09-27-2019 05:08 AM
Hi,
Backup failed on server with;
Error bpbrm (pid=15908) [PROXY] Received status: 7625 with message A SSL connect failed. Status: 1 Msg: certificate verify failed
I checked the client and
/usr/openv/netbackup/bin/nbcertcmd -listCertDetails
Expiry Date : Sep 26 07:12:38 2019 GMT
Does anyone know who to update/refresh this? I have tried everything offered so far and nothing updates it
Thanks
Solved! Go to Solution.
10-02-2019 05:05 AM
Thanks for all the suggestions but it appears it was as easy as this to fix;
It is necessary to adjust the Master Server's CLIENT_NAME parameter to match the value displayed in the Host column of the Host Management table.
Once done, attempts to add new clients or media servers should no longer result in EXIT STATUS 5987.
So edited bp.conf and removed the domain name. ran the nbcertcmd again and all fixed
Thanks again
09-27-2019 05:18 AM
See if this section in the manual helps?
https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v120989793-127424841
09-27-2019 07:10 AM
09-27-2019 07:54 AM
I think you might have to show us all the steps that lead to the error, because there are several steps to re-issuing a token, and to re-using the re-issued token.
09-27-2019 08:31 AM - edited 09-27-2019 08:32 AM
Here is what I would suggest doing.
Go to Certificate Management under Security Management in the Admin Console.
Revoke the cert for the client you are having issues with.
On the client, run the following.
nbcertcmd -listCACertDetails
Copy the SHA1 Fingerprint and paste it in the next command
nbcertcmd -removeCACertificate -fingerPrint <paste here>
nbcertcmd -deleteAllCertificates
nbcertcmd -getCACertificate -server <master server>
Now generate a reissue token in the Admin Console for this client and copy that token, you will use it in the next command.
nbcertcmd -getCertificate -server <master server> -token
Paste the token when asked for it.
Now refresh the Host Management tab in the Admin Console and verify that there is now a green lock next to this client name.
Also, refresh the Certificate Mangement tab in the Admin Console and verify that the client now shows active.
09-27-2019 01:01 PM
09-30-2019 02:29 AM
Hi
Thanks for the reply
I had tried this fix but get the following error when attempted.
/usr/openv/netbackup/bin/nbcertcmd -getcertificate -token WMHHRNSTIBAPUIKW -force
nbcertcmd: The -getCertificate operation failed for server MASTERSERVERNAME
EXIT STATUS 5965: The host ID associated with this reissue token is assigned to another host. You need to revoke the existing certificate for the host ID before you can reuse the host ID for this host.
Any ideas how to get around this?
thanks again
09-30-2019 02:34 AM
Hi
thanks for the response.
Tried the steps you suggest and get this error
nbcertcmd -getCertificate -server MASTERSERVER -token
Authorization Token:
nbcertcmd: The -getCertificate operation failed for server MASTERSERVER.
EXIT STATUS 5965: The host ID associated with this reissue token is assigned to another host. You need to revoke the existing certificate for the host ID before you can reuse the host ID for this host.
Any ideas?
Thanks
10-02-2019 12:22 AM
Hello @miketduffy ,
try this :
on the master's console, generate a new re-issue token from the console (copy it and keep it).
then on the client, execute the command :
“nbcertcmd -getCertificate -force -token <reissue_token_created> ”
Then paste the result
BR.
H.
10-02-2019 04:47 AM
Hi
Although I have tried this I did do it again. This is the result
nbcertcmd -getCertificate -force -token LXGHMONRLBVPLIAD
nbcertcmd: The -getCertificate operation failed for server MASTERSERVERNAME.
EXIT STATUS 5965: The host ID associated with this reissue token is assigned to another host. You need to revoke the existing certificate for the host ID before you can reuse the host ID for this host.
10-02-2019 05:05 AM
Thanks for all the suggestions but it appears it was as easy as this to fix;
It is necessary to adjust the Master Server's CLIENT_NAME parameter to match the value displayed in the Host column of the Host Management table.
Once done, attempts to add new clients or media servers should no longer result in EXIT STATUS 5987.
So edited bp.conf and removed the domain name. ran the nbcertcmd again and all fixed
Thanks again
12-23-2021 04:52 AM
After the steps problem was resolved
thanks
04-14-2022 04:35 AM
We had exactly the same issue - despite the client having the alias names in the host mapping. Why oh why is Netbackup master server not looking at these available details when being supplied with a reissue token! urgh..................