cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup 7.5.0.6 Java Console "Unable to login,status:503" Invalid Username(AD Is Windows Server 2012)?

Ray_Xu
Level 3

Hello,

I am trying to login into Netbackup 7.5.0.6 master server (Windows Server 2008 R2 SP1) using Netbackup Java console 7.5.0.6.

But login fails with "Unable to login,status:503" Invalid Username"

I have created file in C:\Program Files\Veritas\Java\auth.conf with valid etries 
 
netbackup75\Administrator ADMIN=ALL JBP=ALL
BACKUPDEPT\netbackup75 ADMIN=ALL JBP=ALL   ------Active Directory is Windows Server 2012
 
Finished! Still tips me the same error.
 
BACKUPDEPT\netbackup75 has already added Local Administrator Group!
"Logon as a service" has been enabled in Local Group Policy!
UAC has been disabled!
 
Why still error?
Somebody gives me a solution.
 
Thank you!
1 ACCEPTED SOLUTION

Accepted Solutions

quebek
Moderator
Moderator
   VIP    Certified

I would also grant this user with:

Replace a process level token,

Act as part of the operating system,

Create a token object.

Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).

After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in

<install path>\NetBackup\logs

and review the file created there after next login attempt from Java GUI.

View solution in original post

10 REPLIES 10

inn_kam
Level 6
Partner Accredited
 

Error "Unable to login, status: 503 Invalid user name" shown in NetBackup Java Console

Article:TECH166557  |  Created: 2011-08-05  |  Updated: 2011-08-05  |  Article URL http://www.symantec.com/docs/TECH166557
 

 

 

Getting "Unable to login, Status 503 Invalid Username" when using a non administrator user in the for the Java GUI.

Article:TECH72342  |  Created: 2009-01-14  |  Updated: 2013-04-26  |  Article URL http://www.symantec.com/docs/TECH72342
 

 

Ray_Xu
Level 3

Seems like need NetBackup Authentication and Authorization,right?

inn_kam
Level 6
Partner Accredited

yeh

Ray_Xu
Level 3

So, I need to configuring NBAC in a Domain environment?

SymTerry
Level 6
Employee Accredited

Yes, NetBackup can use your domain, with proper configuration, to authenticate your users and set limits to their access in NetBackup.

Configuration of NBAC can be found in chapter 4 of the Security and Encryption guide here.

quebek
Moderator
Moderator
   VIP    Certified

I would also grant this user with:

Replace a process level token,

Act as part of the operating system,

Create a token object.

Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).

After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in

<install path>\NetBackup\logs

and review the file created there after next login attempt from Java GUI.

Ray_Xu
Level 3

Thank you!

I executed "bpnbaz -setupmaster" successfully.

But login to java console still error.

Ray_Xu
Level 3

I executed the command "bpnbaz -setupmaster",and it's successful.

It still error when I login java console, I created "bpjava-msvc" dir. Log shows:

17:27:23.673 [2680.4772] <2> supportFiles: C:\Program Files\Veritas\NetBackup\Logs\bpjava-susvc does not exist, i.e. no user server logging.
17:27:23.673 [2680.4772] <2> logparams:  -transient
17:27:23.688 [2680.4772] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
17:27:23.688 [2680.4772] <16> command_LOGON_TO_MSERVER: authenticate failed for user BACKUPDEPT\netbackup75 (user not found)
17:27:23.688 [2680.4772] <16> poll_listen: can't find file descriptor 0000000000000160 in polling table
17:27:23.688 [2680.4772] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
 

How should I do?

quebek
Moderator
Moderator
   VIP    Certified

Well,

If you would listen to me you would be done :)

Do a quick search on google after SeAssignPrimaryTokenPrivilege....

It will give you answers like this:

from first link I recieved I can read http://technet.microsoft.com/en-us/library/cc779140%28v=ws.10%29.aspx

SeAssignPrimaryTokenPrivilege

Replace a process-level token

Allows a process that has this privilege to replace the access token associated with a process

So please add the roles I already mentioned in this thread, reboot that master and you will be OK

I think this issue is not really tight to the NBAZ/NBAC

I had to add the same roles to all my NBU master server so OpsCenter can pull capacity reports...

Ray_Xu
Level 3

Thank you so much, after I check, I find domain account BACKUPDEPT\netbackup75 is not been added to "Replace a process level token" policy.

After added, It's successful.

Thanks again! : )