cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Certificate on master server expired

Go to solution
Kai2209
Level 4

‎10-30-2020 06:32 AM - edited ‎10-30-2020 10:54 AM

i have a problem with a NB master server 8.0 which was not used for more than one year. Now i cannot connect since the security certificate is expired. It is the master server itself.

I tried to renew on the server with "nbcertcmd -renewCertificate" but without success.

Then i tried to revoke the certificate and reissue with a generated token but to do so i have to login to WEB Mangement service with "bpnbat -login -logintype WEB". But this is also failing. (Login to Authentication Broker only is successful but does not help)

Any help is appreciated

thanks

Kai

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Hamza_H
Moderator
Moderator
   VIP   
In response to Kai2209

‎11-03-2020 03:15 AM - edited ‎11-03-2020 03:16 AM

@Kai2209 try all down this , if possible please share every command's result/output.

  UNIX/Linux:

   1) /usr/openv/netbackup/bin/nbwmc -terminate
   2) /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
   3) /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
   4) On 8.0 and 8.1: /usr/openv/netbackup/bin/admincmd/nbcertconfig -t      
      On 8.1.1 and 8.1.2:  /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
   5) /usr/openv/wmc/bin/install/configureWmc
   6) /usr/openv/wmc/bin/install/configureCerts
   7) /usr/openv/wmc/bin/install/setupWmc
   8) /usr/openv/netbackup/bin/nbwmc -start
   9) /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
  10) /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
      If the operation fails, perform the steps at "Create a token" section then return to this step.
  11) Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file

  Windows:

   0) set WEBSVC_PASSWORD=<nbwebsvc password>
   1) C:\Windows\System32\sc.exe stop "NetBackup Web Management Console"
   2) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -u -i
   3) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -m
   4) On 8.0 and 8.1: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t      
      On 8.1.1 and 8.1.2: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
   5) <Install_Path>\NetBackup\wmc\bin\install\configureWmc
   6) <Install_Path>\NetBackup\wmc\bin\install\configureCerts
   7) <Install_Path>\NetBackup\wmc\bin\install\setupWmc
   8) C:\Windows\System32\sc.exe start "NetBackup Web Management Console"
   9) <Install_Path>\NetBackup\bin\nbcertcmd -getCACertificate
  10) <Install_Path>\NetBackup\bin\nbcertcmd -getCertificate -force
      If the operation fails, perform the steps at "Create a token" section then return to this step.
  11) Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file

 

make sure that all commands complete succesfully

which OS do you have on your master server?

 

View solution in original post

9 REPLIES 9

Go to solution
Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

‎11-01-2020 10:22 PM

Have you tried to manually restart nbwmc?
Can you confirm that nbwebsvc account has a password that does not expire?


Handy NetBackup Links
0 Kudos

Go to solution
davidmoline
Level 6
Employee
In response to Marianne

‎11-01-2020 10:35 PM

If you still have the machine state as it was before you started, you could simply change the system time to before the certificate expires. NetBackup should be stopped and restarted, the certificate should then auto renew (although you may want to use the "nbcertcmd -renewcertificate" command to speed this up.

0 Kudos

Go to solution
Kai2209
Level 4
In response to Marianne

‎11-03-2020 01:42 AM - edited ‎11-03-2020 01:58 AM

Marinanne,

yes i have stopped and restarted netbackup services and nbwmc is running. Or should i restart the single service separately?

nbwebsvc has no passwd.

davidmoline,

it is not a vm so i cant revert. But no jobs are running (except a daily cleanup jobs) on the system until now. Do you think i can change the time without having a corrupt database at the end?

thanks again

0 Kudos

Go to solution
Hamza_H
Moderator
Moderator
   VIP   
In response to Kai2209

‎11-03-2020 02:25 AM

Hello,

did you try this?: https://www.veritas.com/support/en_US/article.100043900

UNIX/Linux Steps:

  1. /usr/openv/netbackup/bin/admincmd/nbcertconfig -t
    Note: The -t and -f options will be needed for NetBackup versions 8.1.1 and higher.
    /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
  2. /usr/openv/wmc/bin/install/configureCerts
  3. /usr/openv/wmc/bin/install/setupWmc
  4. /usr/openv/netbackup/bin/nbwmc stop
  5. /usr/openv/netbackup/bin/nbwmc start
  6. /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
  7. usr/openv/netbackup/bin/nbcertcmd -getCertificate -force

Windows Steps:

  1. On the Master, run services.msc and locate NetBackup Web Management Console service (nbwmc)
  2. Identify the account used to start the nbwmc service
  3. Locate /  Acquire the password for this account
  4. Open an Administrator CMD prompt on the Master
  5. Create the following Environment Variable for the CMD window by running: set WEBSVC_PASSWORD=<passwordHere>
  6. Run: install_path\NetBackup\bin\admincmd\nbcertconfig -t
    Note: The -t and -f options will be needed for NetBackup versions 8.1.1 and higher.
    install_path\NetBackup\bin\admincmd\nbcertconfig -t -f
    • If this fails, it is likely to be due to an incorrect password.
      To verify the password is correct, use the following command to spawn a new CMD prompt window running as the account in question: runas /user:<user> cmd.exe
      Example local account: runas /user:nbwebsvc cmd.exe
      Example domain account: runas /user:COMPANY\nbwebsvc cmd.exe
    • If the new CMD window opens successfully, it means the credentials were correct and the new window can simply be closed.
    • If the new CMD window fails to open, examine the on-screen language to identify why.
  7. CD into install_path\NetBackup\wmc\bin\install
  8. Run: configureCerts.bat
  9. Run: setupWmc
  10. Restart the nbwmc service
  11. Run: nbcertcmd -getCACertificate
  12. Run: nbcertcmd -getCertificate -force
0 Kudos

Go to solution
Kai2209
Level 4
In response to Hamza_H

‎11-03-2020 02:42 AM

hha_mea,

thanks but this is not working. Maybe it is just for 8.1 and above. Still getting

EXIT STATUS 8506: The certificate has expired

0 Kudos

Go to solution
Hamza_H
Moderator
Moderator
   VIP   
In response to Kai2209

‎11-03-2020 03:15 AM - edited ‎11-03-2020 03:16 AM

@Kai2209 try all down this , if possible please share every command's result/output.

  UNIX/Linux:

   1) /usr/openv/netbackup/bin/nbwmc -terminate
   2) /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
   3) /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
   4) On 8.0 and 8.1: /usr/openv/netbackup/bin/admincmd/nbcertconfig -t      
      On 8.1.1 and 8.1.2:  /usr/openv/netbackup/bin/admincmd/nbcertconfig -t -f
   5) /usr/openv/wmc/bin/install/configureWmc
   6) /usr/openv/wmc/bin/install/configureCerts
   7) /usr/openv/wmc/bin/install/setupWmc
   8) /usr/openv/netbackup/bin/nbwmc -start
   9) /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
  10) /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
      If the operation fails, perform the steps at "Create a token" section then return to this step.
  11) Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file

  Windows:

   0) set WEBSVC_PASSWORD=<nbwebsvc password>
   1) C:\Windows\System32\sc.exe stop "NetBackup Web Management Console"
   2) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -u -i
   3) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -m
   4) On 8.0 and 8.1: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t      
      On 8.1.1 and 8.1.2: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
   5) <Install_Path>\NetBackup\wmc\bin\install\configureWmc
   6) <Install_Path>\NetBackup\wmc\bin\install\configureCerts
   7) <Install_Path>\NetBackup\wmc\bin\install\setupWmc
   8) C:\Windows\System32\sc.exe start "NetBackup Web Management Console"
   9) <Install_Path>\NetBackup\bin\nbcertcmd -getCACertificate
  10) <Install_Path>\NetBackup\bin\nbcertcmd -getCertificate -force
      If the operation fails, perform the steps at "Create a token" section then return to this step.
  11) Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file

 

make sure that all commands complete succesfully

which OS do you have on your master server?

 

Go to solution
Kai2209
Level 4
In response to Hamza_H

‎11-03-2020 06:10 AM

hha_mea,

it is a linux system and steps you mentioned were successful now. A new certificate was issued  ! Thank you so much for help.

I still cannot access with my java console but this seems to be a differnt issue now :(

 

 

0 Kudos

Go to solution
Hamza_H
Moderator
Moderator
   VIP   
In response to Kai2209

‎11-03-2020 07:14 AM - edited ‎11-03-2020 07:15 AM

Hello @Kai2209 

Glad that helped :)

Mark this discussion as solved and open a new one for your java console problem we will try to help you solve it :)

0 Kudos

Go to solution
Kai2209
Level 4
In response to Hamza_H

‎11-03-2020 08:46 AM

thanks again !

0 Kudos