03-08-2013 01:49 AM
Hi All,
I am trying to login into NBU 7.5.0.4 master server (Windows 2008 R2) using NBU Java console. Login fails with error 503 (Invalid User).
looking into bpjava-msvc logs I can see the below error mesage.
Solved! Go to Solution.
06-25-2013 01:02 AM
Resolved this issue after upgrade to latest version 7.5.6
03-08-2013 02:28 AM
hi
First check are you able to do login using the same user to the server?
check by starting the java console as " run as admininstartor"
try disabling the User accout control in windows 2008
03-08-2013 02:47 AM
Hi,
UAC is disabled and netbackup user is a domain user with local admin privilages on master server. nbuadmin is a local user account on master server and is also part of local admin for Master Server.
The NBU services are running as user netbackup. All features and functions work fine, but for some reason it fails to auth the user.
Running JAVA console from Master server stills ends with same message.
<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
Regards
Shantharam Sahyadri
03-08-2013 03:52 AM
How are you logging in? domain\username? localserver\nbuadmin? you will need to do it that way for this to work.
03-08-2013 04:02 AM
Yes logging with domainname\username or localserver\username too ends with the same message.
03-08-2013 01:44 PM
What's in D:\Program Files\Veritas\java\auth.conf ? Is an entry for nbuadmin in there? Is it what you would expect, or does it need a quick edit?
03-10-2013 10:41 AM
D:\Program Files\Veritas\java\auth.conf contains
03-10-2013 10:59 AM
hi,
your Previous post is saying that nbuadmin is local accout but auth.conf has entry like
domainname\nbuadmin ADMIN=ALL JBP=ALL.
try either of the below entires and see how it works
nbuadmin ADMIN=ALL JBP=ALL
or
* ADMIN=ALL JBP=ALL
03-10-2013 07:47 PM
Hi,
Sorry my mistake.. the entry for nbuadmin is
hostname\nbuadmin ADMIN=ALL JBP=ALL
domainname\netbackup ADMIN=ALL JBP=ALL.
I am sure its not issue with auth.conf because looking at log I can see it fails to even search for user on (see error User not found) local machine or in Active Directory. auth.conf would come later to provide authorization. Here authentication is failling.
Will open a tech case for this and see..
03-11-2013 03:39 AM
We have a 2008 server that we do not use a auth.conf for at all. We log in using domain\username. The user is a part of a AD group that has admin rights to the box. I might suggest renaming the auth.conf and trying again.
03-12-2013 12:01 AM
The default setup does not have auth.conf. I had to create it because it was not allowing me to login with domain account or local admin account
03-12-2013 03:35 AM
That is the point I was trying to make. We do not have an auth.conf and mulltiple people can log in using the domain\userid combination. They are members of the local administrators group by virtue of group membership. See the attached picture.
03-12-2013 07:36 AM
removing the auth file is of no help. still ending up with
<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
error.
03-13-2013 11:57 AM
this is why we have unix Master
06-23-2013 09:45 AM
check wether the user name is locked/disabled in the domain.
06-25-2013 01:02 AM
Resolved this issue after upgrade to latest version 7.5.6