cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

NetBackup Live Update over HTTPS

rjsuresh
Level 3

‎05-01-2013 09:14 AM

We have NetBackup Master and Media server running on Solaris.  Clients are combination of Solaris, Linux and Windows.  The OpsCenter, NB Console and NB LiveUpdate server is running on Windows 2008 R2 in a VM.

LiveUpdate was setup using IIS and was able to update over HTTP but not using HTTPS.  When I run it over HTTPS, I receive the below message.  If you see the java version it is latest and it should not be an issue.  When it is able to do the deployment using HTTP, what is causing the HTTPS to fail?

IIS setup properly with MIME settings and was able to download the file remotely and connect remotely.

What is the issue here and how can I fix it or runing this over HTTPS?  Please suggest me.

 

May 1, 2013 3:09:02 PM Java LiveUpdate launched with the command line = -c /usr/openv/netbackup/nblu.conf
May 1, 2013 3:09:02 PM Using character set UTF-8
May 1, 2013 3:09:02 PM Command-line Product Selections to update:
May 1, 2013 3:09:02 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
May 1, 2013 3:09:02 PM Adding JLU to the current command line
May 1, 2013 3:09:02 PM   JLU Solaris, 3.6, English, LiveUpdateSeq, 25
May 1, 2013 3:09:02 PM Java Version 1.6.0_29.
May 1, 2013 3:09:02 PM SunOS 5.10
May 1, 2013 3:09:02 PM Java LiveUpdate version 3.6 Build 25.
May 1, 2013 3:09:02 PM ProductInventory: parsed default inventory file: /etc/Product.Catalog.JavaLiveUpdate
May 1, 2013 3:09:02 PM Inventory File Product Selections to update:
May 1, 2013 3:09:02 PM (ProdName, Version, Lang, ItemSeqName, SeqNum)
May 1, 2013 3:09:02 PM   NBClient_Solaris-X64, 7.5, English, Update, 20120131
May 1, 2013 3:09:02 PM The property maxZipFileSize in config file is 614,400
May 1, 2013 3:09:02 PM The property maxTriFileSize in config file is 10,485,760
May 1, 2013 3:09:02 PM The property maxPackageSize in config file is 2,147,483,647
May 1, 2013 3:09:02 PM The property maxPackageContentSize in config file is 2,147,483,647
May 1, 2013 3:09:02 PM Cache is disabled.
May 1, 2013 3:09:02 PM Checking to see if JLU can connect to its own listener thread.
May 1, 2013 3:09:02 PM Checking to see if a session of JLU is running at port 40065.
May 1, 2013 3:09:02 PM An active JLU session has been detected.
May 1, 2013 3:09:02 PM JLU was able to successfully connect to its own listener thread.
May 1, 2013 3:09:02 PM Downloading minitri.flg to /tmp/1367420942769/minitri.flg ...
May 1, 2013 3:09:02 PM Connecting to example.com:1443 via HTTPS ...
May 1, 2013 3:09:03 PM Connected to x.x.x.x sending request ...
May 1, 2013 3:09:03 PM Downloading livetri.zip to /tmp/1367420942769/livetri.zip ...
May 1, 2013 3:09:03 PM Connecting to x.x.x.x via HTTPS ...
May 1, 2013 3:09:03 PM Connected to x.x.x.x sending request ...
May 1, 2013 3:09:03 PM A LiveUpdate server could not be selected.
May 1, 2013 3:09:03 PM
May 1, 2013 3:09:03 PM The Java LiveUpdate session did not complete successfully.
May 1, 2013 3:09:03 PM Return code = -2,001
May 1, 2013 3:09:03 PM
============================================================
<IdsJluCommandLine><-c /2Fusr/2Fopenv/2Fnetbackup/2Fnblu.conf >
<IdsJluCommandLineCharacterSet><UTF-8>
<IdsPVLListing1>
<IdsPVLListing2>
<IdsJluCommandLineAddedJluToSession>
<IdsJavaVersion><1.6.0_29>
<IdsJavaLiveUpdateVersion><3.6><25>
<IdsProductInventoryParsedDefault></2Fetc/2FProduct.Catalog.JavaLiveUpdate>
<IdsPVLListing3>
<IdsPVLListing2>
<IdsMaxSize><maxZipFileSize><614400>
<IdsMaxSize><maxTriFileSize><10485760>
<IdsMaxSize><maxPackageSize><2147483647>
<IdsMaxSize><maxPackageContentSize><2147483647>
<IdsCacheMode>
<IdsJluSyncCheckCurrentSession>
<IdsJluSyncCheckPort><40065>
<IdsJluSyncCheckActive>
<IdsJluSyncCurrentSessionActive>
<IdsDownloadMsg><minitri.flg></2Ftmp/2F1367420942769/2Fminitri.flg>
<IdsHttpConnectionMsg2><example.com><1443><HTTPS>
<IdsHttpConnectedMsg><x.x.x.x>
<IdsDownloadMsg><livetri.zip></2Ftmp/2F1367420942769/2Flivetri.zip>
<IdsHttpConnectionMsg><x.x.x.x><HTTPS>
<IdsHttpConnectedMsg><x.x.x.x>
<IdsServerSelectionError>
<IdsJavaSessionFailure>
<IdsJavaSessionReturnCode><-2001>
============================================================

 

0 Kudos
5 REPLIES 5

CRZ
Level 6
Employee Accredited Certified

‎05-01-2013 03:42 PM

First things first - it isn't a typo of the port, is it?  I notice it says "1443" and not "443" but that could be from your log scrubbing:

May 1, 2013 3:09:02 PM Connecting to example.com:1443 via HTTPS ...

Your log excerpt seems to match exactly with the one in this (older) TechNote:

LiveUpdate of a UNIX or Linux client fails to connect to the LiveUpdate server over HTTPS (Secure HTTP)
  http://symantec.com/docs/TECH71633

Can you run the keytool command listed at the bottom and see if your certificate is shown in the cacerts file?  Also, wouldn't hurt to double check the nblu.conf and .luagent.conf settings to make sure they're correctly showing "https://" and ":443" where applicable.

If all that looks OK, you might need to open a case with us.

0 Kudos

rjsuresh
Level 3

‎05-08-2013 10:27 AM

Sorry for the late reply Chris.   I have tried all I could.

 

1) Verified Java version.

 /usr/openv/java/jre/bin/java -version
java version "1.6.0_29"
Java(TM) SE Runtime Environment (build 1.6.0_29-b11)
Java HotSpot(TM) Server VM (build 20.4-b02, mixed mode)
 

2) Verified the nblu.conf and .luagent.conf with connectivity to live update server.

more /usr/openv/netbackup/nblu.conf
# $Id: nblu.conf.template,v 1.4 2010/09/24 16:15:11 $
# $VRTScprght: Copyright 1993 - 2012 Symantec Corporation, All Rights Reserved $
############################################################
#                                                          #
# nblu.conf - Symantec LiveUpdate configuration file       #
#                                                          #
# This file is used to configure the settings used by      #
# LiveUpdate                                               #
#                                                          #
############################################################

downloadCacheSize=8192
hosts/0/mode=trusted
hosts/0/url=https://server:1443/
logfile=/opt/Symantec/LiveUpdate/liveupdt.log
maxPackageContentSize=2147483647
maxPackageSize=2147483647
maxTriFileSize=10485760
maxZipFileSize=614400
workdir=/tmp
 

more  /usr/openv/netbackup/.luagent.conf

NB_URL_OR_DISK_NAME=url=https://server:1443

telnet <server> 1443

Trying xxxx...
Connected to xxxxt.
Escape character is '^]'.
^]
 

3) we have installed self signed certificate for the live udpate server  and i don't see the cerificate of live update server listed. (just removed the key info for safety)

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 76 entries
 

 

0 Kudos

rjsuresh
Level 3

‎05-22-2013 04:25 PM

Any help?

0 Kudos

mikent
Level 3

‎05-27-2013 01:40 AM

Hi, Can you send output from SSL error log files from you Liveupdate server ?
0 Kudos

rjsuresh
Level 3

‎05-31-2013 01:51 PM

This is a self signed certificate created in LiveUpdate server (windows 2008 R2). Below information was from SSLDiag tool

I see that "RemoteCertificateNameMismatch" error when i'm testing it.  Still crushing my brain on what is wrong.

 

System Time : Friday, May 31, 2013 7:03:42 PM Coordinated Universal Time
Processor Architecture : x64
OS : Microsoft Windows NT 6.1.7601 Service Pack 1
Microsoft Internet Information Services 7.5
 
SERVER SSL PROTOCOLS
PCT 1.0 : Enabled
SSL 2.0 : Enabled
SSL 3.0 : Enabled
TLS 1.0 : Enabled
SChannel EventLogging : 1 (hex)
-----
[W3SVC/2]
ServerComment   : NBLiveUpdate
ServerAutoStart   : True
ServerState           : Started
 
BINDING : https *:1443:
SSLCertHash : 8B096E5CEDF69555635A211401AF1F3690B9B914
SSL Flags : SSL  SslNegotiateCert  
Testing EndPoint : 127.0.0.1:1443 - Success
#CertName : NBLiveUpdate
#Version : 3
#You have a private key that corresponds to this certificate.
#Signature Algorithm : sha1RSA
#Key Exchange Algorithm : RSA-PKCS1-KeyEx Key Size : 2048
#Subject : CN=server
#Issuer : CN=server
#Validity : From Tuesday, April 30, 2013 11:54:30 AM To Wednesday, April 30, 2014 12:00:00 AM
#Serial Number : 1380234BFE6409B645F42C3B4A93B460
DS Mapper Usage : Disabled
Archived : False
#Key Usage : Key Encipherment, Data Encipherment (30)
#Enhanced Key Usage : Server Authentication (1.3.6.1.5.5.7.3.1)
Certificate verified.
 
 
-----
 

Server certificate name : CN=server
Server certificate subject : CN=server
Server certificate issuer : CN=server
Server certificate validity : From 4/30/2013 11:54:30 AM To 4/30/2014 12:00:00 AM
RemoteCertificateNameMismatch
 
HTTP REQUEST
GET https://localhost:1443/ HTTP v1.1
   Host : localhost:1443
   Connection : Keep-Alive
 
HTTP RESPONSE
HTTP 1.1 200 OK
   Content-Length : 5596
   Content-Type : text/html; charset=UTF-8
   Date : Fri, 31 May 2013 19:04:38 GMT
   Server : Microsoft-IIS/7.5
     <html><head><title>localhost - /</title></head><body><H1>localhost - /</H1><hr>
     
     <pre> 2/10/2013  9:32 AM    581206827 <A HREF="/1360506394jtun_nb_7.5.0.5_hpia64.zip">1360506394jtun_nb_7.5.0.5_hpia64.zip</A><br> 2/10/2013  9:32 AM    215597837 <A HREF="/1360506394jtun_nb_7.5.0.5_hpux.zip">1360506394jtun_nb_7.5.0.5_hpux.zip</A><br> 2/10/2013  9:33 AM    213572618 <A HREF="/1360506394jtun_nb_7.5.0.5_linuxr.zip">1360506394jtun_nb_7.5.0.5_linuxr.zip</A><br> 2/10/2013  9:33 AM    195439647 <A HREF="/1360506394jtun_nb_7.5.0.5_linuxs.zip">1360506394jtun_nb_7.5.0.5_linuxs.zip</A><br> 2/10/2013  9:33 AM    818070792 <A HREF="/1360506394jtun_nb_7.5.0.5_rs6000.zip">1360506394jtun_nb_7.5.0.5_rs6000.zip</A><br> 2/10/2013  9:33 AM    257619740 <A HREF="/1360506394jtun_nb_7.5.0.5_solaris.zip">1360506394jtun_nb_7.5.0.5_solaris.zip</A><br> 2/10/2013  9:33 AM    237164275 <A HREF="/1360506394jtun_nb_7.5.0.5_solaris86.zip">1360506394jtun_nb_7.5.0.5_solaris86.zip</A><br> 2/10/2013  9:33 AM    101903011 <A HREF="/1360506394jtun_nb_7.5.0.5_zlinuxr.zip">1360506394jtun_nb_7.5.0.5_zlinuxr.zip</A><br> 2/10/2013  9:33 AM     89984578 <A HREF="/1360506394jtun_nb_7.5.0.5_zlinuxs.zip">1360506394jtun_nb_7.5.0.5_zlinuxs.zip</A><br> 2/10/2013  9:33 AM    522288403 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_hp-ux-ia64.zip">1360506394jtun_nb_clt_7.5.0.5_hp-ux-ia64.zip</A><br> 2/10/2013  9:33 AM    358288020 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_hp9000-800.zip">1360506394jtun_nb_clt_7.5.0.5_hp9000-800.zip</A><br> 2/10/2013  9:33 AM     44774990 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_intel.zip">1360506394jtun_nb_clt_7.5.0.5_intel.zip</A><br> 2/10/2013  9:33 AM    334776085 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_linux-ia64.zip">1360506394jtun_nb_clt_7.5.0.5_linux-ia64.zip</A><br> 2/10/2013  9:34 AM   1418165970 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_linux.zip">1360506394jtun_nb_clt_7.5.0.5_linux.zip</A><br> 2/10/2013  9:34 AM     39771068 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_macintosh.zip">1360506394jtun_nb_clt_7.5.0.5_macintosh.zip</A><br> 2/10/2013  9:34 AM    604402803 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_rs6000.zip">1360506394jtun_nb_clt_7.5.0.5_rs6000.zip</A><br> 2/10/2013  9:34 AM    591550908 <A HREF="/1360506394jtun_nb_clt_7.5.0.5_solaris.zip">1360506394jtun_nb_clt_7.5.0.5_solaris.zip</A><br> 2/10/2013  9:34 AM      2829145 <A HREF="/masttri.zip">masttri.zip</A><br> 2/10/2013  9:34 AM            1 <A HREF="/minitri.flg">minitri.flg</A><br> 2/10/2013  9:34 AM      2826814 <A HREF="/msttribak.zip">msttribak.zip</A><br> 2/10/2013  9:34 AM         2873 <A HREF="/nbclient$5fhp$2dux$2dia64_7.5_english_livetri.zip">nbclient$5fhp$2dux$2dia64_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2859 <A HREF="/nbclient$5fhp9000$2d800_7.5_english_livetri.zip">nbclient$5fhp9000$2d800_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2855 <A HREF="/nbclient$5fintel_7.5_english_livetri.zip">nbclient$5fintel_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2865 <A HREF="/nbclient$5flinux$2dia64_7.5_english_livetri.zip">nbclient$5flinux$2dia64_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2855 <A HREF="/nbclient$5flinux$2dpseries_7.5_english_livetri.zip">nbclient$5flinux$2dpseries_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2854 <A HREF="/nbclient$5flinux$2dx64_7.5_english_livetri.zip">nbclient$5flinux$2dx64_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2859 <A HREF="/nbclient$5flinux$2dzseries_7.5_english_livetri.zip">nbclient$5flinux$2dzseries_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2867 <A HREF="/nbclient$5fmacintosh_7.5_english_livetri.zip">nbclient$5fmacintosh_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2857 <A HREF="/nbclient$5frs6000_7.5_english_livetri.zip">nbclient$5frs6000_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2858 <A HREF="/nbclient$5fsolaris$2dsparc_7.5_english_livetri.zip">nbclient$5fsolaris$2dsparc_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2862 <A HREF="/nbclient$5fsolaris$2dx64_7.5_english_livetri.zip">nbclient$5fsolaris$2dx64_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2973 <A HREF="/netbackup$5fhpia64_7.5_english_livetri.zip">netbackup$5fhpia64_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2978 <A HREF="/netbackup$5fhpux_7.5_english_livetri.zip">netbackup$5fhpux_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2966 <A HREF="/netbackup$5flinuxr_7.5_english_livetri.zip">netbackup$5flinuxr_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2968 <A HREF="/netbackup$5flinuxs_7.5_english_livetri.zip">netbackup$5flinuxs_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2948 <A HREF="/netbackup$5frs6000_7.5_english_livetri.zip">netbackup$5frs6000_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2971 <A HREF="/netbackup$5fsolaris86_7.5_english_livetri.zip">netbackup$5fsolaris86_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2963 <A HREF="/netbackup$5fsolaris_7.5_english_livetri.zip">netbackup$5fsolaris_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2973 <A HREF="/netbackup$5fzlinuxr_7.5_english_livetri.zip">netbackup$5fzlinuxr_7.5_english_livetri.zip</A><br> 2/10/2013  9:34 AM         2974 <A HREF="/netbackup$5fzlinuxs_7.5_english_livetri.zip">netbackup$5fzlinuxs_7.5_english_livetri.zip</A><br> 2/10/2013  9:36 AM         9604 <A HREF="/VrtsNBLU_7.5.0.5.UNIX.README">VrtsNBLU_7.5.0.5.UNIX.README</A><br>  5/6/2013  6:39 PM          531 <A HREF="/web.config">web.config</A><br></pre><hr></body></html>
 

 

 

 

0 Kudos