cancel
Showing results for 
Search instead for 
Did you mean: 

NetBackup 8.1.2 upgrade via SCCM

mfalge
Level 3

We’re trying to upgrade NetBackup from 7.5 to 8.1.2. on Windows clients remotely via our Linux Master. Due to significant changes between these two versions we are not able to deploy an upgrade as the certificate authentication tech has changed dramatically.

We now need to get this certificate installed on each of the clients before master/client communication can occur.

So, we won’t have to touch our hundreds of servers manually we are looking into ways of automating this via SCCM.

Is anyone aware of a way to deploy the 8.1.2. client with both cert and client packaged together via SCCM? How to find and package the certificate with the client? What are the best practices - deploy cert alone, combine cert and installer, remove 7.5 first then install 8.1.2?

Thanks,
Mark

3 REPLIES 3

Tape_Archived
Moderator
Moderator
   VIP   

I haven't tried to deploy using SCCM but I do find some details in the silentclient.cmd installation file about authenticating client if you want to install or upgrade.

You can provide the token here in place of SKIP in the file. Token can be easily created with several criteria's through Java console under - Security Management => Certificate Management => Token Management

REM If you were issued an authorization token by your backup administrator, provide it below.
REM If no authorization token was issued, leave it as SKIP. To reinstall the NetBackup client,
REM please provide the reissue token for the AUTHORIZATION_TOKEN value.
REM
REM *** WARNING!
REM
REM Because providing the authorization token in plain text presents a security risk, restrict
REM access to the silentclient.cmd file to read access. Grant read access to NetBackup
REM administrators and system administrators only. Delete the silentclient.cmd file following
REM successful installation.
REM
REM -------------------------------------------------------------------------------------------
SET AUTHORIZATION_TOKEN=SKIP
REM -------------------------------------------------------------------------------------------

From what we are seeing. It appears that communication is failing because of a missing cert. We can't remotely install because the master/client won't authenticate.

How do we find out which cert is required and where to deploy it on the clients?

Here is the bptestbpcd output from a couple of clients.

sample-master.com% sudo ./bptestbpcd -client sample-host-01.com
<16>bptestbpcd main: Function ConnectToBPCD(sample-host-01.com) failed: 7641
<16>bptestbpcd main: Failed to find a common CA Root for secure handshake
Failed to find a common CA Root for secure handshake
sample-master.com% sudo ./bptestbpcd -client sample-host-02.com
<16>bptestbpcd main: Function ConnectToBPCD(sample-host-02.com) failed: 7641
<16>bptestbpcd main: Failed to find a common CA Root for secure handshake
Failed to find a common CA Root for secure handshake
sample-master.com%

X2
Moderator
Moderator
   VIP   

Make sure you have the following variables set in your silentclient.bat

CA_CERTIFICATE_FINGERPRINT

AUTHORIZATION_TOKEN (if it is a new client, and not "known" to the master server)

For our setup, most of the stuff works except the certificate install. But that is due to the fact that the server is provisioned in an incubator environment and does not have the correct domain/IP setup.

PS: SCCM works for us for provisioning. Upgrades are with VxUpdate now as we have 8.1.2.