11-07-2013 03:15 AM
Hello,
I am trying to login into Netbackup 7.5.0.6 master server (Windows Server 2008 R2 SP1) using Netbackup Java console 7.5.0.6.
But login fails with "Unable to login,status:503" Invalid Username"
Solved! Go to Solution.
11-07-2013 01:49 PM
I would also grant this user with:
Replace a process level token,
Act as part of the operating system,
Create a token object.
Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).
After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in
<install path>\NetBackup\logs
and review the file created there after next login attempt from Java GUI.
11-07-2013 03:21 AM
Article:TECH166557 | | | Created: 2011-08-05 | | | Updated: 2011-08-05 | | | Article URL http://www.symantec.com/docs/TECH166557 |
Article:TECH72342 | | | Created: 2009-01-14 | | | Updated: 2013-04-26 | | | Article URL http://www.symantec.com/docs/TECH72342 |
11-07-2013 03:40 AM
Seems like need NetBackup Authentication and Authorization,right?
11-07-2013 03:47 AM
yeh
11-07-2013 04:02 AM
So, I need to configuring NBAC in a Domain environment?
11-07-2013 12:19 PM
Yes, NetBackup can use your domain, with proper configuration, to authenticate your users and set limits to their access in NetBackup.
Configuration of NBAC can be found in chapter 4 of the Security and Encryption guide here.
11-07-2013 01:49 PM
I would also grant this user with:
Replace a process level token,
Act as part of the operating system,
Create a token object.
Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).
After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in
<install path>\NetBackup\logs
and review the file created there after next login attempt from Java GUI.
11-08-2013 01:48 AM
Thank you!
I executed "bpnbaz -setupmaster" successfully.
But login to java console still error.
11-08-2013 01:48 AM
I executed the command "bpnbaz -setupmaster",and it's successful.
It still error when I login java console, I created "bpjava-msvc" dir. Log shows:
17:27:23.673 [2680.4772] <2> supportFiles: C:\Program Files\Veritas\NetBackup\Logs\bpjava-susvc does not exist, i.e. no user server logging.
17:27:23.673 [2680.4772] <2> logparams: -transient
17:27:23.688 [2680.4772] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
17:27:23.688 [2680.4772] <16> command_LOGON_TO_MSERVER: authenticate failed for user BACKUPDEPT\netbackup75 (user not found)
17:27:23.688 [2680.4772] <16> poll_listen: can't find file descriptor 0000000000000160 in polling table
17:27:23.688 [2680.4772] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
How should I do?
11-08-2013 03:45 AM
Well,
If you would listen to me you would be done :)
Do a quick search on google after SeAssignPrimaryTokenPrivilege....
It will give you answers like this:
from first link I recieved I can read http://technet.microsoft.com/en-us/library/cc779140%28v=ws.10%29.aspx
SeAssignPrimaryTokenPrivilege |
Replace a process-level token |
Allows a process that has this privilege to replace the access token associated with a process |
So please add the roles I already mentioned in this thread, reboot that master and you will be OK
I think this issue is not really tight to the NBAZ/NBAC
I had to add the same roles to all my NBU master server so OpsCenter can pull capacity reports...
11-10-2013 06:04 PM
Thank you so much, after I check, I find domain account BACKUPDEPT\netbackup75 is not been added to "Replace a process level token" policy.
After added, It's successful.
Thanks again! : )