Veritas NetBackup™ Appliance Upgrade Guide

Last Published:
Product(s): Appliances (5.3)
Platform: NetBackup Appliance OS

Installing a NetBackup appliance software update using the NetBackup Appliance Shell Menu

Use the following procedure to start the appliance upgrade.


Always perform upgrades with the admin user account. Do not use a non-admin user account to upgrade appliances.


If you have enabled the STIG feature on an appliance and you need to upgrade it or install an EEB on it, do not plan such installations during the 4:00am - 4:30am time frame. By following this best practice, you can avoid interrupting the automatic update of the AIDE database and any monitored files, which can cause multiple alert messages from the appliance.


Starting with appliance release 5.3, the STIG feature is enabled by default. Upgrades to version 5.3 enable STIG automatically, even if it was not enabled before the upgrade. The upgrade preflight check and the Appliance Upgrade Readiness Analyzer tool do not check for STIG password compliance. You are not prompted or required to change passwords before or during the upgrade.

To install a downloaded release update using the NetBackup Appliance Shell Menu

  1. Check to make sure that the following required updates and pre-upgrade tasks have already been performed:
    • All required pre-upgrade updates have been completed. For a complete list of required updates prior to 5.3 upgrades, refer to the following article:

    • The upgrade script stops and restarts the NetBackup services as needed during the upgrade. To avoid job interruptions during the upgrade, you may want to manually stop or suspend all jobs and pause all SLPs before the upgrade.

    • The Support > Test Software command has been run and it returned a Pass result.

  2. Log in to the NetBackup Appliance Shell Menu from the IPMI console.


    Veritas recommends that you log in using the shell menu from the IPMI console instead of an SSH session. The IPMI console is also known as the Veritas Remote Manager interface. For details about how to access and use the Veritas Remote Manager, refer to the following document: NetBackup Appliance Hardware Installation Guide.

  3. Make sure that you have downloaded and have run the latest version of the Appliance Upgrade Readiness Analyzer tool. The analyzer tool must produce a pass result before you can continue to the next step.
  4. To install the software release update, run the following command:

    Main_Menu > Manage > Software > Install patch_name

    Where patch_name is the name of the release update to install. Make sure that this patch name is the one that you want to install.

  5. Monitor the preflight check and watch for any failure and warning messages.
    • If no Check failed messages appear, you are prompted to continue to the next step to start the upgrade.

    • If any Check failed messages appear, the upgrade is not allowed. You must resolve the reported failures, then launch the upgrade script again so that the preflight check can verify that the failures have been resolved.

    • If any Check failed messages indicate that a RHEL version third-party plug-in was not found, you must obtain the plug-in from the appropriate vendor.

    • If any warning messages appear, Veritas recommends that you read the message and try to resolve the issue before you continue the upgrade. A warning message does not prevent the upgrade from proceeding.

  6. Starting with release 5.0, a Call Home settings test is performed. If Call Home is disabled, a prompt appears for you to enable the feature to ensure the Call Home test is performed. You can also enable a proxy server if the test fails. The following warning message is displayed:


    The appliance is not able to connect to the Veritas Call Home server to upload hardware and software telemetry. Providing the Call Home information to Veritas allows for an improved support experience and recommendations through the NetInsights Console. It is recommended that you enable Call Home and ensure the system can reach the Veritas Call Home server through correct name resolution or proxy server setting.

    You can ignore this warning and continue to the next step.

  7. After all preflight check items have passed, and before the upgrade begins, you must first select how the upgrade process should respond if any errors occur during the upgrade. The following prompt appears:
    If an error occurs during the upgrade, do you want to
    immediately enforce an automatic rollback? [yes, no]

    Enter yes to immediately enforce an automatic rollback.

    Enter no to pause the upgrade process and investigate the errors.

  8. After all preflight check items have passed, you may need to trust the CA certificate and the host ID-based certificate to start the upgrade process.

    To trust and deploy the CA certificates, do the following:

    • Verify the CA certificate detail and enter yes to trust the CA certificate, as follows:

      To continue with the upgrade, verify the following CA 
      certificate detail and enter "yes" to trust the CA certificate.
      CA Certificate Details:
           Subject Name : /CN=nbatd/
             Start Date : Jul 14 12:59:18 2017 GMT
            Expiry Date : Jul 09 14:14:18 2037 GMT
       SHA1 Fingerprint : 31:E9:97:2E:50:11:51:7C:D6:25:7F:32:86:3D:
      >> Do you want to trust the CA certificate? [yes, no](yes) 
    • If the security level of the primary server is Very High, you must manually enter an authorization token to deploy the host ID-based certificate on the appliance, as follows:

      >> Enter token:


      If the appliance does not have a valid host-id certificate before the next upgrade to a later version, a reissue token is required for the next upgrade.

    • If the security level of the primary server is High or Medium, the authentication token is not required. The host ID-based certificate is automatically deployed onto the appliance.

    For more information about security certificates, refer to the chapter "Security certificates in NetBackup" in the NetBackup Security and Encryption Guide.

  9. During the upgrade process, you can login using SSH and start the AIM window to check the upgrade status (except during the reboot process).

    To check the upgrade status, you can:

    • Login using an SSH session and start the AIM window to monitor the upgrade process. Enter the following command:

      Main_Menu > Manage > Software > UpgradeStatus.

    • Login using the IPMI console and start the AIM window. Enter the following command:

      Main_Menu > Manage > Software > UpgradeStatus.

    • Monitor the upgrade process using the IPMI console. When all the updates have been installed successfully, a login prompt appears.

  10. If problems are detected during the post-upgrade self-test, the AIM window shows the upgrade status as Paused. Other SSH sessions and email notifications also indicate this status.

    To clear the Paused status, perform the following tasks:

    • Press the V key to switch to the Verbose view to see the logs. If there are any Unique Message Identification (UMI) codes for the errors, search for them on the Veritas Support website to get more detailed information.

    • Try to fix the problem that the AIM window reports.

      If you need to use the shell menu, log on to the NetBackup Appliance Shell Menu through an SSH session. When the AIM window appears, press the S key to close it.

    • Go back to the AIM window on the IPMI console.

      If you tried fixing the problem, press the A key to attempt the self-test again. If you cannot fix the problem, contact Veritas Support or press the R key to roll back the appliance to the previous software version.

  11. After the upgrade has completed, the AIM window shows a summary of the upgrade results.

    After the disk pools are back online, the appliance runs a self-diagnostic test. Refer to the following file for the test results:


    If SMTP is configured, an email notification that contains the self-test result is sent.

  12. For HA setups only:

    After you have completed the upgrade on the first node, run the Support > Test Software command to verify the status of various appliance software components. If the test passes, log in to the other node and upgrade it in the same manner as the first node.

  13. Complete this step only if your backup environment includes SAN client computers.

    The Fibre Channel (FC) ports must be re-scanned to allow any SAN client computers to reconnect to the Fibre Transport (FT) devices. The re-scan must be done from the NetBackup CLI view on the appliance.

    To re-scan the FC ports:

    • Enter the following command to see a list of NetBackup user accounts:

      Manage > NetBackupCLI > List

    • Log on to this appliance as one of the listed NetBackup users.

    • Run the following command to rescan the FC ports:

      nbftconfig -rescanallclients

    • If any SAN clients still do not work, run the following commands on each of those clients in the order as shown:

      On UNIX clients:



      On Windows clients:



    • If any SAN clients still do not work, manually initiate a SCSI device refresh at the OS level. The refresh method depends on the operating system of the client. Once the refresh has completed, attempt the nbftconfig -rescanallclients command again.

    • If any SAN clients still do not work, reboot those clients.


      If you have SLES 10 or SLES 11 SAN clients that still do not work, Veritas recommends upgrading the QLogic driver on those clients. For the affected SLES 10 clients, upgrade to version For the affected SLES 11 clients, upgrade to version


    Starting with NetBackup Appliance version 5.0, refer to the NetBackup Appliance Security Guide to run NetBackup commands as a NetBackupCLI user.