06-26-2020 05:18 AM - edited 06-26-2020 05:19 AM
a post last year:
https://vox.veritas.com/t5/NetBackup/Duplicate-Host-ID/m-p/870226
...discusses re-creating a certificate for a cloned client.
However, I want to go a step further and (re)generate a new Host ID on a cloned client, in order to avoid unrelated clients appearing within "Mappings for Approval" (in Host Management).
So far I have been having to un-install and re-install the client in order for the client to create a new Host ID GUID for itself.
I'm hoping that I have missed something obvious... so... is there an easy way to generate a new Host ID GUID without having to un-install / re-install the whole NetBackup Client?
06-26-2020 08:29 AM
Hello Sdo,
see below comments from https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v126691093-127424841
"If you redeploy a certificate on a host using a host name that is not mapped with the existing host ID, a new certificate is deployed and a new host ID is issued to the host. This is because, NetBackup considers it as a different host. To avoid this situation, you should map all available host names with the existing host ID."
so if you remove the existing host mapping and trying to redeploy a certificate it should generate the new host ID, i have not got a chane to test it, please see if it works.
06-26-2020 04:43 PM
Hi @sdo
What's missing from the steps I provided from the post from last year? Is it that the host mapping has occurred and needs to be removed? If so, then the nbhostmgmt command is your friend as @RamNagalla link suggests.
If not what is the problem? And what do you mean by the GUID in relation to host ID's/certificates?
Cheers
David
06-27-2020 03:52 AM
I'll try to describe the client situation:
first client: NBU client NVGRE network side: ...OS host name: clienta ...OS domain name: .mynet ...OS DNS name: clienta.mynet ...OS IP address: 10.3.1.10 ...Client Name inside NetBackup Client: clienta.1mynet NVGRE NAT 10.3.1.10 <-> 10.111.1.10 NBU server management network side: ...client IP address: 10.111.1.10 ...DNS name: clienta.1mynet second client: NBU client NVGRE network side: ...OS host name: clienta ...OS domain name: .mynet ...OS DNS name: clienta.mynet ...OS IP address: 10.3.1.10 ...Client Name inside NetBackup Client: clienta.2mynet NVGRE NAT 10.3.1.10 <-> 10.112.1.10 NBU server management network side: ...client IP address: 10.112.1.10 ...DNS name: clienta.2mynet
...so I have two clients, each of whom will (initially at least) both have the same NetBackup Client Host ID and the same NetBackup Client certificate, and they both have the same IP address and the same hostname and the same client side DNS name, yet to NetBackup Server they each approach from different IP addresses (10.111.1.10 and 10.112.1.10) - yet they do have different internal "client_name" so that they can each perform their own restore.
Thanks for your replies chaps, which lead me to conclude (so far) that I can end up in one of two different situations:
1) from Ram's post - if a backup admin has not yet accepted a mapping, and rejects the proposed mapping and then immediately attempts to re-certificate then I should be ok because the client will generate a new Host ID for itself.
2) from David's post - if a backup admin has mistakenly accepted the mapping, then we can use use the CLI to remove the client's Host ID from any mappings in the Master and then re-certificate.
Does that seem ok?
06-28-2020 10:41 AM
06-29-2020 01:38 AM
Thanks Amol:
1. update hostname, dns/hosts to ensure the new machine and master resolve correctly.
- cannot do this, because each NVGRE environment is an exact copy of each other - i.e. 100+ VM in NVGRE/bubble1/network1 are the same as the 100+ VM in NVGRE/bubble2/network2 - i.e. clientA in bubble1 has the same hostname, same DNS name, same IP address as clientA in bubble2 - BUT both pop out of their NAT into the management network via different NAT IP and different DNS names in the management network.
2. after point 1 it would be removing any existing certificates from the client machine (nbcertcmd -deleteallcertificates)
- this is what I'm trying to to find out, what "host id" and "ceritificate" steps need to be performed server side and clienbt side after a whole set of 100+ VM have been cloned from one NVGRE/bubble/network to another NVGRE/bubble/network
3. update client_name on the new host to match point 1
- yes the client names do get changed to match the DNS names sitting in the management network that NetBackup Server can see.
06-29-2020 05:41 PM
Hi @sdo
Only thing I'd do differently is to just delete the host certificate rather than all (as the NetBackup CA isn't changing). There is a "-deletecertificate -hostid <hostid>" option. And the certificate seems to be issued to the CLIENT_NAME as set on the client (although I haven't done enough testing to be 100% sure).
David