cancel
Showing results for 
Search instead for 
Did you mean: 

Auto Image Replication without first creating a trusted master server in NBU 8.1.1

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi

Is it mandatory to have configured trusted master servers before AIR will work? The reason for the question is that I get an error when trying to set up a trusted master server relationship between to master server appliances - both running 3.1.1 and simply can't establish the trust.

Veritas support are looking into it but said to continue with the AIR configuration whilst they look into the trust issue. They in fact setup the replication simply by adding the replication partner to the storage server and said it would be fine - but it doesn't work and all replication jobs fail with a 191 error and the log shows things like 'connection reset by peer'. Support are saying it's a network error but I think it might be because the trust hasn't been setup. I thought in 8.1 certificates needed to be exchanged before two netbackup servers are allowed to communicate - certainly with an 8.1 client I can't access the client from the master server until I've installed the certificate using the nbcertcmd -getCACertificate -server <master servername> command followed by the nbercertcmd -getcertificate -server <master servername>.

I would have thought that to replicate data to another master server the CA certificates must be installed and working (which is the task achieved by adding the trust relationship) before AIR will work?

Are Veritas support correct is saying that replication should be working without the trust relationship and the reason that AIR isn't working is network related?

I want to try to avoid wasting time with the AIR replication issue and focus on the trust relationship if the AIR issue is simply being seen as a direct result of the trust relationship issue.

thanks

1 ACCEPTED SOLUTION

Accepted Solutions

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

OK - so I think we're both correct here :0)

It's not mandatory to setup a trust relationship for AIR to work unless you want to do 'Targeted' AIR. If you just want to configure it as replicating to ALL trusted master servers then you don't need a trust. However, setting up the trust does deploy the certificates which IS needed for AIR of any kind. So if you don't set up a trust you need to manually deploy the certificates between the master servers - and if there's an issue with deploying the certificates then AIR won't work

So support were correct in saying you don't need trusts for AIR to work but weren't quite correct when saying that AIR will work despite certificate issues and if it's not working then it's a network problem.

I now just need to work out my the nbcertcmd commands aren't completing correctly to deploy the certs

 

View solution in original post

2 REPLIES 2

CadenL
Moderator
Moderator
Partner    VIP    Accredited Certified

OK - so I think we're both correct here :0)

It's not mandatory to setup a trust relationship for AIR to work unless you want to do 'Targeted' AIR. If you just want to configure it as replicating to ALL trusted master servers then you don't need a trust. However, setting up the trust does deploy the certificates which IS needed for AIR of any kind. So if you don't set up a trust you need to manually deploy the certificates between the master servers - and if there's an issue with deploying the certificates then AIR won't work

So support were correct in saying you don't need trusts for AIR to work but weren't quite correct when saying that AIR will work despite certificate issues and if it's not working then it's a network problem.

I now just need to work out my the nbcertcmd commands aren't completing correctly to deploy the certs

 

VarunChauhan
Level 2

We ran the Appcritical issue on both the Appliances and notcied there was an issue from target to source master where a MTU conflict was observed. Due to which only small replication jobs were getting successful while the bigger one were failing with SC 191. After resolving this issue from Network end replication were getting completed successfully.