お首が長いのよお首が長いのよ

チラシの裏よりお届けするソフトウェアエンジニアとして成長したい人のためのブログ

2018-07-26

Reconfigure media server(or client) certification setting.

エンジニアリング

Certification

Linux

NetBackup

I faced problem that is "The vnetd proxy encountered an error".

My situations are these.

  • Re-deployed new master server instead of old one.
  • I added existing media server with "nbemmcmd " command at new master server.
  • Can resolve hostname, and connect ping.

Cause

Existing media server require re-config new Master server's CACert and Cert.

Solution

  1. Check CA Cert file between master server and media server. run at media server, and masterserver.

     /usr/openv/netbackup/bin/nbcertcmd  -listCACertDetails
        Subject Name : /CN=nbatd/OU=root@myserver.local/O=vx
         Start Date : Jul 23 06:29:14 2018 GMT
        Expiry Date : Jul 18 07:44:14 2038 GMT
   SHA1 Fingerprint : ** Check incorrect between master and media. **

  2. If incorrect, delete old CA Cert file on media server. run at media server.

    /usr/openv/netbackup/bin/nbcertcmd  -removeCACertificate -fingerPrint {old SHA1 fingerprint on media server}

  3. Re configure CACertfile run at media server

    /usr/openv/netbackup/bin/nbcertcmd  -getCACertificate

  4. Next, check your media server's cert file. If it's too old, you should reconfig cert file run at media server

    /usr/openv/netbackup/bin/nbcertcmd -listCertDetails

  5. Delete all old cert file. (CAUTION: If you need specifc cert file, you delete individual old cert file with other command.) run at media server

    /usr/openv/netbackup/bin/nbcertcmd  -deleteAllCertificates

  6. the following next command, you can reconfig new cert file. run at media server

    /usr/openv/netbackup/bin/nbcertcmd -getCertificate

    but, an error message print, you need re-issue token. If print above error message, generate reissue token at master server.

    /usr/openv/netbackup/bin/nbcertcmd -createToken -name {your_token_name} -
 reissue -host {mediaserver_hostname}

    After generate reissue token, rerun and add option this command at media server.

    /usr/openv/netbackup/bin/nbcertcmd -getCertificate -token

    Copy and paste generated token. Finally, you can connect master server to media server.

For more details, check official support page.

How to manually obtain a host ID Certificate.

よかったらシェアしてください!