cancel
Showing results for 
Search instead for 
Did you mean: 

HostID

mkasapi
Level 3
Partner Accredited

hi team,

1. install client on Linux machine (8.2)

2 client receives master hostID from other client

3 that client is NOT on aliases of master server

4. remove completely the client that gives his ID to the other client

5 uninstall client , reinstall client but still gets the hostID from the client that i removed!!!

any ideas why thats happening? 

Master 9.1.0.1 - Clients 8.2

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @mkasapi 

Okay - what was the result of following the steps in the article? Was there an EMM alias for the master which included the bad client name (the one giving the bogus hostID)?

What is the result of running (from the problem client) "bpclntcmd -pn -verbose"?

Finally, are you sure all your host files are accurate?

Daivd

View solution in original post

13 REPLIES 13

Michal_Mikulik1
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello,

I am not sure what you are exactly solving. Host ID is a low-level parameter which usually should not bring administrator attention. Do you have any problem during backups with this client?

Regards

Michal

mkasapi
Level 3
Partner Accredited

i cant proceed with backup as client gets an error:  the vnetd proxy encountered an error

the ID you see on first post is a client hostID

i already install 8.2 on two clients and both of then get wrong masterHostID

Michal_Mikulik1
Moderator
Moderator
Partner    VIP    Accredited Certified

My quck tip is that someting with client/server name forward/reverse resolution is wrong. If you wont find a problem here, I recommend you to open a support ticket.

Regards

Michal

 

Hi @mkasapi 

Can you clarify what you mean by hostID - are you referring to a client host  certificates etc.?

Also - can you show what the problem is with logs or output. 

Things to note - the master CA certificate is common to all hosts in the domain. A client host certificate once created and delivered will not change (even if you reinstall the client as long as the name remains the same, it will need to use the same host certificate - probably requiring a reissue token). All certificates are generated and delivered from the master server - clients do not create nor deliver any certificates.

The behaviour you are seeing may be by design.

David

mkasapi
Level 3
Partner Accredited

Hi @davidmoline 

ok , let me explain from the beginning 

install a client 8.2 on a Linux machine , Certificates Token all ok , but on Host Properties when i click on that client i got the "vnted proxy encourented an error"

now when i found a solution from Veritas for that error the solution was to remove the alliases from Master Server

the problem here is that not alliases other than the master and media found when i check

now when i check on client the certmapinfo.json i get :

"hostID": "e7d7be97-32d7-4bd1-8aa9-137f8a7f93ea",
"serverName": "master",
"serverAltNames": "",
"issuerName": "master",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/afb8928d.crl",
"securityLevel": 1,
"crlNextRefreshTime": 1655385663,
"crlLastRefreshTime": 1655371263,
"masterHostId": "99bce8d7-a42f-4746-a079-4b5587589dc3"

that masterHostID belongs to other client ! 

if i install other clients always get the same wrong masterHostID

 

 

Hi @mkasapi 

Sounds strange - can you share the output of the command "nbcertcmd -listCertDetails" from the three hosts (master, client and other client)?

Cheers
David

mkasapi
Level 3
Partner Accredited

nbcertcmd -listCertDetails

FROM CLIENT

Master Server : master1.com
Host ID : 29b30de2-88a0-4b70-8cb1-d8960bf29686
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Jun 16 12:01:28 2023 GMT
SHA1 Fingerprint : DD:3C:5D:9B:3D:D0:85:AC:E0:C1:0D:F9:D0:8B:8C:1D:F1:76:10:17


FROM MASTER 1

Master Server : master1.com
Host ID : 35fb8681-62a2-402b-a7ba-f6414e2df431
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Apr 08 12:13:52 2023 GMT
SHA-1 Fingerprint : 1F:B9:7D:3B:EF:24:D6:E6:C9:ED:F1:01:EC:4D:4D:12:81:BF:01:C9
SHA-256 Fingerprint : 8F:2F:3E:2F:3A:BA:8A:B3:A9:C3:93:82:79:F8:77:D7:62:C0:6A:F7:F4:65:9A:06:8B:EF:36:F9:CB:97:89:7C
Key Strength : 2048
Subject Key Identifier : 4B:3B:4E:76:65:80:DF:8F:3B:37:22:03:39:91:45:43:1B:4F:00:22
Authority Key Identifier : 4B:7B:BE:B2:FB:89:60:82:62:E4:53:F7:D5:68:A9:10:9F:2D:70:CD

Master Server : master2.com
Host ID : 5c02ec4d-749e-47e8-94a9-82d9316211d2
Issued By : /CN=broker/OU=root@master2.com/O=vx
Serial Number : -
Expiry Date : Apr 14 09:40:47 2023 GMT
SHA-1 Fingerprint : 33:03:AF:19:C1:30:7F:EB:57:89:68:A0:F6:36:1A:0A:31:18:62:14
SHA-256 Fingerprint : 77:1E:C5:98:DF:06:D6:54:01:A4:4E:CA:D8:84:E9:1C:44:DD:86:9D:4B:CE:B2:F5:01:A0:35:CE:27:EF:DF:8B
Key Strength : 2048
Subject Key Identifier : 4B:3B:4E:76:65:80:DF:8F:3B:37:22:03:39:91:45:43:1B:4F:00:22
Authority Key Identifier : 81:34:4D:66:96:B8:20:B9:E9:E2:59:D2:77:E0:36:AD:16:FF:E9:3B


FROM MEDIA 1

Master Server : master1
Host ID : e79b2569-a21a-483c-b192-ebace149e4db
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Apr 08 12:18:59 2023 GMT
SHA-1 Fingerprint : 01:6C:88:23:F3:94:70:6A:8E:F4:01:A0:4B:1B:A0:29:D7:29:3F:7E
SHA-256 Fingerprint : 70:81:DA:90:5A:C8:DF:4F:FB:F2:78:1E:35:9A:63:28:81:C8:8F:91:01:E3:90:1C:91:F3:5F:08:94:30:BA:B6
Key Strength : 2048
Subject Key Identifier : BC:BA:A9:9A:3C:49:08:97:53:C4:73:98:F9:C0:1A:F1:23:A6:E3:C2
Authority Key Identifier : 4B:7B:BE:B2:FB:89:60:82:62:E4:53:F7:D5:68:A9:10:9F:2D:70:CD

Master Server : master2.com
Host ID : dcb63bd7-2add-48ca-97c7-1bd2e3d0b922
Issued By : /CN=broker/OU=root@master2.com/O=vx
Serial Number : -
Expiry Date : Apr 14 11:39:04 2023 GMT
SHA-1 Fingerprint : AF:32:C6:55:F3:D8:93:06:01:2F:0A:C7:39:5A:02:C8:5B:2C:4C:91
SHA-256 Fingerprint : 65:5E:23:BB:9C:51:2F:04:33:D0:EB:9D:6F:EA:D0:F6:EE:00:D9:07:0A:9F:D0:D7:0F:84:44:FC:A4:08:6A:AD
Key Strength : 2048
Subject Key Identifier : BC:BA:A9:9A:3C:49:08:97:53:C4:73:98:F9:C0:1A:F1:23:A6:E3:C2
Authority Key Identifier : 81:34:4D:66:96:B8:20:B9:E9:E2:59:D2:77:E0:36:AD:16:FF:E9:3B

mkasapi
Level 3
Partner Accredited

and certmapinfo.json

FROM CLIENT

"hostID": "29b30de2-88a0-4b70-8cb1-d8960bf29686",
"serverName": "master1.com",
"serverAltNames": "",
"issuerName": "master1.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master1.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/623584dc.crl",
"securityLevel": 1,
"crlNextRefreshTime": 1655831332,
"crlLastRefreshTime": 1655816932,
"masterHostId": "7f8b8d7e-3649-4ba0-baa3-438f7f3bd4df"


FROM MASTER 1

"hostID": "35fb8681-62a2-402b-a7ba-f6414e2df431",
"serverName": "master1.com",
"serverAltNames": "",
"issuerName": "master1.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master1.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/623584dc.crl",
"securityLevel": 1,
"trustVersion": "lN1Z3lZTvAdiPl2",
"trustStoreActions": [
{
"action": "ADD",
"fingerprints": [
"8F:E0:6F:EE:73:C4:32:CA:4B:B9:F7:CA:CA:87:C5:63:FE:BD:D4:3A:52:30:7C:C4:E4:9B:CE:36:12:7E:C7:69"
]
}
],
"crlNextRefreshTime": 1655834159,
"crlLastRefreshTime": 1655819759,
"masterHostId": "35fb8681-62a2-402b-a7ba-f6414e2df431"
},
{
"hostID": "5c02ec4d-749e-47e8-94a9-82d9316211d2",
"serverName": "master2.com",
"serverAltNames": "",
"issuerName": "master2.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master2.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/afb8928d.crl",
"securityLevel": 1,
"trustVersion": "GubeVaWTYrOdWAS",
"trustStoreActions": [
{
"action": "ADD",
"fingerprints": [
"09:A4:7E:C8:A5:05:EE:F6:9A:DD:BB:82:3F:5F:6A:90:3C:34:40:BD:FB:40:3C:F6:68:EF:18:AC:6E:90:83:C5"
]
}
],
"crlNextRefreshTime": 1655834159,
"crlLastRefreshTime": 1655819759,
"masterHostId": "902bdc4f-e872-4d25-b98e-3a2d6b9ee909"

Hi @mkasapi 

I see from the above you have two master servers, and I also do not see from what you have provided any hostID overlap. Can you explain where you think the problem is?

As for the initial error - have you verified that name resolution is working (forward and reverse) as per @Michal_Mikulik1  and there are no firewalls preventing connections (a firewall on the client would allow it to obtain a certificate, but would not allow the connection intiiated from the master).

Cheers
David

mkasapi
Level 3
Partner Accredited

@hi @davidmoline ,

Yes there are two master servers

i try to figure out why all clients i installed get the error "vnetd proxy encountered an error" so i found a link on Veritas 

https://www.veritas.com/support/en_US/article.100049006 

from here i found that the client got wrong masterHostID

the problem here is that is any new client installation got this error

there is no DNS all clients are on workgroup but we add the clients and servers on hosts files on both masters

Laurence_Merry
Level 4

On your Master server's gui, go to Security Management > Certificate Management. Select a client, right click and view the Certificate Authority details, copy the SHA-1 Fingerprint and keep it aside.

On one of your clients, run: nbcertcmd.exe -displaycacertdetail and compare that the SHA-1 Fingerprint of the CA Certificate with that of the SHA-1 fingerprint from the master server. You can share the output here too.

Hi @mkasapi 

Okay - what was the result of following the steps in the article? Was there an EMM alias for the master which included the bad client name (the one giving the bogus hostID)?

What is the result of running (from the problem client) "bpclntcmd -pn -verbose"?

Finally, are you sure all your host files are accurate?

Daivd

mkasapi
Level 3
Partner Accredited

@Laurence_Merry  and @davidmoline 

Hi guys and thanks for your response ,

we realize that if you add host file from putty after you restart the Flex Appliance all changes are gone

you need to add host files from Web GUI console and only from there

so we modified the host file from console and now we can add clients