Veritas NetBackup™ Appliance Upgrade Guide

Last Published:
Product(s): Appliances (
Platform: NetBackup Appliance OS

Installing a NetBackup appliance software update using the NetBackup Appliance Shell Menu

Use the following procedure to start the appliance upgrade.


If you have enabled the STIG feature on an appliance and you need to upgrade it or install an EEB on it, do not plan such installations during the 4:00am - 4:30am time frame. By following this best practice, you can avoid interrupting the automatic update of the AIDE database and any monitored files, which can cause multiple alert messages from the appliance.

To install a downloaded release update using the NetBackup Appliance Shell Menu

  1. Check to make sure that the following required updates and pre-upgrade tasks have already been performed:
    • All required pre-upgrade updates have been completed. For a complete list of required updates prior to upgrades, refer to the following article:

    • All jobs have been stopped or suspended and all SLPs have been paused.

    • The Support > Test Software command has been run and it returned a Pass result.

  2. Log in to the NetBackup Appliance Shell Menu from the IPMI console.


    Veritas recommends that you log in using the shell menu from the IPMI console instead of an SSH session. The IPMI console is also known as the Veritas Remote Manager interface. For details about how to access and use the Veritas Remote Manager, refer to the following document: NetBackup Appliance Hardware Installation Guide.

  3. To install the software release update, run the following command:

    Main_Menu > Manage > Software > Install patch_name

    Where patch_name is the name of the release update to install. Make sure that this patch name is the one that you want to install.

  4. Monitor the preflight check and watch for any Check failed messages.
    • If no Check failed messages appear, you are prompted to continue to the next step to start the upgrade.

    • If any Check failed messages appear, the upgrade is not allowed. You must resolve the reported failures, then launch the upgrade script again so that the preflight check can verify that the failures have been resolved. Click on the UMI links (V-409-xxx-xxxx) for information about how to resolve the reported issues.

    • If any Check failed messages indicate that a RHEL version third-party plug-in was not found, you must obtain the plug-in from the appropriate vendor.

  5. After all preflight check items have passed, and before the upgrade begins, you must first select how the upgrade process should respond if any errors occur during the upgrade. The following prompt appears:
    If an error occurs during the upgrade, do you want to
    immediately enforce an automatic rollback? [yes, no]

    Enter yes to immediately enforce an automatic rollback.

    Enter no to pause the upgrade process and investigate the errors.

  6. After all preflight check items have passed, you may need to trust the CA certificate and the host ID-based certificate to start the upgrade process.

    To trust and deploy the CA certificates, do the following:

    • Verify the CA certificate detail and enter yes to trust the CA certificate, as follows:

      To continue with the upgrade, verify the following CA 
      certificate detail and enter "yes" to trust the CA certificate.
      CA Certificate Details:
           Subject Name : /CN=nbatd/
             Start Date : Jul 14 12:59:18 2017 GMT
            Expiry Date : Jul 09 14:14:18 2037 GMT
       SHA1 Fingerprint : 31:E9:97:2E:50:11:51:7C:D6:25:7F:32:86:3D:
      >> Do you want to trust the CA certificate? [yes, no](yes) 
    • If the security level of the master server is Very High, you must manually enter an authorization token to deploy the host ID-based certificate on the appliance, as follows:

      >> Enter token:


      If the appliance is ever factory reset or re-imaged after it has been upgraded to version 3.1 or later, a reissue token is required for the next upgrade.

    • If the security level of the master server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed onto the appliance.

    For more information about security certificates, refer to the chapter "Security certificates in NetBackup" in the NetBackup Security and Encryption Guide.

  7. Master server upgrades from software versions 3.1.1 and earlier require you to provide a registration key for the Veritas Smart Meter feature. The upgrade process displays the following instructions to obtain the key file and upload it to the appliance:
    • Log in to the Veritas Smart Meter site with your VEMS credentials and go the Registration Keys page.

    • The following shares have been opened on this appliance:

      CIFS share \<hostname or ip>\incoming_patches\customer_registration/

      NFS share <hostname or ip>:/inst/patch/incoming/customer_registration/

      Mount one of these share paths.

    • Upload the veritas_customer_registration_key.json file to the mounted share path.

      Once the file is uploaded, you can continue with the upgrade for this Master server.

      If you need assistance, contact Veritas Support.

  8. To check the upgrade status before the AIM window appears, enter the following command:

    Main_Menu > Manage > Software >UpgradeStatus

    The system reboots at least two times during the upgrade process. After the first reboot, the NetBackup Appliance Web Console and any SSH-based connections to the server are unavailable until the reboot process has completed. This condition may last two hours or more, depending on the complexity of the appliance configuration. It is important that you do not attempt to manually reboot the appliance during this time. You can use the Veritas Remote Management interface (IPMI) to view the system status. In addition, you may view the logs under /log or wait for the appliance to send an email upon completion of the upgrade process.

    During the upgrade process, you can open the AIM window to view the upgrade progress and the estimated remaining time.

  9. If problems are detected during the post-upgrade self-test, the AIM window shows the upgrade status as Paused. Other SSH sessions and email notifications also indicate this status.

    To clear the Paused status, perform the following tasks:

    • Press the V key to switch to the Verbose view to see the logs. If there are any Unique Message Identification (UMI) codes for the errors, search for them on the Veritas Support website to get more detailed information.

    • Try to fix the problem that the AIM window reports.

      If you need to use the shell menu, log on to the NetBackup Appliance Shell Menu through an SSH session. When the AIM window appears, press the S key to close it.

    • Go back to the AIM window on the IPMI console.

      If you tried fixing the problem, press the A key to attempt the self-test again. If you cannot fix the problem, contact Technical Support or press the R key to roll back the appliance to the previous software version.


      Starting with the 3.1.2 release, if the post-upgrade self-test fails, an automatic rollback is no longer enforced. If you select Attempt again and the self-test still fails, the upgrade pauses again and prompts with the same options.

  10. After the upgrade has completed, the AIM window shows a summary of the upgrade results.


    the disk pools are back online, the appliance runs a self-diagnostic test. Refer to the following file for the test results:


    If SMTP is configured, an email notification that contains the self-test result is sent.

  11. For HA setups only:

    After you have completed the upgrade on the first node, immediately perform the following tasks in the order as shown:

    • On the upgraded node, run the Manage > High Availability > Switchover command to switch the MSDP services over to the upgraded node.

    • On the upgraded node, run the Support > Test Software command to verify the status of various appliance software components. If the test passes, log in to the other node and upgrade it using all of the previous steps.

  12. Complete this step only if your backup environment includes SAN client computers.

    The Fibre Channel (FC) ports must be re-scanned to allow any SAN client computers to reconnect to the Fibre Transport (FT) devices. The re-scan must be done from the NetBackup CLI view on the appliance.

    To re-scan the FC ports:

    • Enter the following command to see a list of NetBackup user accounts:

      Manage > NetBackupCLI > List

    • Log on to this appliance as one of the listed NetBackup users.

    • Run the following command to rescan the FC ports:

      nbftconfig -rescanallclients

    • If any SAN clients still do not work, run the following commands on each of those clients in the order as shown:

      On UNIX clients:



      On Windows clients:



    • If any SAN clients still do not work, manually initiate a SCSI device refresh at the OS level. The refresh method depends on the operating system of the client. Once the refresh has completed, attempt the nbftconfig -rescanallclients command again.

    • If any SAN clients still do not work, reboot those clients.


      If you have SLES 10 or SLES 11 SAN clients that still do not work, Veritas recommends upgrading the QLogic driver on those clients. For the affected SLES 10 clients, upgrade to version For the affected SLES 11 clients, upgrade to version

See Post upgrade tasks.