cancel
Showing results for 
Search instead for 
Did you mean: 

cannot connect to socket 25

intradmin
Level 3

HI,

client throwing below error 

[root@poctdbs1 bin]# ./bpclntcmd -pn -verbose
A certificate entry was not found for the requested server.: 5949
[PROXY] Encountered error (CERT_PROTOCOL_SELECT_COMMON_CA_ROOT) while processing(CertProtocol).: 4
Can't connect to host DCNBMAST01: cannot connect on socket (25)

Master server throwing below error

[root@DCNBMAST01 admincmd]# ./bptestbpcd -client poctdbs1
<16>bptestbpcd main: Function ConnectToBPCD(poctdbs1) failed: 25
<16>bptestbpcd main: cannot connect on socket
cannot connect on socket

so i tried to run below command but failed with below messages

[root@poctdbs1 bin]# ./nbcertcmd -getCertificate -server DCNBMASCLU.moj.gov.sa -token
Authorization Token:
The target server DCNBMASCLU.moj.gov.sa could not be authenticated.
The server name does not match any of the host names listed in the server's certificate.
Names listed in the server's certificate are:

then rename certmapinfo.json  run still same

[root@poctdbs1 bin]# ./nbcertcmd -getCertificate -token XWIEGJPHBTWARYLS -force
The target server DCNBMAST01 could not be authenticated.
The server name does not match any of the host names listed in the server's certificate.
Names listed in the server's certificate are:
DNS:DCNBMASCLU.moj.gov.local
DNS:DCNBMASCLU

 i generat the reissue token on select which is poctdbs1 some time saying already exist or it is not assign to this system Please advise

4 REPLIES 4

DK12
Level 3

Disclaimer - I don't work with NB's certificate system very often - but I'm about to upgrade from 8.0 to 8.1.x or 8.2)

Go back to first principles. 

Can you ping the master from the client via node name? Can you ping the client from the master via node name?

Repeat above by IP if that doesn't work. 

What do you get with nslookup DCNBMAST01 when run on the client poctdbs1? What does nslookup poctdbs1 return on the client poctdbs1?

What does nslookup DCNBMAST01 return when run on the master itself? What does nslookup poctdbs1 return on the master?

I ask because your nbcertcmd output states:

The target server DCNBMASCLU.moj.gov.sa could not be authenticated.
The server name does not match any of the host names listed in the server's certificate.

Yet, even after you renamed the certmapinfo.json, you get this clear difference in hostnames:

Names listed in the server's certificate are:
DNS: DCNBMASCLU.moj.gov.local
DNS: DCNBMASCLU

In all my years of working with NetBackup since v. 2.0, the one constant is that the name is the thing, just like a true name in a Fantasy novel's magic system.

If you plan to use aliases, you need to cleanly and correctly set them up in your DNS/AD/LDAP systems and NB has to be aware of them.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

@intradmin 

Do you have a clustered master server?

It seems that 1st SERVER entry in the client's bp.conf is a node name, not the virtual hostname for the cluster.
bpclntcmd -pn uses the 1 entry in bp.conf as Master hostname:

Can't connect to host DCNBMAST01

Everywhere else you seem to be using the virtual hostname : DCNBMASCLU.

Please ensure that Master's virtual hostname is 1st entry in bp.conf, then proceed to check and confirm forward and reverse name lookup, port connectivity and then security certificates.

hi mari,

sorry for the late reply i was stuck with other issues however i given first as master server name but still same issue 

 

root@poctdbs1 bin]# ./bpclntcmd -pn -verbose
A certificate entry was not found for the requested server.: 5949
[PROXY] Encountered error (CERT_PROTOCOL_SELECT_COMMON_CA_ROOT) while processing(CertProtocol).: 4
Can't connect to host DCNBMAST01: cannot connect on socket (25)
[root@poctdbs1 bin]#
[root@poctdbs1 bin]#
[root@poctdbs1 bin]#
[root@poctdbs1 bin]# cd ..
[root@poctdbs1 netbackup]# more bp.conf
SERVER = DCNBMAST01
SERVER = DCNBMAST02
SERVER = DCNBMASCLU
SERVER = DCNBMED
SERVER = DRNBMED
CLIENT_NAME = poctdbs1
CONNECT_OPTIONS = localhost 1 0 2

 

Please advise 

sdo
Moderator
Moderator
Partner    VIP    Certified

Do what Marianne said - try making this the first SERVER entry in your client's bp.conf:

SERVER = DCNBMASCLU