Highlighted

NB 8.1.1 - Upgrade WIndows Client 2K12 to 2K16 - Best practice

hello,

currently we are migrating our windows clients. We migrate our servers Windows 2008 and 20012 to Windows 2016. In the past, we made a migration to windows 2016 and I know we had problems with the token. We had to do a reissu token. Is there a way that the administrator of the Windows server can do everything without calling me. I would not want to do a reissu token with every server migration.  I tried to find some documentation about this but find nothing. 

my question: what is the best practice if you have to migrate multiple Windows clients (OS only) The NB client version does not change, remains 8.1.1. All this without my having to intervene
 
Sorry for my english, i'm french speaking and Google Translate is my friend !
Tags (2)
3 Replies

Re: NB 8.1.1 - Upgrade WIndows Client 2K12 to 2K16 - Best practice

AFAIK there is no way around this... because as soon as NetBackup certificate management becomes aware of a client name, then that client can never be removed from certificate management - and any and all client names that are ever "learned" are remembered forever, and can only ever be in a state of authorised, blocked, or revoked.  When blocked or revoked the only way to re-authorise a client is to use a re-issue token.

I'm also hoping that I am wrong, and that someone else can explain how there is a way of making handling this process a bit easier.

Re: NB 8.1.1 - Upgrade WIndows Client 2K12 to 2K16 - Best practice

Hello,

if acceptable for you, use Medium Security Level instead of High (Global Security Settings). With this setting clients (even new) should not ask for tokens.

Regards

Michal

 

Re: NB 8.1.1 - Upgrade WIndows Client 2K12 to 2K16 - Best practice

If your NetBackup master server version is 8.1.2 or greater, then you could also look into providing the Windows admins WebUI access to generate the tokens they require. With RBAC, you should be able to restrict their level of access to prevent them playing where they should not. 

If this is an option - have a look at the WebUI Security admin Guide.

Cheers
David