cancel
Showing results for 
Search instead for 
Did you mean: 

Admin Console asks again and again to add CA to truststore

day
Level 3

I recently upgraded to 7.6.0.4 and thus the Java Administration Console for Windows.

After I typed in the master server, my username and the password I am asked again and again if I would add the certificate authority to the truststore although I had chosen yes before.

Does anyone else have this problem?

20 REPLIES 20

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Seems this is coming from your OS, not NBU.

I am running Java Admin Console on my Windows 7 laptop and have never seen this message.

revarooo
Level 6
Employee

Nope, never seen it either.

day
Level 3

Here is the message.

crt.png

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

are you seeing the message something like below?

120px_sy.JPG

if yes, how is your master server name configured...?  first enty in master server bp.conf (if unix) or in Registory key first entry.

are you using the same name to loing to java console?

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

Okay.. just saw your updated reply...

you can probably try with the same name ( first entry) and see how it goes.. 

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Is NBAC configured in this environment?

This is the only logical explanation.

I have just logged on again to confirm NBU version - 7.6.0.4 and no NBAC configured.
No issues here...

Will_Restore
Level 6

I get the same screen too, after upgrading to 7.6.0.4.  It appears after logging in and before the main screen appears.  NBAC is not configured. 

 

Have to "Run as administrator" to get it to stop.

 

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
That is one difference on my side - UAC is the 1st thing I disable when I get a laptop. I have over the years seen UAC doing weird and wonderful things in NBU. Symantec recommends in the installation guide that it must be disabled.

day
Level 3

I have tried to login with the value of SERVER in bp.conf but still the same. Furthermore started the console as admin, no luck.

Although I see that the certificate file is copied to the program directory if I had chosen yes but the question appears for each subsequent start of the console.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

SERVER entry in which bp.conf? 
If you have Java installed on your Windows desktop, then there is no bp.conf.

bp.conf on Unix/Linux server does not need any SERVER entry for your desktop, unless you are using the Windows Admin Console and not Java.

You may want to uninstall Java Console (patch and base software) and reinstall and see if that makes a difference.
Or install on another laptop/desktop and see if the same issue is seen.

I have NBU 7.6 installed on my laptop with 7.6.0.4 and not seeing the same.
Only difference is that UAC is disabled on my laptop.

day
Level 3

The bp.conf which I looked was on the SLES master server.

When I am clicking Yes the certificate will be copied to %programfiles%\Veritas\Java\var\VxSS\at\systemprofile\certstore\trusted but the message pop ups every time.

I have already tried to uninstall/install. In 7.6.0.3 I saw the question only one time because the button Yes worked at that time.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Probably best to log a Support call at this point int time.

I am looking at my C:\Program Files\Veritas\Java\var\VxSS\at\systemprofile\certstore\trusted  folder - empty.

Seems Java on your desktop somehow thinks that NBAC is configured?

I see in my setconf.bat that there are entries such as:
SET USE_NBJAUTH_WITH_ENHAUTH=0

Maybe check yours?
Or else rename yours and replace with mine? (Double-check paths in the file).
I have attached mine as setconf.txt

day
Level 3

I have opened a case and we will see...

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Let us know how your Support case is going?

Dyneshia
Level 6
Employee

Hi Day, what happened with the case ?

day
Level 3

The case is still open and there are unfortunately no news.

Dyneshia
Level 6
Employee

Would you mind emailing me your case number : dyneshia_cadman@symantec.com

Is your Master server clustered?

day
Level 3

The problem was that the certificates were expired since February.

To see the expiry date:
# /usr/openv/netbackup/bin/bpnbat -WhoAmI -cf /usr/openv/var/vxss/credentials/[hostname]
# /usr/openv/netbackup/bin/bpnbat -WhoAmI -cf /usr/openv/var/vxss/credentials/[hostname.mydomain.com]

I renewed it and both certificates will expire after one year. The message doesn’t appear anymore.
# /usr/openv/netbackup/bin/admincmd/bpnbaz -configureauth -force

Why is the renewal process not automated? I'm using 7.6.0.4 and it will be fixed in 7.7GA, but until then you have to invoke the command every year.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

So, I was right about NBAC? (NBU Access control.)

I just had another look at all the questions and replies - you never confirmed that NBAC was configured...

Thanks for the update!!