NetBackup™ Web UI Cloud Object Store Administrator's Guide
- Introduction
- Managing Cloud object store assets
- Protecting Cloud object store assets
- About accelerator support
- About incremental backup
- About policies for Cloud object store assets
- Planning for policies
- Prerequisites for Cloud object store policies
- Creating a backup policy
- Setting up attributes
- Creating schedule attributes for policies
- Configuring the Start window
- Configuring exclude dates
- Configuring include dates
- Configuring the Cloud objects tab
- Adding conditions
- Adding tag conditions
- Example of conditions and tag conditions
- Managing Cloud object store policies
- Recovering Cloud object store assets
- Troubleshooting
- Recovery for Cloud object store using web UI for original bucket recovery option starts but job fails with error 3601
- Recovery Job does not start
- Restore fails: "Error bpbrm (PID=3899) client restore EXIT STATUS 40: network connection broken"
- Access tier property not restored after overwrite existing to original location
- Reduced accelerator optimization in Azure for OR query with multiple tags
- Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
- Azure backup job fails when space is provided in tag query for either tag key name or value.
- The Cloud object store account has encountered an error
- Bucket list empty when selecting it in policy selection
- Creating second account on Cloudian fails by selecting existing region
- Restore failed with 2825 incomplete restore operation
- Bucket listing of cloud provider fails when adding bucket in Cloud objects tab
Backup is failed and shows a certificate error with Amazon S3 bucket names containing dots (.)
Workaround
Use any of these two workarounds:
Use path style URL to access bucket: Since path style URL adds bucket as part of URL path and not as hostname, we did not get any SSL issues even for buckets with a . (dot) in the name. However, NetBackup default configuration uses Virtual style for all dual stack URLs like
s3.dualstack.<region-id>.amazonaws.com. We can add older s3 URL as path style and can connect with bucket with a (.) in the name. To do this we can add region with plain s3 endpoint (s3.<region-id>.amazonaws.com) and selecting URL Access Style as path style.Disable SSL: This workaround is not the recommended one since it replaces the secure endpoint with unsecure/unencrypted endpoint. After turning off SSL it disables peer host validation of server certificate. It bypasses the hostname match for virtual host style URL of bucket (bucket.123.s3.dualstack.us-east-1.amazonaws.com) with subject name in certificate (*. s3.dualstack.us-east-1.amazonaws.com).