cancel
Showing results for 
Search instead for 
Did you mean: 

generate new Host ID on client

sdo
Moderator
Moderator
Partner    VIP    Certified

a post last year:

https://vox.veritas.com/t5/NetBackup/Duplicate-Host-ID/m-p/870226

...discusses re-creating a certificate for a cloned client.

However, I want to go a step further and (re)generate a new Host ID on a cloned client, in order to avoid unrelated clients appearing within "Mappings for Approval" (in Host Management).

So far I have been having to un-install and re-install the client in order for the client to create a new Host ID GUID for itself.

I'm hoping that I have missed something obvious... so... is there an easy way to generate a new Host ID GUID without having to un-install / re-install the whole NetBackup Client?

6 REPLIES 6

RamNagalla
Moderator
Moderator
Partner    VIP    Certified

Hello Sdo,

see below comments  from https://www.veritas.com/content/support/en_US/doc/21733320-127424841-0/v126691093-127424841

"If you redeploy a certificate on a host using a host name that is not mapped with the existing host ID, a new certificate is deployed and a new host ID is issued to the host. This is because, NetBackup considers it as a different host. To avoid this situation, you should map all available host names with the existing host ID."

so if you remove the existing host mapping and trying to redeploy a certificate it should generate the new host ID, i have not got a chane to test it, please see if it works.

davidmoline
Level 6
Employee

Hi @sdo 

What's missing from the steps I provided from the post from last year? Is it that the host mapping has occurred and needs to be removed? If so, then the nbhostmgmt command is your friend as @RamNagalla link suggests.

If not what is the problem? And what do you mean by the GUID in relation to host ID's/certificates?

Cheers
David

sdo
Moderator
Moderator
Partner    VIP    Certified

I'll try to describe the client situation:

first client:
NBU client NVGRE network side:
...OS host name:  clienta
...OS domain name:  .mynet
...OS DNS name:  clienta.mynet
...OS IP address:   10.3.1.10
...Client Name inside NetBackup Client:  clienta.1mynet
NVGRE NAT  10.3.1.10  <->   10.111.1.10
NBU server management network side:
...client IP address:  10.111.1.10
...DNS name:   clienta.1mynet

second client:
NBU client NVGRE network side:
...OS host name:  clienta
...OS domain name:  .mynet
...OS DNS name:  clienta.mynet
...OS IP address:   10.3.1.10
...Client Name inside NetBackup Client:  clienta.2mynet
NVGRE NAT  10.3.1.10  <->   10.112.1.10
NBU server management network side:
...client IP address:  10.112.1.10
...DNS name:   clienta.2mynet
   

...so I have two clients, each of whom will (initially at least) both have the same NetBackup Client Host ID and the same NetBackup Client certificate, and they both have the same IP address and the same hostname and the same client side DNS name, yet to NetBackup Server they each approach from different IP addresses (10.111.1.10 and 10.112.1.10) - yet they do have different internal "client_name" so that they can each perform their own restore.

Thanks for your replies chaps, which lead me to conclude (so far) that I can end up in one of two different situations:

1) from Ram's post - if a backup admin has not yet accepted a mapping, and rejects the proposed mapping and then immediately attempts to re-certificate then I should be ok because the client will generate a new Host ID for itself.

2) from David's post - if a backup admin has mistakenly accepted the mapping, then we can use use the CLI to remove the client's Host ID from any mappings in the Master and then re-certificate.

Does that seem ok?

Amol_Nair
Level 6
Employee
You could simply remove the host mappings from the GUI directly without having the need to go to cli. If you do choose the CLI option do remember that you need to run “bpnbat -login” before using the nbhostmanagement cli.

1 think I would like to just re-iterate, please do ensure that CLIENT_NAME entry for the new client is also changed and the dns/ hosts file are also correctly updated on both the new client and master server. Then NetBackup should take care of generating new certificates.

And another point to mention would be, as you said this would be a clone of an existing machine I would assume certificates are already present on them so you would need to delete the existing certificates on the client as well.

To summarise I would say try the below.
1. update hostname, dns/hosts to ensure the new machine and master resolve correctly.
2. after point 1 it would be removing any existing certificates from the client machine (nbcertcmd -deleteallcertificates)
3. update client_name on the new host to match point 1
4. execute the below 2 commands
i. nbcertcmd -getcacertificate
ii. nbcertcmd -getcertificate
*Depending on the security level, you may need a token to be created.

**As you mentioned that the machine would be a clone and the name would also be the same, I am assuming there may not be any unwanted mappings automatically added. If there are any mappings to be removed, do ensure they are cleared out before step 4.

sdo
Moderator
Moderator
Partner    VIP    Certified

Thanks Amol:

1. update hostname, dns/hosts to ensure the new machine and master resolve correctly.

- cannot do this, because each NVGRE environment is an exact copy of each other - i.e. 100+ VM in NVGRE/bubble1/network1 are the same as the 100+ VM in NVGRE/bubble2/network2  - i.e.   clientA in bubble1 has the same hostname, same DNS name, same IP address as clientA in bubble2 - BUT both pop out of their NAT into the management network via different NAT IP and different DNS names in the management network.

2. after point 1 it would be removing any existing certificates from the client machine (nbcertcmd -deleteallcertificates)

- this is what I'm trying to to find out, what "host id" and "ceritificate" steps need to be performed server side and clienbt side after a whole set of 100+ VM have been cloned from one NVGRE/bubble/network to another NVGRE/bubble/network

3. update client_name on the new host to match point 1

- yes the client names do get changed to match the DNS names sitting in the management network that NetBackup Server can see.

davidmoline
Level 6
Employee

Hi @sdo 

Only thing I'd do differently is to just delete the host certificate rather than all (as the NetBackup CA isn't changing). There is a "-deletecertificate -hostid <hostid>" option. And the certificate seems to be issued to the CLIENT_NAME as set on the client (although I haven't done enough testing to be 100% sure). 

David