cancel
Showing results for 
Search instead for 
Did you mean: 

8.2 CRL check issue during upgrade

phillipsj
Level 2

Hello,

I recently upgraded our NetBackup master and media servers from 8.1.1 to 8.2, but unfortunately ran in to an issue with our cloud storage due to the new CRL check feature. We use the Amazon GovCloud S3 cloud storage server option with a Lifecycle policy that transitions to Glacier after a certain number of days. When I first attempted to run a backup after the upgrade I received a few errors that all ended in "An error occurred while downloading CRL from cloud provider." After further investigation it appears as though the CRL check was enabled on our current storage servers which prevents NetBackup from communicating with them at all.

To test, I created a new storage server with a new S3 bucket, making sure to deselect the Check CRL option upon creation. Doing this, I was able to successfully able to connect to S3. We tried several of the recommended commands to disable the CRL Check on our current storage servers but we were unable to get any of these to work. I am unable to change the setting in GUI because when I attempt to view the properties on the cloud storage server, I receive the error: "An exception occurred while fetching Storage Server Properties : invalid command parameter(20)  RDSM has encountered an issue with STS where the server was not found: getStorageServerConfig"

If I manually move the CRL certs to the machine I can get past the credential check when creating a new storage server, but it eventually errors out with:  "RDSM has encountered an issue with STS where the server was not found: getDiskVolumeInfoList" and I am still unable to make changes to existing storage servers.

After trying some of the commands listed in the nbcertcmd and nbsetconfig sections of the NetBackup guide, we were still unable to disable the CRL check on our existing buckets/storage servers and ended up having to revert back to 8.1.1 using snapshots.

Any tips or suggestions would be great.

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions

Amol_Nair
Level 6
Employee

I am assuming that the commands referred would be the ones mentioned in the below link
https://www.veritas.com/content/support/en_US/doc/58500769-135186602-0/v135192065-135186602


Coming back to your issue, could you please open up Host Properties on the master server and navigate to Cloud Storage.
Select your the cloud storage server provider from the list on the Top and you would be presented with the storage server name that is configured in the environment at the bottom.

Select the Storage server name and select "Change" 
***Note: The change button you are clicking should be for the storage server, not the service provider.

Here you would get an option to un-check the option for "Check Certificate Revocation"

View solution in original post

4 REPLIES 4

Krutons
Moderator
Moderator
   VIP   

What were the recommended commands that you tried but didn't work?

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@phillipsj 

Did you log a Support call with Veritas? 

Amol_Nair
Level 6
Employee

I am assuming that the commands referred would be the ones mentioned in the below link
https://www.veritas.com/content/support/en_US/doc/58500769-135186602-0/v135192065-135186602


Coming back to your issue, could you please open up Host Properties on the master server and navigate to Cloud Storage.
Select your the cloud storage server provider from the list on the Top and you would be presented with the storage server name that is configured in the environment at the bottom.

Select the Storage server name and select "Change" 
***Note: The change button you are clicking should be for the storage server, not the service provider.

Here you would get an option to un-check the option for "Check Certificate Revocation"

@Amol_Nair Thank you so much! This is the exact setting I was looking for and was hoping existed, but was unable to locate it. Once I unchecked "Check Certificate Revocation" and restarted NetBackup services on the media server, the storage server became usable again.