Hi Mark, no, I have no

Volker_Spies · ‎12-04-2012

Hi,

I found a very odd behavior in our NetBackup environment.

Every now and then the NBConsole.exe tries to establish an smb/cifs connection to two of our AIX Hosts. Here is a snippet from the NTLM log on the master server:

NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.

Target server: cifs/<AIX server hostname>

Supplied user: (NULL)

Supplied domain: (NULL)

PID of client process: 4076

Name of client process: C:\Program Files\Veritas\NetBackup\bin\NBConsole.EXE

LUID of client process: 0x73b75

User identity of client process: <my admin account>

Domain name of user identity of client process: <domain name>

Mechanism OID: (NULL)

Audit the NTLM authentication requests from this computer that would be blocked by the target server cifs/<AIX server hostname> if the security policy Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers is set to Deny all.

What is that?

On top of that the samba server on the AIX host tries to authenticate the request with the domain controlelrs, and gets a NT_STATUS_LOGON_FAILURE.

So if this happens more than 5 times in 5 minutes my admin accounts gets locked out from the domain, that happesn every couple of month and it took us weeks to break down this behavior to the netbackup master server.

The AIX server is a media server with a couple aof LTO5 adrives connected and hosts a couple of SAP/DB2 systems, all backups are running fine for the host.

HELP! :)

Best regards

Volker

Yasuhisa_Ishika · ‎12-07-2012

I have never heard such behavior.

Does anyone add AIX host as cient in MS-Windows policy and browse File Selections?

Volker_Spies · ‎12-07-2012

Hi Yasuhisa,

sound like a solution!

Unfortunaltely it's not, I searched for the host in all policies and it only popped up in a unix file backup policy with policy type standard.

Thanks for your reply anyway!

maybe someone with deep NetBackup knowledge can point out: When does netbackup use cifs/smb connections to hosts? Do Windows Media servers with DSSU or dedup pools use smb connections to other hosts?

Do I read the log correct? Does netbackup try to reach a share on the AIX Server, or does nbconsole try to authenticate a user with the AIX host?

Volker

Mark_Solutions · ‎12-07-2012

Is the AIX Media Server also a BMR boot server?

The NetBackup console makes connections with BMR Servers when it is opened and used - not sure if that would be cifs/smb though

Mark_Solutions · ‎12-07-2012

Unless you have any cifs / samba attached storage units of course?

Also has the feeling replication director and NetApps plugins used something but i guess you need an engineer on the case as you said

Volker_Spies · ‎12-10-2012

Hi Mark,

no, I have no Storage Units that are on Samba shares.

How do I figure out that the host is a BMR boot server, in the policy the "Bare Metal Restore" is not checked in the policy.

But the "Collect true image restore information. with move detection" is checked, but as I understand the documentation this should work even on Unix hosts.

You are right, I will open a case with symantec, I refused to do that because sometimes it's painfull to overcome the first level of support and get to someone that has actually the knowledge to help.

But that is not the right place to discuss that, :)

Thanks to all of you anyways, will keep you updated if I have a solution.

Volker

mandar_khanolka · ‎12-10-2012

>> How do I figure out that the host is a BMR boot server, in the policy the "Bare Metal Restore" is not checked in the policy.

On you NB master server fire below query to check if the host name exists.

netbackup/bin/bmrs -o list -r bootserver

Thanks.

Mandar

Mark_Solutions · ‎12-10-2012

In the admin console go to the BMR section at the bottom - expand it and check in the BMR Boot Server section to see if it is listed there

VOX

NBConsole.exe cifs connection to Unix Host?