Showing results for 
Search instead for 
Did you mean: 

Master Server Migration - Certificate Requirements

Level 5

I have 4 master servers currently running 8.1.2, but each has a Windows 2008R2 O/S.  I am planning the upgrade of these Master Servers to Windows 2016, using the clean install of O/S / Install NBU 8.1.2 and restore catalog method.  I have done this many times previously but not with 8.1 and above.

Do I need to copy information from the current master servers to the new master servers relating to certificates, or will this move with the catalog ?  I am guessing I need to move this information, but am unsure where it is stored and what exactly I need to move.




Partner    VIP    Accredited Certified
That should be brought over by the Catalog backup DR file so make sure you've got the passphrase for it.

Partner    VIP    Accredited Certified

Seems you need to install NetBackup in 'disaster recovery mode' on the new server. 

See this section in the Troubleshooting Guide:


That makes total sense after reading up on it - thank-you.

I have one more question here relating to best practice in this area.

In the past when migrating master servers I have always done this with physical servers atached to tape libraries.  I backup the catalog to tape and then when I deploy the new master I configure the tape and import the catalog from tape using the DR file.  All works well.

In this scenrio however my target master servers are virtual, and therefore have no access to tape.

My config is currently a physical master server and 2 x 5230's in each site.  The 5230's are 'driving' the tape libraries but the master has access to the tape drives.

The new config will be a virtual master server and 2 x 5230's in each site.  The 5230's will continue to drive the tape libraries but the master will have NO accesss to the tape drives.

I was considering defining a basic disk pool on the existing master server using some storage which I can access from both the current physical master server and when I shut this down define it on the virtual master server (same pool name etc).  I would backup the catalog to this basic disk pool on the current master server then restore the catalog from it on the new virtual master server.

I could backup the catalog to one of the 5230's on the current environment, but when I shutdown the current master and perform a DR install on the new virtual master - how would I then get access to the catalog image on the 5230 to restore the catalog ?  The new master would have no knowledge of the 5230's......

I am sure I am missing something 'silly' here, and should be able to do this via the 5230's.

Any input appreciated.



Partner    VIP    Accredited Certified

I like the idea of Basic Disk - even a CIFS share will work (did this some time ago doing Solaris to Linux migration using NFS). Just take note of Service Account requirements for CIFS STU. 
Create a folder on the same disk/share where DR-file will be written.
Mount/map the storage to exact same path on the new server. 

Catalog recovery from MSDP is possible, but additional steps are required. 
How to recover the master server catalog if the catalog backup images are stored on an MSDP pool which is hosted by a separate media server.

You can backup to tape on the Appliance, but this will also require additional steps to add the appliance, devices and media.
To recover from tape, add Appliance as Media Server on new master, add robot and tape drive(s), add catalog tape in Media GUI - slot number and CatalogBackup Pool (if you do not want to Inventory).
Copy DR-files from old master to new master. 

If anything goes wrong, you always have the old master to fall back to. 


Thanks for the input.

I went ahead and used a basic disk pool and wrote the catalog backup to it, and the DR files to the shared disk also, then shutdown the old master noting the last job number in the activity monitor.

I stopped collection from Ops Center for the old master server.

I then came accross an issue with the DR Master Server install on the new master.  The script used for this fails during the install when it attempts to perform the identity install.  After reviewing the logs I found there to be a typo in the script where it tries to run the nbhostidentity command.  There is a \\ in the path to the command instead of a \ - this obviously caused it to fail when calling the command but with a most unhelpfull error.  After some review i see there is an option to run this command manually following a regular master server install which is what I did.

So - procedure was:

Stop everything on old master.

Backup catalog to basic disk unit on shared disk, and DR file pointing the shared disk also.

Note the last job number used

Shutdown old master

Rename new master to old master name, change IP on new master to old masters IP (IP change not neccessary but wanted to avoid any firewall or other related issues)

Reboot new master

Perform 'regular' master server install on new master

Define the basic disk pool pointing to the shared disk

Run the nbhostidentity -import using the DRPKG file on the shared disk

Change the Job Number file to be greater than the last job number performed on the old master

Perform a FULL catalog recovery from the basic disk pool on the shared disk

Restart Services

Test backups, replications, imports

Perform a FULL catalog backup

Release all policies / SLP's


All looks good so far - 3 more master servers to go........