05-21-2015 12:52 PM
Hi All,
I migrated Netbackup server Operational Systema from W2K3 to W2K8 R2 and performed successfully the catalog restore. All environment is working proporly but we have some users that manage some policies by java console.
I've created a local user named Producao, set this user as Administrator, Included the user in the Local Security Policies: Act as part of the operating system, Create a token object and Replace a process level token
I have also create the auth.conf file in C:\Program Files\VERITAS\Java with the content below.
localhost\producao ADMIN=ALL JBP=ALL
After all i'm still getting error 503 when trying to login in java console.
I've already restarted the server. Follow bpjava-msvc log:
14:50:57.338 [5244.5184] <2> logparams: -transient
14:51:02.330 [5244.5184] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
14:51:02.330 [5244.5184] <16> command_LOGON_TO_MSERVER: authenticate failed for user producao (user not found)
14:51:02.533 [5244.5184] <16> poll_listen: can't find file descriptor 00000000000001EC in polling table
14:51:02.533 [5244.5184] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
06-02-2015 04:00 PM
Hi Andrew,
I could login to windows normal but when open java console inside server the same error appear. Follow attach...
No windows security event was generated.
06-03-2015 04:04 AM
OK If you are logging into a Windows machine that is a part of the domain it is going to authenticate against the domain ONLY. it will not try domain first then local next. All NetBackup is reporting is what the authentication engine is responding with.
Log in using BOGS00000021\Producao. That should at least get your user identified.Then the java.auth file comes into affect and determines what level of authority the user has. If the user is authorized to log onto the machine he will get at least Backup And Recovery access. You are not even getting to where the java.auth file is being queried.
06-03-2015 12:22 PM
Logged in windows with BOGS00000021\Producao and inside the windows tried the java console with BOGS00000021\Producao. Got the same error. Follow java log.
02:51:12.236 [5896.4492] <2> logparams: -transient
02:51:12.829 [5896.4492] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
02:51:12.829 [5896.4492] <16> command_LOGON_TO_MSERVER: authenticate failed for user Producao (user not found)
02:51:13.031 [5896.4492] <16> poll_listen: can't find file descriptor 0000000000000214 in polling table
02:51:13.031 [5896.4492] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
14:20:45.880 [5592.4460] <2> logparams: -transient
14:20:45.895 [5592.4460] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
14:20:45.895 [5592.4460] <16> command_LOGON_TO_MSERVER: authenticate failed for user BOGS00000021\Producao (user not found)
14:20:45.895 [5592.4460] <16> poll_listen: can't find file descriptor 0000000000000214 in polling table
14:20:45.895 [5592.4460] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
06-03-2015 01:40 PM
Is NBAC enabled on the master server?
06-10-2015 08:41 AM
I do not use NBAC
06-18-2015 07:30 AM
No other option? I will raise a ticket call tomorrow but would like to test other thing before that.