cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

NBU Java console error 503

nandolester
Level 4

‎05-21-2015 12:52 PM

Hi All,

 

I migrated Netbackup server Operational Systema from W2K3 to W2K8 R2 and performed successfully the catalog restore. All environment is working proporly but we have some users that manage some policies by java console.

I've created a local user named Producao, set this user as Administrator, Included the user in the  Local Security Policies: Act as part of the operating system, Create a token object and Replace a process level token

I have also create the auth.conf file in C:\Program Files\VERITAS\Java with the content below.

localhost\producao ADMIN=ALL JBP=ALL

 

After all i'm still getting error 503 when trying to login in java console.

 

I've already restarted the server. Follow bpjava-msvc log:

14:50:57.338 [5244.5184] <2> logparams:  -transient
14:51:02.330 [5244.5184] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
14:51:02.330 [5244.5184] <16> command_LOGON_TO_MSERVER: authenticate failed for user producao (user not found)
14:51:02.533 [5244.5184] <16> poll_listen: can't find file descriptor 00000000000001EC in polling table
14:51:02.533 [5244.5184] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID

 

25 REPLIES 25

watsons
Level 6

‎05-21-2015 04:23 PM

Will it work if you change it to? 

producao ADMIN=ALL JBP=ALL

0 Kudos

nandolester
Level 4

‎05-26-2015 08:22 AM

Hi Watsons,

 

The problem continue. Same error 503.

0 Kudos

Andrew_Madsen
Level 6
Partner

‎05-26-2015 10:19 AM

Did you reboot the machine after you added the rights? You will need to add "Log on Locally" (https://support.symantec.com/en_US/article.TECH72342.html) rights as well. The value in java.auth needs to be <Local Machine name>\producao not localhost\producao especially if they are logging in remotely. 

0 Kudos

nandolester
Level 4

‎05-27-2015 07:52 AM

Confirmed that my user is setup in Local policy as you mentioned and changed the java.auth and even after reboot the problem continue.

0 Kudos

Andrew_Madsen
Level 6
Partner

‎05-27-2015 09:03 AM

Can you post the latest errors from the bpjava-msvc log?

0 Kudos

nandolester
Level 4

‎05-27-2015 02:28 PM

Access tried using <Master Server hostname>\Producao

 

09:27:09.675 [5640.4988] <2> logparams:  -transient
09:27:14.682 [5640.4988] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
09:27:14.682 [5640.4988] <16> command_LOGON_TO_MSERVER: authenticate failed for user Producao (user not found)
09:27:15.072 [5640.4988] <16> poll_listen: can't find file descriptor 00000000000001EC in polling table
09:27:15.072 [5640.4988] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID

0 Kudos

Andrew_Madsen
Level 6
Partner

‎05-27-2015 03:25 PM

According to the log that user does not exist: 

09:27:14.682 [5640.4988] <16> command_LOGON_TO_MSERVER: authenticate failed for user Producao (user not found)

This is not a case of not enough privileges yet it is an issue with the user not being identified. 

Are you logging in from a remote machine or from the Master Server itself?

What do the Windows event logs say? Look for a logon failure from around the time of the attempt in the Security event logs. If there are too many events then try to log in again and the failure should be at the top of the list. 

0 Kudos

watsons
Level 6

‎05-27-2015 05:18 PM

Try this:  in your master server host properties, add the <Local Machine name>   into the SERVER list.

Refresh the setting "bprdreq -rereadconfig" and try login again. Make sure your master server can resolve the <Local Machine name>

0 Kudos

nandolester
Level 4

‎05-28-2015 08:35 AM

Hi Andrew no event is generated in Windows.

 

Watsons. Setup the localhost in hosts of the server and ran the command that you mentioned but the error continue.

Tried to login the server and it login normally.

follow log

 

10:31:53.502 [1728.4892] <2> logparams:  -transient
10:31:58.463 [1728.4892] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
10:31:58.463 [1728.4892] <16> command_LOGON_TO_MSERVER: authenticate failed for user producao (user not found)
10:31:58.666 [1728.4892] <16> poll_listen: can't find file descriptor 00000000000001EC in polling table
10:31:58.666 [1728.4892] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID

0 Kudos

sdo
Moderator
Moderator
Partner    VIP    Certified

‎05-28-2015 09:21 AM

Try changing:

localhost\producao ADMIN=ALL JBP=ALL

...to:

producao ADMIN=ALL JBP=ALL

...i.e remove the leading:     localhost\

0 Kudos

Deb_Wilmot
Level 6
Employee Accredited Certified

‎05-28-2015 09:58 AM

Hi - is the user a member of the local administration account?  It will have to be in order to work - BUT that doesn't explain the user not found error.

 

Is the user logging in to the master server from a remote system?  If so - does the user exist on the master server too?

 

FYI from the Admin Guide Vol1 (7.6.1):

The NetBackup-Java application server authenticates the user name and password
by using standard Windows authentication capabilities for the specified computer.
If NetBackup Access Control is not configured for the users, by default the
NetBackup-Java application server provides authorization data. The authorization
data allows all users who are members of the local administrator group on the
NetBackup master server to use all of the NetBackup-Java applications. Other
users are allowed to access only Backup, Archive, and Restore.

 

 

0 Kudos

nandolester
Level 4

‎05-28-2015 10:36 AM

Hi Deb,

 

The user Producao is a local user in the Master Server (Windows Server 2008 R2) and is member os Administrators group.

I've also tried to access with another user this time from my domain but that is administrator too but i got the same error.

 

0 Kudos

sdo
Moderator
Moderator
Partner    VIP    Certified

‎05-28-2015 11:01 AM

Did you try removing the leading:    localhost\    ?

0 Kudos

nandolester
Level 4

‎05-28-2015 11:15 AM

The auth file is like producao ADMIN=ALL JBP=ALL

Already did this change  but no effect to solve the problem.

0 Kudos

watsons
Level 6

‎05-29-2015 05:04 AM

1 important question we haven't asked is... your Netbackup version & patch level?

And I suppose you have tried disabling UAC & firewall on the Windows master server.

0 Kudos

nandolester
Level 4

‎05-29-2015 05:13 AM

NBU Master 7.1.0.4

Windows Firewall disabled

UAC is set Never notify - i think is the same as disabled.

S.O - Windows Server 2008 R2

 

0 Kudos

watsons
Level 6

‎05-29-2015 05:43 AM

Will system locale plays a part here?

Is that user happen to be something with a "special a" such as  producão  (notice the a)

Just throwing out ideas.. :)  because the logs simply indicate an invalid user.

0 Kudos

nandolester
Level 4

‎05-29-2015 06:11 AM

normal Producao name.

Follow attachment.
 

0 Kudos

Andrew_Madsen
Level 6
Partner

‎05-29-2015 06:58 AM

OK Let's try these steps:

  1. Log on locally to the master server using Producao
  2. Run the Java Console locally and log in using Producao without the <master server>\ preface. Here is the funny bit.
  3. If successful log out and log in using producao - match CASE. You are running 7.1.0.4 and if I remember there is some funky Java and case sensitivity issues
  4. If both fail look at the Security event log. If there is nothing there then the Java console is not even trying to talk to kerboros. 
  5. Take screen shots of all log in screens. 
0 Kudos