cancel
Showing results for 
Search instead for 
Did you mean: 

Java Admin console fails to start/run on RHEL7 server

randes2000
Level 4

I cannot start/launch the Java Admin console (jnbSA) on a RHEL7 client as a non-root user.   As root, the Admin console starts correctly and I can then authenticate with non-root credentials.  I don't want to have to use root.   The Admin console starts correctly on the master server and my four media servers as a non-root user.  I don't wish to use the master or media servers to admin Netbackup any longer.  I also can't install the Windows Remote Admin console as I don't have admin on any Windows system.
 
Issue: As non-root user, run jnbSA. Authentication screen comes up and I enter master server, user and password.  Authentication fails with "The Netbackup Admin Console failed to establish a secure connection with the host '<master server>'.  The request was terminated with error code VRTS-24579."  
As root user, run jnbSA.  Authentication screen comes up and I enter master server, user and password.   Admin console comes up and all is well.
 
Master server - Netbackup version 7.7.2 - Solaris 10 SPARC (no recent configuration changes...really)
Client - Netbackup version 7.7.2 - RHEL 7 virtual machine (new install) Netbackup installation from NetBackup_7.7.2_CLIENTS2.tar.gz download.  This RHEL7 server is backed up via VMWare APIs not Netbackup client.
Master server/client connectivity has been tested and looks good.
 
Java Admin console has never been attempted from a client in this environment.  We have always used the master server, but I wish to change this.  Please don't ask why I just don't use the master server (STIGs and other reasons).
 
This seems to be a permissions issue on the RHEL7 client, but I can't determine what it is.  Veritas support has also been unable to solve this issue and I have submitted a lot of logs and answered a lot of questions.

1 ACCEPTED SOLUTION

Accepted Solutions

An update on this issue.  The solution was found by my fellow Netbackup administrator  troubleshooting a new RHEL7 master server install in our DR site. The VRTS-24579 error.  The problem was that our user VRTSatlocal.conf file listed the wrong home directory.   Each user file was originally created on our Solaris master server where /home/<username> is our auto-mounted home directory.   This stems from Solaris using /export/home as the default home directory structure and (a long time ago) us choosing /home for auto-mounting.  Along comes RHEL and it uses /home as the default home directory.  We chose /export/home for auto-mounting home directories.   So my original problem involved attempting to run the Admin Console directly from the RHEL client.  The VRTSatlocal.conf file listed my home directory as /home/<username>, when on the RHEL client it is actually /export/home/<username>.  Changing the lines in the VRTSatlocal.conf file from “/home/<username>” to “${HOME}” solved the problem.  Now, no matter where I attempt to launch the Admin Console, the proper home directory is found in VRTSatlocal.conf file.   Probably a unique situation at our site, so it was hard for Veritas to resolve.

View solution in original post

16 REPLIES 16

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi,

From what I understood reading this document maybe you need to deploy a nbu certificate for this client. Take a look

About security certificates for NetBackup hosts

NetBackup uses security certificates for authentication of NetBackup hosts. TheNetBackup security certificates conform to the X.509 Public Key Infrastructure (PKI) standard. A master server acts as the Certificate Authority (CA) and issues security certificates to hosts.

NetBackup provides two types of NetBackup host security certificates: Host ID-based certificates and host name-based certificates. Host ID-based certificates are based on Universally Unique Identifiers (UUID) that are assigned to each NetBackup host. The NetBackup master server assigns these identifiers to the hosts.

Any security certificates that were generated before NetBackup 8.0 are now referred to as host name-based certificates. NetBackup is in the process of replacing these older certificates with newer host ID-based certificates. The transition will be completed in future releases and the use of host name-based certificates will be  eliminated. However, the transition is ongoing and NetBackup 8.0 continues to require the older host name-based certificates for certain operations.

For more information about deployment, management, and usage of security certificates, see the NetBackup Security and Encryption Guide.

Depending on the NetBackup host type and the certificate type, deployment of certificates varies. Consider the following scenarios:

NetBackup master server
Host ID-based certificates and host name-based certificates are automatically deployed during NetBackup installation and upgrade.

Clustered NetBackup master server
Host ID-based certificates and host name-based certificates may not be automatically deployed on all nodes.

NetBackup media servers and clients
Depending on the settings on the master server, host ID-based certificates may be automatically deployed on media servers and clients.Host name-based certificates are manually deployed using the command-line interface.

Security_Certificate_NBU_Hosts.JPG

 

Thiago

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi,

Also check this EEB

EEBs_AdminConsole.JPG

The RHEL7 system accepted a certificate from the master server on first connection.  I was root when I first made the connection and I wonder if this may have set permissions that are preventing non-root users from using the Java Console.

The user is not using Active Directory, but LDAP is used for authentication on the RHEL7 system.  How do I view this Etrack Number?

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi @randes2000

First visit this site https://sort.veritas.com/netbackuphfauditor

Then go to:

Home > Knowledge Base > NetBackup Hot Fix and EEB Release Auditor

Choose the product, in this case NetBackup Enterprise Server and put the etrack number, see below

EEB_SORT.JPG

The EEB states that this was fixed in 8.0, 8.1.   So I take this that there is no fix for 7.7.2 ?

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi,

The problem is fixed on nbu version 8.0 and 8.1, but you can try a workaround, take a look

https://www.veritas.com/support/en_US/article.000114985

The fix is specifically for AD authentication and we are using LDAP.  But I figured I'd give it a shot anyway and changed the /etc/nsswitch.conf file passwd line (temporarily) as such:

passwd: files sss

changed to

passwd: sss files

I still received the same error attempting to start the Java console as a non-root user.  I really appreciate the feedback, though.

I have upgraded Netbackup to 7.7.3 and re-installed the java console (also now at 7.7.3).   Same results as before.  The Java console will not start with a non-root user.  Resulting error "The NetBackup Admin Console failed to establish a secure connection with the host '<master server>'.  The request was terminated with error code VRTS-24579."

Although clearly not a memory issue, a comparision of the jbp log files for the console for root and the non-root user shows the non-root user process stops with this error in the log file.

"vrts.vss.sdk.at.exception.VRTSAtException: Insufficient Memory"

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified
Why did you decide to upgrade to 7.7.3 and not 8.0 or 8.1?

Good question.  A while ago, while talking with a Veritas techician about an issue on a 8.0 install in another environment, I mentioned we would be upgrading to 8.1 from 7.7.2.  The techiician highly recommened we go to 7.7.3 first.  We're there now and planning on the upgrade to 8.1.

I uninstalled the Java console on my RHEL7 box for now, as the issue I'm having has totally frustrated me.  I might give it another go once we're at 8.1. 

I'm still sure it's a simple permissions issue.  I worked with Veritas off and on for about a month and finally had enough of submitting output from the same commands over and over.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

When 'Veritas technicians' make statements like these, I start to doubt their knowledge and experience.

Extract from the Upgrade Portal:

NetBackup 8.0 :

Upgrade to NetBackup 8.0 can occur from all NetBackup 7.x versions. OpsCenter should be updated first, followed by the NetBackup Master Server, then Media Servers, then Clients. 
 

NetBackup 8.1 :

The NetBackup 8.1 upgrade guide provides an upgrade path from NetBackup version 7.7.x through 8.0.
 
I have assisted a customer a couple of weeks ago with upgrade from 7.5.0.6 to 8.0.
It went totally smooth and was over and done in less than an hour.

Amol_Nair
Level 6
Employee

Do you still have the case open or was it closed?

Probably enabling EAT logs for the java console may help in identifying if there is a permission related issue reported when any of the paths are being accessed in the background when the console is launched and you attempt to login using a non-root user

Thiago_Ribeiro
Moderator
Moderator
Partner    VIP    Accredited

Hi @randes2000,

I would like to ask you if from the client ( Client - Netbackup version 7.7.2 - RHEL 7) where do you want to start NBU Java Admin Console, is there enough memory to run the Console??

Values

INITIAL_MEMORY=256M
MAX_MEMORY=512M

Take a look --> https://www.veritas.com/content/support/en_US/doc/103228346-127350715-0/v109496837-127350715

https://vox.veritas.com/t5/NetBackup/NetBackup-Admin-GUI-won-t-start-the-next-day/td-p/752062

Other thing, what is the client Java version? Im not sure if it can be applied to your case,but can you check?

https://www.veritas.com/support/en_US/article.000022919

 

Thiago

First, I just want to thank everyone who has replied to this article.   All your info has been helpful.

I can post the veritas service request number if that would help.  The Java console does launch as root, so I don't think it's a memory issue.  I had set INITIAL_MEMORY and MAX_MEMORY when I was troubleshooting.   No adjustments solved the issue.

The java version is 1.8.0_151-b12.

For now I have uninstalled all the VRTS packaages from the system.  I'll give it another go once we're at Netbackup 8.1.

You could send me a message with the veritas case number and I can try taking a look at the case tomorrow to check if I could grab some more information that was collected on the case

An update on this issue.  The solution was found by my fellow Netbackup administrator  troubleshooting a new RHEL7 master server install in our DR site. The VRTS-24579 error.  The problem was that our user VRTSatlocal.conf file listed the wrong home directory.   Each user file was originally created on our Solaris master server where /home/<username> is our auto-mounted home directory.   This stems from Solaris using /export/home as the default home directory structure and (a long time ago) us choosing /home for auto-mounting.  Along comes RHEL and it uses /home as the default home directory.  We chose /export/home for auto-mounting home directories.   So my original problem involved attempting to run the Admin Console directly from the RHEL client.  The VRTSatlocal.conf file listed my home directory as /home/<username>, when on the RHEL client it is actually /export/home/<username>.  Changing the lines in the VRTSatlocal.conf file from “/home/<username>” to “${HOME}” solved the problem.  Now, no matter where I attempt to launch the Admin Console, the proper home directory is found in VRTSatlocal.conf file.   Probably a unique situation at our site, so it was hard for Veritas to resolve.