host, specify -AllMediaServers,
or specify -AllClients.
Windows: install_path\NetBackup\bin\admincmd\bpnbaz -ProvisionCert
host_name|-AllMediaServers|-AllClients
UNIX: /usr/openv/netbackup/bin/admincmd/bpnbaz -ProvisionCert
host_name|-AllMediaServers|-AllClients
NetBackup appliance (as a NetBackupCLI user): bpnbaz -ProvisionCert
Media_server_name
2 Restart the NetBackup Service Layer service on the master server.
No services need to be restarted if the target host is a NetBackup client.
To create a host identity and then deploy a security certificate for a media
server or client
1 Run the following command on the master server to create an identity for the
target NetBackup host.
Windows: install_path\NetBackup\bin\bpnbat –addmachine
target_hostname
UNIX: /usr/openv/netbackup/bin/bpnbat –addmachine target_hostname
Enter a password of your choice when prompted and make a note of it.
2 Run the following command on the target NetBackup host to obtain a certificate
from the master server and deploy it:
Windows: install_path\NetBackup\bin\bpnbat –loginmachine
UNIX: /usr/openv/netbackup/bin/bpnbat –loginmachine
Enter the master server name as the authentication broker name when
prompted. Enter the same computer name and password that were used to
create the target host identity on the master server.

tythecellist
Level 4
Partner

nbutech, thank you for this information. 

I want to be sure I fully understand Veritas' documentation:   In running this command

/usr/openv/netbackup/bin/admincmd/bpnbaz -ProvisionCert host_name|-AllMediaServers|-AllClients 

... on the master server (as documented) am I right that "host_name" would be the name of the host whose access to the master server (i.e. a Windows box on which has been installed the Remote Admin Java GUI ?) I want to grant ?

In other words, if the Java admin GUI is installed on win64 host "adminhost.some.domain", would I want my bpnbaz command to read

/usr/openv/netbackup/bin/admincmd/bpnbaz -ProvisionCert adminhost.some.domain    ?