cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup restore issue

rookie11
Moderator
Moderator
   VIP   

hi experts,

NBU master - AUL version (8.2), client server FILE001 version (8.2) (prod)                                                                          NBU master - AUS version (8.2), client server FILR001 version (8.2)  (non prod)                                                                  FILR001 is a replica server of FILE001 (dfsr setup), client server FILE001 -- backup happens on master AUL then via AIR data replicated to NBU master AUS.

Now when i try to restore data via NBU master - AUS to FILE001 prod). it fails with below error

Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) [PROXY] ConnectionId: {948F8EB6-7BDD-11EB-923C-FCEAA81E9CD8}:OUTBOUND
Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) [PROXY] pid: 155969
Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) [PROXY] Received status: 7641 with message Failed to find a common CA Root that is required for secure communication. Connector CAs ([{"domain_id": "d191fc0d-5d0b-4e89-9cb8-6eaddffd06e8", "ca_usage": "NBCA"}]), Acceptor CAs ([{"domain_id": "7ec86394-7e48-4c77-a5c0-4051b4b1bf68", "ca_usage": "NBCA"}]). The external certificate cannot be automatically enrolled. Either the automatic enrollment is disabled or the mandatory ECA configuration options are not set for one or both the hosts.
Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) [PROXY] Encountered error (CERT_PROTOCOL_SELECT_COMMON_CA_ROOT) while processing(CertProtocol).
Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) bpcd on file001 exited with status 7641: Failed to find a common CA Root for secure handshake
Mar 3, 2021 4:01:57 PM - Info tar (pid=0) done. status: 7641: Failed to find a common CA Root for secure handshake
Mar 3, 2021 4:01:57 PM - Error bpbrm (pid=19242) client restore EXIT STATUS 7641: Failed to find a common CA Root for secure handshake. 

please help to resolve this.

this issue was not encountered in NBU version lower than 8.1. once data is replicated and master+ media server names updated restore was simple. 

 

1 REPLY 1

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@rookie11 

Yes, in the meantime NBU introduced Security certificates. Hopefully you are aware of this?

Each client needs a certificate from a trusted master server.

FILE001 does not have a certificate for master AUS.

You need to follow some steps to add certificate on clients for another master.
You need to firstly create a token on Master AUS that can be used for a number of clients. Copy this token to a text file.

Issue these commands on the client:

nbcertcmd -displayCACertDetail -server <Master AUS>   (should show Trusted/Not Trusted, if not trusted, go to next step)

nbcertcmd -getCACertificate -server <Master AUS>  (you would select Y to accept, then the master will be trusted)

nbcertcmd -getCertificate -server <Master AUS> -force -token <TOKEN>  (this adds token created on master to client)