cancel
Showing results for 
Search instead for 
Did you mean: 

Attempt to deploy host certificate failed with status code [5989]

emyatsuna
Level 3

Hi All,

I have a client without netbackup installed. I need to install netbackup client inside it.
However, the client has a certificate entry already in the netbackup master.
I did the usual generate token from master then add the token in the silent.cmd. I've set the following parameters:

SET AUTHORIZATION_TOKEN=TOKEN
SET CA_CERTIFICATE_FINGERPRINT=FINGERPRINT_FROM_MASTER_CERTIFICATE

Run the script but I'm getting errors.
Would like to know what could have happened in below.

EXIT STATUS 5989: Reissue token is mandatory as a certificate is already issued to this host. Revoke the existing certificate if it is active and map this host name to the associated host ID.
--------------------------------------------------------------------------<
+ : Attempt to deploy host certificate failed with status code [5989].
NetBackup security requirements are documented at https://www.veritas.com/support/en_US/article.000127129.
CustomAction Immediate_DeploySecurityCertificates returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
+ : Action ended: Immediate_DeploySecurityCertificates. Return value 3.

NetBackup Client Version 8.2.

Appreciate any help for this.

Thank you.

7 REPLIES 7

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi @Marianne thanks for your reply. Have tried the solution but it seems that we need to install via GUI first then skip the token part then run the nbcertcmd after. Is there a way to add token in the silentclient.cmd, re-run cmd file then install netbackup silently?

Tape_Archived
Moderator
Moderator
   VIP   

Try these steps for the client where you reinstalled the client. Even if you add token in silent command it may not work for Netbackup client id (name) which is already exists/configured in the Netbackup database.

  • Revoke certificate
  • Verify there is no Certificate on or delete if you see any using nbcertcmd -listallcertficiates
  • Reissue Token
  • Add FQDN or other hotsnames (short name or full name if applicable in your env) to the host id using java console
  • Then run the command with the new token to get the cert installed

@Tape_Archived thanks for your reply and the additional info. It's unfortunate to not being able to use the token in silentclient.cmd for re-install. Will try using your recommended steps.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@emyatsuna 

I'm not sure what exactly you have tried.

Have you followed the steps to create the reissue token on the master for this specific client, then copy the newly generated token and replace the previous token in the silentclient.cmd file?

Hi @Marianne 

Yes, I did the following:

 

1. Generate the token from the master.
2. Copy the token and set the AUTHORIZATION_TOKEN in the silentclient.cmd file. By default, the token value is SKIP.
3. Run the cmd script.
4. Error installation.

I did the following based on the link that you've provided:

1. Generate token from master
2. Run setup.exe file to install the NetBackup Client.
3. Skip the token part.
4. Successful installation.
5. Execute nbcertcmd plus the token.

This works but I was hoping to have it installed silently.

Thank you.

I'm wondering about your step - 'generated the token'.  Did you generate a re-issue token or a 'normal' token?  The re-issue token is what is required, and by my understanding should work in your use case.  

Charles
VCS, NBU & Appliances