NetBackup status code 118: VxSS authorization failed

Message : VxSS authorization failed

Explanation: NetBackup was unable to complete the authorization check against the Authorization service.

Recommended action:

1 Ensure that the Authorization Service or Daemon is running. Refer to the Veritas Security Services Administrator's Guide for more information on authentication and authorization daemons.

2 Ensure that you are in communication with the correct master server. Within the bp.conf files on the local server, verify that the entry AUTHORIZATION_SERVICES specifies the proper host name (fully qualified) of the Authorization service. For example, AUTHORIZATION_SERVICE = machine2.mycompany.com 0 specifies that the server contacts machine2 to perform Authorization checks. Also ensure that this entry matches that of the master server.

3 Ensure that the system has sufficient swap space and the following directories are not full:

/home/<userName>

/user/openv/netbackup/logs

/tmp

4 Ensure that the server that contacts the master has a valid certificate. The machine certificate can be examined as follows:

For UNIX:
# bpnbat -whoami -cf/usr/openv/var/vxss/credentials/machine3.mycompany.com

For Windows:
bpnbat whoami -cf "c:\Program Files\VERITAS\NetBackup\var\vxss\credentials\machine3.mycompany.com"

Both of which would return:

Name: machine3.mycompany.comDomain: NBU_Machines@machine2.mycompany.comIssued by: /CN=broker/OU=root@machine2.mycompany.com/O=vxExpiry Date: Sep 2 19:25:29 2004 GMTAuthentication method: Veritas Private SecurityOperation completed successfully.

If the expiry date was exceeded, use bpnbat -LoginMachine to obtain a new credential for the machine. See the Netbackup Commands manual for more information on bpnbat. The server that attempts the check is not authorized to examine the Authorization database. Ensure that bpnbaz -ShowAuthorizers re-tuned the machines identity. Ensure that the machine has a machine credential under the directory as follows: Program Files\VERITAS\var\vxss\credentialsfor Windows, /usr/openv/var/vxss/credentials for UNIX. This credential should have the full name of the machine as in the following example: machine1.company.com.

5 Check that the maximum number of open sockets to the Authorization database was not exhausted. Use netstat to determine the number of sockets that are opened to port 4032 on the Authorization server and that refer to the following configurations: Windows:
HKLM\SOFTWARE\VERITAS\Security\Authorization\Communication\ClientMaxConnections UNIX: /etc/vx/vss/VRTSaz.conf entry "ClientMaxConnections" If the maximum number of open connections was reached, you may need to increase the number of maximum open connections. An increase in the number of open connections increases the memory footprint of the 203 NetBackup status codes and messages Status codes
Authorization service or daemon. Note that extreme increases in the maximum number of connections can cause performance degradation.