03-27-2020 08:12 AM
Hello,
I am installing a new Linux client 8.1.1 version. We have the error running the getCAcertificate, we have verified that name resolution between client and master is ok.
The bptestbpcd give us the following error:
bptestbpcd -client lvwgdmtstapp2 -verbose
<16>bptestbpcd main: Function ConnectToBPCD(lvwgdmtstapp2) failed: 7658
<16>bptestbpcd main: Connection cannot be established because the host validation cannot be performed on the target host
Connection cannot be established because the host validation cannot be performed on the target host
Thanks for your help, any advice is welcomed.
Best regards
03-27-2020 08:19 AM
Is port 1556 open between client and master?
Is Linux firewall (iptables) running on the client?
Try to telnet on port 1556 in both directions to test.
03-27-2020 02:12 PM
Hello Marianne,
I forgot to say that pbx is running and the 1556 port is reachable by the master. Firewall is disabled in the client.
Thanks for your reply
Oolmedo
03-27-2020 02:12 PM
Also, yes 1556 port in both directions.
thanks
03-28-2020 03:45 AM
03-28-2020 02:41 PM
Hello,
I have used: nbcertcmd -getCAcertificate -server servername
thanks and best regards
03-28-2020 05:36 PM - edited 03-28-2020 05:36 PM
try this on the client and the master
bpclntcmd -clear_host_cache
and then this on the client :
nbcertcmd -getcacertificate -force
nbcertcmd -getcertificate -force -token (generate a new token from the master)
and put the output here.
also a snip of high verbo of nbcert log would be helpful
good luck.
BR
03-30-2020 06:24 AM
Hi,
-force option seems not be available.
nbcertcmd -getCAcertificate -help
Usage: nbcertcmd -getCACertificate
[-file <fingerprint_file_name>]
[-cluster]
[-server <master_server_name>]
Description:
Connects to the master server and gets the certificate of the Certificate
Authority (CA). It then displays the fingerprint of the certificate and adds
it to the local trust store after confirmation from the user.
Options:
-cluster
Performs the operation on the global certificate store.
-file fingerprint_file_name
Specifies the path of the file containing the CA certificate fingerprint.
-server master_server_name
Specifies an alternate master server. By default, this command uses the
first server entry in the NetBackup configuration.
Thanks and best regards
03-30-2020 06:49 AM
Hi,
mybad, for the first command "nbcertcmd -getCacertificate" only,
the -force is for the second command "ncbertcmd -getcertificate -force"
are you able to ping the masters name?
are you able to telnet the port 1556 to the master?
if yes, verify the entry SERVER in netbackup's config on the client's registry if its a windows or the bp.conf if its a linux/unix.
when all these are good then rerun the commands and provide nbcert log (high verbo)
NB:please note the FQDN & Short name of both clients & masters (clients name on the master & master's name on the client)..
good luck,
03-31-2020 10:14 AM
Hello:
are you able to ping the masters name? Yes, no problem
are you able to telnet the port 1556 to the master? Yes no problem
if yes, verify the entry SERVER in netbackup's config on the client's registry if its a windows or the bp.conf if its a linux/unix. - Yes master server is the first line SERVER in bp.conf
From nbcert.log we see the following error:
NBClientCURL::performCurlOperation: Failed to perform operation: Peer certificate cannot be authenticated with given CA certificates
thanks and best regards
03-31-2020 05:45 PM - edited 03-31-2020 05:48 PM