11-13-2020 12:13 AM
I need your advice. A security admin says me than a communication is registered by firewall, from Netbackup Server to a IP. This IP is configured on a server which don't have Netbackup client...
I had verified, all client registred in client list on master, by pinging them. No success.
Firewall saved communications in a laps time where as, activity monitor doesn't running anything.
Obviously, I've executed bptestbpclntcmd without any success ("can't connect on socket").
How can I research any information about this strange thing ?
Port communication are 1556 and 13724.
11-13-2020 12:29 AM - edited 11-13-2020 12:29 AM
Is it only the master server that is trying to connect to the client, or does the firewall also show reply from client ?
How are IP assigned, uing DHCP or static, if using DHCP try clearing out Netbackup host cache:
11-13-2020 12:30 AM
Only the master try to access it.
IP are fixed.
11-13-2020 04:08 AM - edited 11-13-2020 04:09 AM
Likely the client is defined somewhere in the Netbackup environment. To get a idea, I would something like this
# vxlogview -p 51216 -t 01:30:00 | grep -i NAME_OF_SERVER
-t 01:30:00 will in all logs back for 1 hour and 30 minutes
Hopefully the log output will give some clue/ideas where client is specified..
Technotes about vxlogview:
11-13-2020 04:12 AM
You may want to check Policy deployment in your console, I had a kind of similar problem ebfoer, and by checking this side, I found that the client was in a deployment policy, once we deleted it, we had no more errors..
btw, the errors we had were logged in Problems report, do you have that too?
11-13-2020 05:04 AM
Unfortunately (or maybe I'm tired), vxlogview doesn't help me. I've attached the extract vxlogview to this date "11/12/20 22:03:00" to "11/12/20 22:04:00" . These values are logged into firewall.
11-13-2020 05:05 AM
Yes Good luck
Can a deactivated policy can produce this behaviour ?
11-13-2020 05:34 AM - edited 11-13-2020 05:41 AM
Which version you are running?
I am not talking about Backup policy, but deployment policy, I attached a screenshot, and I think yes, even a deactivated policy could produce this behavior..
edit// add screenshot
11-13-2020 05:38 AM
8.1 and I don't see your screenshot also
11-13-2020 05:42 AM
Sorry my bad look at my previous post, I edited it
11-13-2020 05:44 AM - edited 11-13-2020 05:45 AM
I don't have it (Deployment policies)
11-13-2020 05:56 AM
Any client in any policy, even policies with only user initiated jobs can cause this.
I looked at the vxlogview output, but did not find any hints. You may have to increase logging level.
11-13-2020 06:03 AM
did you run bpcltncmd -clear_host_cache ? what is the name of the previous client that has that ip adresse ? and what is the ip adresse too?
you may want to share your nbsu from the master server??
also check master's props (resilient network, proxies..)
do you have errors in your problem reports?
do you have those entries at the same time everyday? or like every 1 hour?
11-13-2020 06:15 AM
One other thing to check -- does this host have multiple hostnames in DNS? I've helped a customer chase something like this for weeks and in the end the hostname being hit at the firewall wasn't the hostname NBU saw it as. It was a very tedious exercise to figure that out. It might be a long shot, but something to consider. The VxUpdate deployment policy is another place I'd look.
Was this host EVER managed by NetBackup at all?
11-16-2020 05:00 AM
@NicolaiCould you tell me how to increase log verbosity for vxlogview ? Is it dependant to general log ?
@Hamza_HI've executed bpcltncmd -clear_host_cache this morning. No errors in reports.
@vtas_chasThis IP is used by a new server without netbackup client. Before, agent was installed but I've no idea on which server :\
Last week end, new records were saved in firewall, only the night apparently
11-16-2020 07:32 AM
You can increase logging levels by modifying the VERBOSE setting in bp.conf.
Do you know if the firewall is seeing the hostname or the IP? I'd search the NBU logs for both hostname and IP, too.
Use the same DNS servers the Master is using to do a reverse lookup of the IP to see what it resolves to on the Master, too, that might help.
If this IP was used elsewhere previously, it is entirely conceivable the hostname is not being resolved according to its new settings. It could be a single DNS server didn't update properly, something is cached somewhere inside NBU, or a hosts file has an entry in it.
Have you checked /etc/hosts?
11-16-2020 07:43 AM
FW show only IP address
I've already checked HOSTS files :(
NSlookup doesn't help too.
Master is on Windows. No bp.conf... is it global logging level ?
11-16-2020 08:01 AM
Right, sorry, forgot this was Windows. You can change logging from within the Java UI for the Master. You can also use vxlogcfg for the specific OID (which might be the better more specific way to deal with this). See https://www.veritas.com/support/en_US/doc/86063237-127664549-0/v40601087-127664549 for more help there.
How did you use nslookup? In my experience it isn't as specific and helpful as Linux based tools, but make sure you're setting it to use the specific DNS host and do the reverse lookups on each DNS server that the OS sees.
11-16-2020 11:43 AM
11-17-2020 01:16 AM - edited 11-17-2020 01:18 AM
bpcltncmd -clear_host_cache don't help.
I've review HOST file on master, and IP is not present.
Browsing Client backup from earliest and IP, don't help, same result from catalog.
All agents listed in Netbackup Admin console respond with thier IP normally.
Somewhere in Netbackup configuration, I have a process which call this IP...but where...