A Catalog backup job gives a message that The disaster recovery package contains one or more identity files that have permissions or ownership by usernames that have been deleted.
Problem
The disaster recovery package contains one or more identity files that have permissions or ownership by usernames that have been deleted.
Error Message
Error bpdbm (pid=12345) The disaster recovery package was successfully created. However, one or more users who have permissions to the identity files from the package do not exist on the system (Status Code: 2531)
Dec 5, 2021 6:37:56 PM - Error bpdbm (pid=5720) D:\Program Files\Veritas\NetBackup\var\global\vxss\tomcatcreds\nbwebsvc\certstore\CertStore.lock : [ S-1-5-21-663275317-2589979853-1953221310-1002, S-1-5-21-663275317-2589979853-1953221310-1002 ]
Cause
The username will not available after the deletion of the user. Such users will display in the form of a security identifier (SID).
Solution
The reference to the SID user needs to be deleted.
For example, locate the SID S-1-5-21-xxxxxx-xxxxx-xxxxx-xxxx in the security tab from the properties of the "install_path\NetBackup\var\global\vxss" directory.
- Open the properties of the directory below:
- Example:
D:\Program Files\Veritas\NetBackup\var\global\vxss
- Example:
- Go to the Security tab and delete SID:
- Example:
S-1-5-21-663275317-2589979853-1953221310-1002
- Example:
In case a message is received stating that the SID cannot be removed because this object is inheriting permissions from its parent, then turn off the inheriting permissions before removing the same from:
Properties > Security > Advanced > (select the SID from list) > Change permissions > Disable inheritance > Apply
- here you may need to check the box "Replace all child object permissions with inheritable permission entries from this object"
Ensure to change the owner to a current user such as Administrators, then select the SID, remove it, enable back the inheritance, check the replace all child object permissions box and click on ok to exit.
- Verify that the SID presence is no more on security tab. A reboot will be required to clear the cache memory and to reflect change on next catalog backup. Plan it as required.
After that, the catalog backup should not present this error anymore.
Note: For further instruction consult Windows documentation. It is Microsoft's best practice in Windows to suspend an account rather than delete it. This would avoid the creation of orphan SIDs.
Related Knowledge Base Articles
References
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.