10-20-2021 10:57 AM
Good afternoon to all.
I have one master server and clients with tape robot backups.Now I installed second master server on server 2022 and I want to make backup jobs on master server VDs. During the policy creation second master server does not see clients.According to my expirience this is the only way to add clients.
I appriciate any suggestion from your side.
Thank you
10-20-2021 01:00 PM
The clients should only be talking to 1 master server. If you haven't edited the bp.conf/registry of the clients to point to the new master server, they won't be able to talk to your new master server. Depending on what version of NetBackup you are running, you may need to remove the certs from the clients and re-deploy certs using tokens from the new master server.
10-20-2021 03:02 PM
Hi @cajo
It is possible for a client to be managed by two master servers (not good practice but sometime necessary). As @Krutons you will need to obtain the new master server CA certificate and a host certificate for the client before you can run backups. There is no requirement to remove existing certificates.
A question - what is your aim here? Why have two master servers?
Finally - at this stage Windows 2022 is not a supported operating system for running NetBackup server software (yes it is supported for the NetBackup client). Yes it may work, but hasn't yet been qualified (I would expect this qualification to come soon, but whether patches are required is unknown by me).
David
10-21-2021 01:44 AM
Thank you for your reply, my chief want to have duoble backup of some clients server that are already on the first master server.
I manage to install on the server but when I want to create policy on the second master server he does not see any of clients.
10-21-2021 01:47 AM - edited 10-21-2021 01:48 AM
Have you confirmed communication between the clients and new master?
Did you deploy both CaCertificate and the certificate to the client of the new maser server?
Edit: Are you running AIR at all for your first Netbackup Master?
10-21-2021 02:09 AM
There is network communication(PING) but no communication between second master and clients. Simply it does not see the clients.I can not create policy neither to add server.
10-21-2021 02:15 AM
What does the output of bptestbpcd -client <client name> -verbose show?
This is from the master to the client.I
It can be found in /usr/openv/netbackup/bin/admincmd/ or <install drive>\Program Files\Veritas\NetBackup\bin\admincmd
10-21-2021 03:31 AM
This is output
C:\Program Files\Veritas\NetBackup\bin\admincmd>bptestbpcd -client apps.hias-vienna.at -verbose
PEER_NAME = storageserver.hias-vienna.at
HOST_NAME = apps.hias-vienna.at
<16>bptestbpcd main: Function ConnectToBPCD(apps.hias-vienna.at) failed: 7641
<16>bptestbpcd main: Failed to find a common CA Root for secure handshake
<16>bptestbpcd main: Failed to find a common CA Root that is required for secure communication. Connector CAs ([{"domain_id": "ce3fe597-400e-4d99-ad95-fb76458fde9f", "ca_usage": "NBCA"}]), Acceptor CAs ([{"domain_id": "b36547d7-920f-450c-a9ff-e6aeb4778d57", "ca_usage": "NBCA"}]). The external certificate cannot be automatically enrolled. Either the automatic enrollment is disabled or the mandatory ECA configuration options are not set for one or both the hosts.: 7641
[PROXY] Encountered error (CERT_PROTOCOL_SELECT_COMMON_CA_ROOT) while processing(CertProtocol).: 4
Failed to find a common CA Root for secure handshake
10-21-2021 03:47 AM
So that tells me you haven't run nbcertcmd -getCAcertificate -server <masterserver> or nbcertcmd -getcertificate -token <token generated from second master> -server <masterserver> on the clients.