10-26-2017 08:48 AM
I cannot start/launch the Java Admin console (jnbSA) on a RHEL7 client as a non-root user. As root, the Admin console starts correctly and I can then authenticate with non-root credentials. I don't want to have to use root. The Admin console starts correctly on the master server and my four media servers as a non-root user. I don't wish to use the master or media servers to admin Netbackup any longer. I also can't install the Windows Remote Admin console as I don't have admin on any Windows system.
Issue: As non-root user, run jnbSA. Authentication screen comes up and I enter master server, user and password. Authentication fails with "The Netbackup Admin Console failed to establish a secure connection with the host '<master server>'. The request was terminated with error code VRTS-24579."
As root user, run jnbSA. Authentication screen comes up and I enter master server, user and password. Admin console comes up and all is well.
Master server - Netbackup version 7.7.2 - Solaris 10 SPARC (no recent configuration changes...really)
Client - Netbackup version 7.7.2 - RHEL 7 virtual machine (new install) Netbackup installation from NetBackup_7.7.2_CLIENTS2.tar.gz download. This RHEL7 server is backed up via VMWare APIs not Netbackup client.
Master server/client connectivity has been tested and looks good.
Java Admin console has never been attempted from a client in this environment. We have always used the master server, but I wish to change this. Please don't ask why I just don't use the master server (STIGs and other reasons).
This seems to be a permissions issue on the RHEL7 client, but I can't determine what it is. Veritas support has also been unable to solve this issue and I have submitted a lot of logs and answered a lot of questions.
Solved! Go to Solution.
11-20-2018 07:03 AM
An update on this issue. The solution was found by my fellow Netbackup administrator troubleshooting a new RHEL7 master server install in our DR site. The VRTS-24579 error. The problem was that our user VRTSatlocal.conf file listed the wrong home directory. Each user file was originally created on our Solaris master server where /home/<username> is our auto-mounted home directory. This stems from Solaris using /export/home as the default home directory structure and (a long time ago) us choosing /home for auto-mounting. Along comes RHEL and it uses /home as the default home directory. We chose /export/home for auto-mounting home directories. So my original problem involved attempting to run the Admin Console directly from the RHEL client. The VRTSatlocal.conf file listed my home directory as /home/<username>, when on the RHEL client it is actually /export/home/<username>. Changing the lines in the VRTSatlocal.conf file from “/home/<username>” to “${HOME}” solved the problem. Now, no matter where I attempt to launch the Admin Console, the proper home directory is found in VRTSatlocal.conf file. Probably a unique situation at our site, so it was hard for Veritas to resolve.
10-27-2017 05:25 AM
Hi,
From what I understood reading this document maybe you need to deploy a nbu certificate for this client. Take a look
About security certificates for NetBackup hosts
NetBackup uses security certificates for authentication of NetBackup hosts. TheNetBackup security certificates conform to the X.509 Public Key Infrastructure (PKI) standard. A master server acts as the Certificate Authority (CA) and issues security certificates to hosts.
NetBackup provides two types of NetBackup host security certificates: Host ID-based certificates and host name-based certificates. Host ID-based certificates are based on Universally Unique Identifiers (UUID) that are assigned to each NetBackup host. The NetBackup master server assigns these identifiers to the hosts.
Any security certificates that were generated before NetBackup 8.0 are now referred to as host name-based certificates. NetBackup is in the process of replacing these older certificates with newer host ID-based certificates. The transition will be completed in future releases and the use of host name-based certificates will be eliminated. However, the transition is ongoing and NetBackup 8.0 continues to require the older host name-based certificates for certain operations.
For more information about deployment, management, and usage of security certificates, see the NetBackup Security and Encryption Guide.
Depending on the NetBackup host type and the certificate type, deployment of certificates varies. Consider the following scenarios:
NetBackup master server
Host ID-based certificates and host name-based certificates are automatically deployed during NetBackup installation and upgrade.
Clustered NetBackup master server
Host ID-based certificates and host name-based certificates may not be automatically deployed on all nodes.
NetBackup media servers and clients
Depending on the settings on the master server, host ID-based certificates may be automatically deployed on media servers and clients.Host name-based certificates are manually deployed using the command-line interface.
Thiago
10-31-2017 12:01 PM
Hi,
Also check this EEB
11-01-2017 04:31 AM
The RHEL7 system accepted a certificate from the master server on first connection. I was root when I first made the connection and I wonder if this may have set permissions that are preventing non-root users from using the Java Console.
The user is not using Active Directory, but LDAP is used for authentication on the RHEL7 system. How do I view this Etrack Number?
11-01-2017 05:29 AM
Hi @randes2000
First visit this site https://sort.veritas.com/netbackuphfauditor
Then go to:
Home > Knowledge Base > NetBackup Hot Fix and EEB Release Auditor
Choose the product, in this case NetBackup Enterprise Server and put the etrack number, see below
11-01-2017 05:46 AM
The EEB states that this was fixed in 8.0, 8.1. So I take this that there is no fix for 7.7.2 ?
11-01-2017 06:26 AM
Hi,
The problem is fixed on nbu version 8.0 and 8.1, but you can try a workaround, take a look
11-01-2017 06:54 AM
The fix is specifically for AD authentication and we are using LDAP. But I figured I'd give it a shot anyway and changed the /etc/nsswitch.conf file passwd line (temporarily) as such:
passwd: files sss
changed to
passwd: sss files
I still received the same error attempting to start the Java console as a non-root user. I really appreciate the feedback, though.
01-09-2018 06:59 AM
I have upgraded Netbackup to 7.7.3 and re-installed the java console (also now at 7.7.3). Same results as before. The Java console will not start with a non-root user. Resulting error "The NetBackup Admin Console failed to establish a secure connection with the host '<master server>'. The request was terminated with error code VRTS-24579."
Although clearly not a memory issue, a comparision of the jbp log files for the console for root and the non-root user shows the non-root user process stops with this error in the log file.
"vrts.vss.sdk.at.exception.VRTSAtException: Insufficient Memory"
01-09-2018 09:46 AM
01-09-2018 10:02 AM
Good question. A while ago, while talking with a Veritas techician about an issue on a 8.0 install in another environment, I mentioned we would be upgrading to 8.1 from 7.7.2. The techiician highly recommened we go to 7.7.3 first. We're there now and planning on the upgrade to 8.1.
I uninstalled the Java console on my RHEL7 box for now, as the issue I'm having has totally frustrated me. I might give it another go once we're at 8.1.
I'm still sure it's a simple permissions issue. I worked with Veritas off and on for about a month and finally had enough of submitting output from the same commands over and over.
01-10-2018 12:36 AM
When 'Veritas technicians' make statements like these, I start to doubt their knowledge and experience.
Extract from the Upgrade Portal:
01-11-2018 07:40 AM
Do you still have the case open or was it closed?
Probably enabling EAT logs for the java console may help in identifying if there is a permission related issue reported when any of the paths are being accessed in the background when the console is launched and you attempt to login using a non-root user
01-12-2018 05:47 AM
Hi @randes2000,
I would like to ask you if from the client ( Client - Netbackup version 7.7.2 - RHEL 7) where do you want to start NBU Java Admin Console, is there enough memory to run the Console??
Values
INITIAL_MEMORY=256M
MAX_MEMORY=512M
Take a look --> https://www.veritas.com/content/support/en_US/doc/103228346-127350715-0/v109496837-127350715
https://vox.veritas.com/t5/NetBackup/NetBackup-Admin-GUI-won-t-start-the-next-day/td-p/752062
Other thing, what is the client Java version? Im not sure if it can be applied to your case,but can you check?
https://www.veritas.com/support/en_US/article.000022919
Thiago
01-12-2018 07:01 AM
First, I just want to thank everyone who has replied to this article. All your info has been helpful.
I can post the veritas service request number if that would help. The Java console does launch as root, so I don't think it's a memory issue. I had set INITIAL_MEMORY and MAX_MEMORY when I was troubleshooting. No adjustments solved the issue.
The java version is 1.8.0_151-b12.
For now I have uninstalled all the VRTS packaages from the system. I'll give it another go once we're at Netbackup 8.1.
01-15-2018 04:47 AM
11-20-2018 07:03 AM
An update on this issue. The solution was found by my fellow Netbackup administrator troubleshooting a new RHEL7 master server install in our DR site. The VRTS-24579 error. The problem was that our user VRTSatlocal.conf file listed the wrong home directory. Each user file was originally created on our Solaris master server where /home/<username> is our auto-mounted home directory. This stems from Solaris using /export/home as the default home directory structure and (a long time ago) us choosing /home for auto-mounting. Along comes RHEL and it uses /home as the default home directory. We chose /export/home for auto-mounting home directories. So my original problem involved attempting to run the Admin Console directly from the RHEL client. The VRTSatlocal.conf file listed my home directory as /home/<username>, when on the RHEL client it is actually /export/home/<username>. Changing the lines in the VRTSatlocal.conf file from “/home/<username>” to “${HOME}” solved the problem. Now, no matter where I attempt to launch the Admin Console, the proper home directory is found in VRTSatlocal.conf file. Probably a unique situation at our site, so it was hard for Veritas to resolve.