cancel
Showing results for 
Search instead for 
Did you mean: 

Unable to log into NBU Master with NBU Java Console

Shantharam_Sahy
Level 3
Employee

Hi All,

I am trying to login into NBU 7.5.0.4 master server (Windows 2008 R2) using NBU Java console. Login fails with error 503 (Invalid User).

looking into bpjava-msvc logs I can see the below error mesage.

 

16:23:15.081 [14920.2400] <2> supportFiles: bpjava-msvc compiled on Sep 16 2012 at 09:33:51, NetBackup 7.5, level = 750000
16:23:15.081 [14920.2400] <2> supportFiles: debug level is 1
16:23:15.081 [14920.2400] <2> logparams:  -transient 
16:23:15.081 [14920.2400] <2> bpjava-msvc: myhostame = MASTER, I am >netbackup<, real locale = C, messsage locale = C, my master is MASTER.domian.com
16:23:15.081 [14920.2400] <2> StartedByInetd: I was NOT started by the bpInetd process
16:23:15.081 [14920.2400] <2> bpjava-msvc: transient Master, I am not the daemon
16:23:15.081 [14920.2400] <2> bpjava-msvc:  currentObj.MyPort = 13722 , main_accept_init = 268, username = netbackup, real locale = C, auth.conf in D:\Program Files\Veritas\java
16:23:15.439 [14920.2400] <2> command_LOGON_TO_MSERVER: lines = 6, expectXML = 0
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: user = nbuadmin
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: this host = MASTER.domian.com
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: locale = en_US
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: currentObj.AuthConfPath = D:\Program Files\Veritas\java\auth.conf
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: client version = 750000 IPC , my version = 750000 [IPC]
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: converted to common locale = en_US
16:23:15.673 [14920.2400] <2> command_LOGON_TO_MSERVER: converted to real locale = american
16:23:15.673 [14920.2400] <2> command_LOGON_TO_MSERVER: Oracle locale NLS_LANG = AMERICAN_AMERICA.US7ASCII
16:23:15.673 [14920.2400] <2> peerconnect: peer hostname is a2md11873.domian.com, peer address is 172.22.9.20
16:23:15.673 [14920.2400] <2> newAuthenticate: domain\username = nbuadmin
16:23:15.673 [14920.2400] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller. 
16:23:15.673 [14920.2400] <16> command_LOGON_TO_MSERVER: authenticate failed for user nbuadmin (user not found)
16:23:15.876 [14920.2400] <2> readCharByChar: socket closed gracefully
16:23:15.876 [14920.2400] <16> poll_listen: can't find file descriptor 000000000000010C in polling table
16:23:15.876 [14920.2400] <2> KillSessionsJobs: getjobcount = 0
16:23:15.876 [14920.2400] <2> poll_exit: all done, code = 0 
16:23:15.876 [14920.2400] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
 
I have created a auth.conf with valid etries 
 
domainname\nbuadmin ADMIN=ALL JBP=ALL
domainname\netbackup ADMIN=ALL JBP=ALL
 
Any one with ideas why it fails to EnablePrivilege for assigning Token.
 
Is there any specfic permission to be set for netbackup user in AD???
1 ACCEPTED SOLUTION

Accepted Solutions

Shantharam_Sahy
Level 3
Employee

Resolved this issue after upgrade to latest version 7.5.6

View solution in original post

15 REPLIES 15

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

hi

First check  are you  able to do login using the same user  to the server?

check by starting the java console as " run as admininstartor"

try  disabling the User accout control  in windows 2008 

 

Shantharam_Sahy
Level 3
Employee

Hi,

UAC is disabled and netbackup user is a domain user with local admin privilages on master server. nbuadmin is a local user account on master server and is also part of local admin for Master Server.

The NBU services are running as user netbackup. All features and functions work fine, but for some reason it fails to auth the user.

Running JAVA console from Master server stills ends with same message.  

<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller. 

Regards

Shantharam Sahyadri

 

 

Andrew_Madsen
Level 6
Partner

How are you logging in? domain\username? localserver\nbuadmin? you will need to do it that way for this to work.

Shantharam_Sahy
Level 3
Employee

Yes logging with domainname\username or localserver\username too ends with the same message.

 

<2> newAuthenticate: domain\username = MASTER\nbuadmin
<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller. 
<16> command_LOGON_TO_MSERVER: authenticate failed for user nbuadmin (user not found)

CRZ
Level 6
Employee Accredited Certified

What's in D:\Program Files\Veritas\java\auth.conf ?  Is an entry for nbuadmin in there? Is it what you would expect, or does it need a quick edit?

Shantharam_Sahy
Level 3
Employee

D:\Program Files\Veritas\java\auth.conf contains 

 

domainname\nbuadmin ADMIN=ALL JBP=ALL
domainname\netbackup ADMIN=ALL JBP=ALL
 
What I don't understand is why this 1300 error is happening at OS level even when the account running netbackup has local admin privileges on master server.

 

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

hi,

your Previous post is saying that nbuadmin is local accout but auth.conf has entry like

domainname\nbuadmin ADMIN=ALL JBP=ALL.

try either of the below entires and see how it works

nbuadmin ADMIN=ALL JBP=ALL

or 

ADMIN=ALL JBP=ALL

 

Shantharam_Sahy
Level 3
Employee

Hi,

Sorry my mistake.. the entry for nbuadmin is 

hostname\nbuadmin ADMIN=ALL JBP=ALL

domainname\netbackup ADMIN=ALL JBP=ALL.

I am sure its not issue with auth.conf because looking at log I can see it fails to even search for user on (see error User not found) local machine or in Active Directory. auth.conf would come later to provide authorization. Here authentication is failling.

Will open a tech case for this and see..

Andrew_Madsen
Level 6
Partner

We have a 2008 server that we do not use a auth.conf for at all. We log in using domain\username. The user is a part of a AD group that has admin rights to the box. I might suggest renaming the auth.conf and trying again.

Shantharam_Sahy
Level 3
Employee

The default setup does not have auth.conf. I had to create it because it was not allowing me to login with domain account or local admin account

Andrew_Madsen
Level 6
Partner

That is the point I was trying to make. We do not have an auth.conf and mulltiple people can log in using the domain\userid combination. They are members of the local administrators group by virtue of group membership. See the attached picture.

 

Shantharam_Sahy
Level 3
Employee

removing the auth file is of no help. still ending up with 

<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.

error.

Will_Restore
Level 6

this is why we have unix Master  wink

Jacob_Ruben
Level 4
Certified

check wether the user name is locked/disabled in the domain.

Shantharam_Sahy
Level 3
Employee

Resolved this issue after upgrade to latest version 7.5.6