VOX

i cant proceed with backup as client gets an error:  the vnetd proxy encountered an error

the ID you see on first post is a client hostID

i already install 8.2 on two clients and both of then get wrong masterHostID

Hi @sandreou 

Can you clarify what you mean by hostID - are you referring to a client host  certificates etc.?

Also - can you show what the problem is with logs or output. 

Things to note - the master CA certificate is common to all hosts in the domain. A client host certificate once created and delivered will not change (even if you reinstall the client as long as the name remains the same, it will need to use the same host certificate - probably requiring a reissue token). All certificates are generated and delivered from the master server - clients do not create nor deliver any certificates.

The behaviour you are seeing may be by design.

David

Hi @davidmoline 

ok , let me explain from the beginning 

install a client 8.2 on a Linux machine , Certificates Token all ok , but on Host Properties when i click on that client i got the "vnted proxy encourented an error"

now when i found a solution from Veritas for that error the solution was to remove the alliases from Master Server

the problem here is that not alliases other than the master and media found when i check

now when i check on client the certmapinfo.json i get :

"hostID": "e7d7be97-32d7-4bd1-8aa9-137f8a7f93ea",
"serverName": "master",
"serverAltNames": "",
"issuerName": "master",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/afb8928d.crl",
"securityLevel": 1,
"crlNextRefreshTime": 1655385663,
"crlLastRefreshTime": 1655371263,
"masterHostId": "99bce8d7-a42f-4746-a079-4b5587589dc3"

that masterHostID belongs to other client ! 

if i install other clients always get the same wrong masterHostID

Hi @sandreou 

Sounds strange - can you share the output of the command "nbcertcmd -listCertDetails" from the three hosts (master, client and other client)?

Cheers
David

nbcertcmd -listCertDetails

FROM CLIENT

Master Server : master1.com
Host ID : 29b30de2-88a0-4b70-8cb1-d8960bf29686
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Jun 16 12:01:28 2023 GMT
SHA1 Fingerprint : DD:3C:5D:9B:3D:D0:85:AC:E0:C1:0D:F9:D0:8B:8C:1D:F1:76:10:17


FROM MASTER 1

Master Server : master1.com
Host ID : 35fb8681-62a2-402b-a7ba-f6414e2df431
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Apr 08 12:13:52 2023 GMT
SHA-1 Fingerprint : 1F:B9:7D:3B:EF:24:D6:E6:C9:ED:F1:01:EC:4D:4D:12:81:BF:01:C9
SHA-256 Fingerprint : 8F:2F:3E:2F:3A:BA:8A:B3:A9:C3:93:82:79:F8:77:D7:62:C0:6A:F7:F4:65:9A:06:8B:EF:36:F9:CB:97:89:7C
Key Strength : 2048
Subject Key Identifier : 4B:3B:4E:76:65:80:DF:8F:3B:37:22:03:39:91:45:43:1B:4F:00:22
Authority Key Identifier : 4B:7B:BE:B2:FB:89:60:82:62:E4:53:F7:D5:68:A9:10:9F:2D:70:CD

Master Server : master2.com
Host ID : 5c02ec4d-749e-47e8-94a9-82d9316211d2
Issued By : /CN=broker/OU=root@master2.com/O=vx
Serial Number : -
Expiry Date : Apr 14 09:40:47 2023 GMT
SHA-1 Fingerprint : 33:03:AF:19:C1:30:7F:EB:57:89:68:A0:F6:36:1A:0A:31:18:62:14
SHA-256 Fingerprint : 77:1E:C5:98:DF:06:D6:54:01:A4:4E:CA:D8:84:E9:1C:44:DD:86:9D:4B:CE:B2:F5:01:A0:35:CE:27:EF:DF:8B
Key Strength : 2048
Subject Key Identifier : 4B:3B:4E:76:65:80:DF:8F:3B:37:22:03:39:91:45:43:1B:4F:00:22
Authority Key Identifier : 81:34:4D:66:96:B8:20:B9:E9:E2:59:D2:77:E0:36:AD:16:FF:E9:3B

FROM MEDIA 1

Master Server : master1
Host ID : e79b2569-a21a-483c-b192-ebace149e4db
Issued By : /CN=broker/OU=root@master1.com/O=vx
Serial Number : -
Expiry Date : Apr 08 12:18:59 2023 GMT
SHA-1 Fingerprint : 01:6C:88:23:F3:94:70:6A:8E:F4:01:A0:4B:1B:A0:29:D7:29:3F:7E
SHA-256 Fingerprint : 70:81:DA:90:5A:C8:DF:4F:FB:F2:78:1E:35:9A:63:28:81:C8:8F:91:01:E3:90:1C:91:F3:5F:08:94:30:BA:B6
Key Strength : 2048
Subject Key Identifier : BC:BA:A9:9A:3C:49:08:97:53:C4:73:98:F9:C0:1A:F1:23:A6:E3:C2
Authority Key Identifier : 4B:7B:BE:B2:FB:89:60:82:62:E4:53:F7:D5:68:A9:10:9F:2D:70:CD

Master Server : master2.com
Host ID : dcb63bd7-2add-48ca-97c7-1bd2e3d0b922
Issued By : /CN=broker/OU=root@master2.com/O=vx
Serial Number : -
Expiry Date : Apr 14 11:39:04 2023 GMT
SHA-1 Fingerprint : AF:32:C6:55:F3:D8:93:06:01:2F:0A:C7:39:5A:02:C8:5B:2C:4C:91
SHA-256 Fingerprint : 65:5E:23:BB:9C:51:2F:04:33:D0:EB:9D:6F:EA:D0:F6:EE:00:D9:07:0A:9F:D0:D7:0F:84:44:FC:A4:08:6A:AD
Key Strength : 2048
Subject Key Identifier : BC:BA:A9:9A:3C:49:08:97:53:C4:73:98:F9:C0:1A:F1:23:A6:E3:C2
Authority Key Identifier : 81:34:4D:66:96:B8:20:B9:E9:E2:59:D2:77:E0:36:AD:16:FF:E9:3B

and certmapinfo.json

FROM CLIENT

"hostID": "29b30de2-88a0-4b70-8cb1-d8960bf29686",
"serverName": "master1.com",
"serverAltNames": "",
"issuerName": "master1.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master1.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/623584dc.crl",
"securityLevel": 1,
"crlNextRefreshTime": 1655831332,
"crlLastRefreshTime": 1655816932,
"masterHostId": "7f8b8d7e-3649-4ba0-baa3-438f7f3bd4df"

FROM MASTER 1

"hostID": "35fb8681-62a2-402b-a7ba-f6414e2df431",
"serverName": "master1.com",
"serverAltNames": "",
"issuerName": "master1.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master1.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/623584dc.crl",
"securityLevel": 1,
"trustVersion": "lN1Z3lZTvAdiPl2",
"trustStoreActions": [
{
"action": "ADD",
"fingerprints": [
"8F:E0:6F:EE:73:C4:32:CA:4B:B9:F7:CA:CA:87:C5:63:FE:BD:D4:3A:52:30:7C:C4:E4:9B:CE:36:12:7E:C7:69"
]
}
],
"crlNextRefreshTime": 1655834159,
"crlLastRefreshTime": 1655819759,
"masterHostId": "35fb8681-62a2-402b-a7ba-f6414e2df431"
},
{
"hostID": "5c02ec4d-749e-47e8-94a9-82d9316211d2",
"serverName": "master2.com",
"serverAltNames": "",
"issuerName": "master2.com",
"certType": 1,
"isServerMaster": 1,
"issuedBy": "/CN=broker/OU=root@master2.com/O=vx",
"crlPath": "/usr/openv/var/vxss/crl/afb8928d.crl",
"securityLevel": 1,
"trustVersion": "GubeVaWTYrOdWAS",
"trustStoreActions": [
{
"action": "ADD",
"fingerprints": [
"09:A4:7E:C8:A5:05:EE:F6:9A:DD:BB:82:3F:5F:6A:90:3C:34:40:BD:FB:40:3C:F6:68:EF:18:AC:6E:90:83:C5"
]
}
],
"crlNextRefreshTime": 1655834159,
"crlLastRefreshTime": 1655819759,
"masterHostId": "902bdc4f-e872-4d25-b98e-3a2d6b9ee909"

Hi @sandreou 

I see from the above you have two master servers, and I also do not see from what you have provided any hostID overlap. Can you explain where you think the problem is?

As for the initial error - have you verified that name resolution is working (forward and reverse) as per @Michal_Mikulik1  and there are no firewalls preventing connections (a firewall on the client would allow it to obtain a certificate, but would not allow the connection intiiated from the master).

Cheers
David

@hi @davidmoline ,

Yes there are two master servers

i try to figure out why all clients i installed get the error "vnetd proxy encountered an error" so i found a link on Veritas 

https://www.veritas.com/support/en_US/article.100049006 

from here i found that the client got wrong masterHostID

the problem here is that is any new client installation got this error

there is no DNS all clients are on workgroup but we add the clients and servers on hosts files on both masters

@Laurence_Merry  and @davidmoline 

Hi guys and thanks for your response ,

we realize that if you add host file from putty after you restart the Flex Appliance all changes are gone

you need to add host files from Web GUI console and only from there

so we modified the host file from console and now we can add clients