5230 hangs on POST after 3.1.2/8.1.2 upgrade
Hello, I am in the final stages of upgraded our NetBackup environment from version 7.7.3 to 8.1.2. I have successfully upgraded the master servers, and 4 out of 6 NetBackup appliances. However, I have a major issue with my last 2 appliances. They are both model 5230's, were both running the exact same 7.7.3 version with all patches, upgraded disk firmware, and upgraded to 8.1.2 today. I even got email notifications from the appliances that "Appliance is successfully upgraded to 3.1.2" message. Both rebooted 2-3 times (I wasn't watching the whole time), and now both of them hang after the Symantec splash screen with a blinking cursor. I have let them sit untouched for several hours, and nothing. I checked the BIOS and everything seems correct, but I have attached 2 pics for you to look at. I have scoured the Internet and Knowledgebase, but to no avail. I have not called Support yet because I thought I could find an answer or fix it myself, and also it is now after 10pm EST. Does anyone have any ideas on what's going on? It just seems like it might be the same fix because the issue is only happening on my 5230's. The upgrade was successful on our 5240's and 5330's. Only my 5230's are having this issue. Thank you!1.7KViews0likes3Comments5230 Appliances - SSL self signed certificates
I have recently upgraded two NBU 5230 Appliances to version 3.0. After the successful upgrade, I performed a Nessus scan against the appliances and received 3 Medium levelalerts consisting of a total of 6 vulnerabilities. They are all related to certificates (self-signed, wrong hostname, and support for medium level cipher suites). Is there a way to create a certificate request for these ports/services so that I can generate, issue and apply a legitimately signed certificate? Below is the output from my Nessus scan: **** SSL Self-Signed Certificate Description The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host. Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority. Solution Purchase or generate a proper certificate for this service. Output The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : O=xxxx-backup-x.xxxx.main/OU=VxOS/CN=xxxx-backup-x.xxxx.main Port443 / tcp / www Hosts xxxx-backup-x The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : O=nb-appliance/OU=NetBackup/CN=nb-appliance Port8443 / tcp / www Hosts xxxx-backup-x The following certificate was found at the top of the certificate chain sent by the remote host, but is self-signed and was not found in the list of known certificate authorities : |-Subject : CN=nbatd/OU=root@xxxx-backup-x.vacu.main/O=vx Port13783 / tcp Hostsxxxx-backup-x ****** **** SSL Certificate with Wrong Hostname Description The commonName (CN) of the SSL certificate presented on this service is for a different machine. Solution Purchase or generate a proper certificate for this service. Output The identities known by Nessus are : xxxx-backup-x.xxxx.main xxxx-backup-x The Common Name in the certificate is : nb-appliance Port8443 / tcp / www Hosts xxxx-backup-x The identities known by Nessus are : xxxx-backup-x.xxxx.main xxxx-backup-x The Common Name in the certificate is : broker Port13783 / tcp Hosts xxxx-backup-x ****** **** SSL Medium Strength Cipher Suites Supported Description The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 56 bits and less than 112 bits, or else that uses the 3DES encryption suite. Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network. Solution Reconfigure the affected application if possible to avoid use of medium strength ciphers. Output Here is the list of medium strength SSL ciphers supported by the remote server : Medium Strength Ciphers (> 64-bit and < 112-bit key) TLSv1 DES-CBC3-SHA Kx=RSA Au=RSA Enc=3DES-CBC(168) Mac=SHA1 The fields above are : {OpenSSL ciphername} Kx={key exchange} Au={authentication} Enc={symmetric encryption method} Mac={message authentication code} {export flag} Port13783 / tcp Hosts xxxx-backup-x2KViews0likes1Comment