NetBackup™ Troubleshooting Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (11.0)
  1. Introduction
    1.  
      Additional resources on NetBackup logging and status code information
    2.  
      Troubleshooting a problem
    3.  
      Problem report for Technical Support
    4.  
      About gathering information for NetBackup-Java applications
  2. Troubleshooting procedures
    1.  
      About troubleshooting procedures
    2. Troubleshooting NetBackup problems
      1.  
        Verifying that all processes are running on UNIX or Linux servers
      2.  
        Verifying that all processes are running on Windows servers
    3.  
      Troubleshooting installation problems
    4.  
      Troubleshooting configuration problems
    5.  
      Device configuration problem resolution
    6.  
      Testing the primary server and clients
    7.  
      Testing the media server and clients
    8.  
      Resolving network communication problems with UNIX clients
    9.  
      Resolving network communication problems with Windows clients
    10. Troubleshooting vnetd proxy connections
      1.  
        vnetd proxy connection requirements
      2.  
        Where to begin to troubleshoot vnetd proxy connections
      3.  
        Verify that the vnetd process and proxies are active
      4.  
        Verify that the host connections are proxied
      5.  
        Test the vnetd proxy connections
      6.  
        Examine the log files of the connecting and accepting processes
      7.  
        Viewing the vnetd proxy log files
    11. Troubleshooting security certificate revocation
      1.  
        Troubleshooting cloud provider's revoked SSL certificate issues
      2.  
        Troubleshooting cloud provider's CRL download issues
      3.  
        How a host's CRL affects certificate revocation troubleshooting
      4.  
        NetBackup job fails because of revoked certificate or unavailability of CRLs
      5.  
        NetBackup job fails because of apparent network error
      6.  
        NetBackup job fails because of unavailable resource
      7.  
        Primary server security certificate is revoked
      8.  
        Determining a NetBackup host's certificate state
      9.  
        Troubleshooting issues with external CA-signed certificate revocation
    12.  
      About troubleshooting networks and host names
    13. Verifying host name and service entries in NetBackup
      1.  
        Example of host name and service entries on UNIX primary server and client
      2.  
        Example of host name and service entries on UNIX primary server and media server
      3.  
        Example of host name and service entries on UNIX PC clients
      4.  
        Example of host name and service entries on UNIX server that connects to multiple networks
    14.  
      About the bpclntcmd utility
    15.  
      Using the Host properties to access configuration settings
    16.  
      Resolving full disk problems
    17. Frozen media troubleshooting considerations
      1.  
        Logs for troubleshooting frozen media
      2.  
        About the conditions that cause media to freeze
    18. Troubleshooting problems with the NetBackup web services
      1.  
        Viewing NetBackup web services logs
      2.  
        Troubleshooting web service issues after external CA configuration
    19.  
      Troubleshooting problems with the NetBackup web server certificate
    20. Resolving PBX problems
      1.  
        Checking PBX installation
      2.  
        Checking that PBX is running
      3.  
        Checking that PBX is set correctly
      4.  
        Accessing the PBX logs
      5.  
        Troubleshooting PBX security
      6.  
        Determining if the PBX daemon or service is available
    21. Troubleshooting problems with validation of the remote host
      1.  
        Viewing logs pertaining to host validation
      2.  
        Enabling insecure communication with NetBackup 8.0 and earlier hosts
      3.  
        Approving pending host ID-to-host name mappings
      4.  
        Clearing host cache
    22. Troubleshooting Auto Image Replication
      1.  
        Rules for primary servers used with Auto Image Replication (A.I.R.) and SLPs
      2. Targeted A.I.R. trusted primary server operation fails with an external certificate configuration
        1.  
          Troubleshoot adding or updating the trust
        2.  
          Troubleshoot removing the trust
      3.  
        About troubleshooting automatic import jobs that SLP components manage
    23.  
      Troubleshooting network interface card performance
    24.  
      About SERVER entries in the bp.conf file
    25.  
      About unavailable storage unit problems
    26.  
      Resolving a NetBackup Administration operations failure on Windows
    27.  
      Resolving garbled text displayed in NetBackup Administration Console on a UNIX computer
    28.  
      Troubleshooting error messages in the NetBackup web UI and the NetBackup Administration Console
    29.  
      Extra disk space required for logs and temporary files for the NetBackup Administration Console
    30.  
      Unable to logon to the NetBackup Administration Console after external CA configuration
    31.  
      Troubleshooting file-based external certificate issues
    32.  
      Troubleshooting issues with external certificate configuration
    33.  
      Troubleshooting Windows certificate store issues
    34.  
      Troubleshooting backup failures
    35.  
      Troubleshooting backup failure issues with NAT clients or NAT servers
    36.  
      Troubleshooting issues with the NetBackup Messaging Broker (or nbmqbroker) service
    37.  
      Troubleshooting issues with email notifications for Windows systems
    38.  
      Troubleshooting issues with KMS configuration
    39.  
      Troubleshooting issues with initiating the NetBackup CA migration because of large key size
    40.  
      Troubleshooting issues with the non-privileged user (service user) account
    41.  
      Troubleshooting issues with group name format in the auth.conf file
    42.  
      Troubleshooting the VxUpdate add package process
    43.  
      Troubleshooting issues with FIPS mode
    44.  
      Troubleshooting issues with malware scanning
    45.  
      Troubleshooting issues with NetBackup jobs that are enabled for data-in-transit encryption
    46.  
      Troubleshooting issues with Unstructured Data Instant Access
    47.  
      Troubleshooting issues with multifactor authentication
    48.  
      Troubleshooting issues with multi-person authorization
    49.  
      Troubleshooting connections to the NetBackup Scale-Out Relational Database
    50.  
      Troubleshooting issues with private key encryption
    51.  
      Troubleshooting issues with the security configuration risk feature
    52.  
      Troubleshooting issues with the risk engine-based anomaly detection options
  3. Using NetBackup utilities
    1.  
      About NetBackup troubleshooting utilities
    2.  
      About the analysis utilities for NetBackup debug logs
    3.  
      About the Logging Assistant
    4.  
      About network troubleshooting utilities
    5. About the NetBackup support utility (nbsu)
      1.  
        Output from the NetBackup support utility (nbsu)
      2.  
        Example of a progress display for the NetBackup support utility (nbsu)
    6. About the NetBackup consistency check utility (NBCC)
      1.  
        Output from the NetBackup consistency check utility (NBCC)
      2.  
        Example of an NBCC progress display
    7.  
      About the NetBackup consistency check repair (NBCCR) utility
    8.  
      About the nbcplogs utility
    9. About the robotic test utilities
      1.  
        Robotic tests on UNIX
      2.  
        Robotic tests on Windows
    10. About the NetBackup Smart Diagnosis (nbsmartdiag) utility
      1.  
        Workflow to use the nbsmartdiag utility for NetBackup host communication
    11.  
      About log collection by job ID
  4. Disaster recovery
    1.  
      About disaster recovery
    2.  
      Recommended backup practices
    3.  
      Requirements and notes for disaster recovery
    4.  
      Disaster recovery packages
    5.  
      About disaster recovery settings
    6. About disk recovery procedures for UNIX and Linux
      1. About recovering the primary server disk on Linux
        1.  
          Recovering the primary server when root is intact
        2.  
          Recovering the primary server when the root partition is lost
      2.  
        About recovering the NetBackup media server disk for UNIX
      3.  
        Recovering the system disk on a UNIX client workstation
    7. About clustered NetBackup server recovery for UNIX and Linux
      1.  
        Replacing a failed node on a UNIX or Linux cluster
      2.  
        Recovering the entire UNIX or Linux cluster
    8. About disk recovery procedures for Windows
      1. About recovering the primary server disk for Windows
        1.  
          Recovering the primary server with Windows intact
        2.  
          Recovering the primary server and Windows
      2.  
        About recovering the NetBackup media server disk for Windows
      3.  
        Recovering a Windows client disk
    9. About clustered NetBackup server recovery for Windows
      1.  
        Replacing a failed node on a Windows VCS cluster
      2.  
        Recovering the shared disk on a Windows VCS cluster
      3.  
        Recovering the entire Windows VCS cluster
    10.  
      Generating a certificate on a clustered primary server after disaster recovery installation
    11.  
      About the DR_PKG_MARKER_FILE environment variable
    12.  
      Restoring the disaster recovery package on Windows
    13.  
      Restoring the disaster recovery package on Linux
    14. Options to recover the NetBackup catalog
      1. Prerequisites for recovering the NetBackup catalog or NetBackup catalog image files
        1.  
          Establishing a connection with NAT media server before catalog recovery
      2.  
        About NetBackup catalog recovery on Windows computers
      3.  
        About NetBackup catalog recovery from disk devices
      4.  
        About NetBackup catalog recovery and symbolic links
      5.  
        NetBackup disaster recovery email example
      6. About recovering the entire NetBackup catalog
        1.  
          Recovering the entire NetBackup catalog using the NetBackup catalog recovery wizard
        2.  
          Recovering the entire NetBackup catalog using bprecover -wizard
        3.  
          Specifying the NetBackup job ID number after a catalog recovery
      7. About recovering the NetBackup catalog image files
        1.  
          Recovering the NetBackup catalog image files using the NetBackup catalog recovery wizard
        2.  
          Recovering the NetBackup catalog image files using bprecover -wizard
      8. About recovering the NetBackup databases
        1.  
          Recovering the NetBackup database from a backup
        2.  
          Recovering the NetBackup database from staging
        3.  
          About processing the NetBackup database in staging
        4.  
          Terminating database connections
      9.  
        Recovering the NetBackup catalog when NetBackup Access Control is configured
      10.  
        Recovering the NetBackup catalog from a nonprimary copy of a catalog backup
      11.  
        Recovering the NetBackup catalog without the disaster recovery file
      12.  
        Recovering a NetBackup user-directed online catalog backup from the command line
      13.  
        Restoring files from a NetBackup online catalog backup
      14.  
        Unfreezing the NetBackup online catalog recovery media
      15.  
        Steps to carry out when you see exit status 5988 during catalog recovery

Troubleshooting issues with the security configuration risk feature

Security configuration risk depends on the status of the security settings in your NetBackup domain. A higher configuration risk score indicates weaker security configurations. To minimize the risk, enable all the security settings.

For more information on the security configuration risk feature, refer to the NetBackup Security and Encryption Guide.

Table:

Sr. No.

Issue

Possible reason

Resolution

1.

Internal server error in:

GET API /security/status

Error in extracting the cluster name or client name for the given host through NetBackup Service Layer (NBSL).

Check the logs to confirm the following:

"Cannot retrieve hostName from system property"

Check if the NBSL service is up and running.

Ensure that the Client name (virtual name in case of cluster) is properly set for the given primary server.

Exception in searching for the given host by its host name in database.

Check the logs to confirm the following:

"Exception occurred: hostname not found."

Ensure that the NetBackup database services are up and running. Increase verbosity, and retry the operations.

Contact Cohesity technical support.

Failure in reading base state template from database.

Check the logs to confirm the following:

"Caught exception while reading security template json."

Ensure that the correct JSON file is present in the database in EMM_MAIN schema:

emm_hostconffileversiondata

No key should have a null value.

Error in extracting number of hosts configured with service user from the database.

Check the logs.

Ensure that the NetBackup database services are up and running.

Increase verbosity, and retry the operations.

Contact Cohesity technical support.

API failed to extract malware configuration details for the host.

Check the logs to confirm the following:

"Exception raised from getting malware settings"

Increase verbosity, and retry the operations.

Contact Cohesity technical support.

API failed to extract number of hosts from the database.

Check the logs to confirm the following:

"Cannot retrieve number of hosts from database."

Ensure the NetBackup database services are up and running.

Increase verbosity, and retry the operations. Contact Cohesity technical support.

API failed to extract supported operations for MPA.

Check the logs to confirm the following:

"Error in fetching list of MPA supported operations."

Ensure the NetBackup database services are up and running.

Increase verbosity, and retry the operations. Contact Cohesity technical support.

8.

Internal server error in POST API /security/configuration-baseline

Validation of the request DTO failed.

Check the logs to confirm the following:

"Request DTO validation failed."

Validate input JSON to the API. Refer to the following to check the possible states of settings:

  • "allowInsecureBackLevelHost": 0/1

  • "certificateAutoDeployLevel": 0/1/2

  • "mfaEnforced": false/true

  • "dteGlobalMode": "PREFERRED_OFF"/"PREFERRED_ON"/"ENFORCED"

  • "backupAnomalyDetection": "0/1"

  • "mpa" : "ENABLED"/"DISABLED"

  • "hostPercentageWithServiceUser": "<Precentage value 0 to 100>"

  • "hostPercentageWithDteEnabled": "<Precentage value 0 to 100>"

  • "malwareDetection": "NOT_CONFIGURED"/"CONFIGURED"

9.

Notifications for security configuration risk are not generated.

Security baseline may be changed within 10 seconds of the change in configuration settings.

Avoid changing security baseline within 10 seconds of changing the security settings state.

Retry the operations. Contact Veritas technical support if the issue still persists. Collect web service logs and NetBackup audit logs.

10.

Exception with message: "The dashboard security status request or the data that is sent is not valid."

Possible reasons:

  • GET /security/status API refers to record EMM_MAIN.

    EMM_HostConfFileVersionData - whose VersionID has the highest value.

    This record may have incorrect JSON as part of field file contents.

Set the security baseline again.

NetBackup database service is not running.

Ensure that the NetBackup database services are up and running.

Anomaly management service is not running.

Ensure that Anomaly management service is up and running.

nbstserv is not running.

Ensure that nbstserv is up and running.

NetBackup Service Layer service is not running. The file should have service_user permissions.

Ensure that the NetBackup Service Layer (NBSL) is up and running.

Validation of the request DTO failed. The payload provided was having one of the unsupported attributes (from API version 13.0) or invalid value.

Validate input JSON to the POST security/configuration-baseline API for request API Version 12.0.

The following payload JSON is supported:

{ "data": { "type": "securityTemplateRequest", "attributes": { "securitySettingsTemplate": { "allowInsecureBackLevelHost": 0, "certificateAutoDeployLevel": 0, "mfaEnforced": false, "dteGlobalMode": "PREFERRED_OFF", "hostPercentageWithDteEnabled": 0, "backupAnomalyDetection": 0, "mpa": "ENABLED", "malwareDetection": "CONFIGURED", "hostPercentageWithServiceUser": 0 } } } }

Validation of the request DTO failed. The payload was containing attribute with invalid value.

Validate input JSON to the POST security/configuration-baseline API for request API Version 13.0.

The following JSON is supported:

{ "data": { "type": "securityTemplateRequest", "attributes": { "securitySettingsTemplate": { "allowInsecureBackLevelHost": 0, "certificateAutoDeployLevel": 0, "mfaEnforced": false, "dteGlobalMode": "PREFERRED_OFF", "hostPercentageWithDteEnabled": 0, "backupAnomalyDetection": 0, "mpa": "ENABLED", "malwareDetection": "CONFIGURED", "hostPercentageWithServiceUser": 0, "backupStoragePercentageWithEncryptionEnabled": 0, "isImmutableBackupStorageConfigured": true, "serverPercentageWithLatestNbuVersion": 0, "clientPercentageWithLatestNbuVersion": 0, "isCliAccessToOsAdmins": 0, "isWebUiAccessToOsAdmins": 0, "redirectedRestore": true } } } }

11.

Some settings do not have baseline value after upgrade

Some of the new security settings that are added in the NetBackup 11.0 do not have baseline set unless you set it explicitly.

Set the baseline values for all the security settings.