Veritas NetBackup™ Plug-in for VMware vSphere Web Client Guide
- Introduction and notes
- Installing the NetBackup plug-in for vSphere Web Client
- Configuration overview for the NetBackup Recovery Wizard (in the NetBackup plug-in for vSphere Web Client)
- Excluding virtual disks from the backup
- Monitoring backup status
- Restoring virtual machines
- NetBackup Recovery Wizard screens
- NetBackup Instant Recovery Wizard screens
- Troubleshooting
- Appendix A. Instant recovery operations
- Appendix B. Installing the vSphere Web Client plug-in from a NetBackup media server and plug-in package host
Troubleshooting master server communication failures in the plug-in's Recovery Portal
To recover VMs, the plug-in must have a registered NetBackup master server with a valid and correct authentication token. The NetBackup administrator generates the authentication token on a specific NetBackup master server for a specific client (such as a vCenter server). The token gives the vCenter access to the NetBackup master server where the token was generated. (Note: you can validate authentication tokens for currently registered master servers by means of the Recovery Portal.)
option in the plug-in'sIf the TCP/IP address or host name of the vCenter does not exactly match the information in the authentication token, the following operations fail: the Register Master Servers operation, and VM recovery. For VM recovery, the error message you receive depends on where in the plug-in interface you launched the restore attempt. Among the errors you can receive are:
Failed to get master server version. then java.security.cert.CertificateException
No mapping found between vCenter(s) and Master Server(s) Master Server "master_server_name" java.security.cert.CertificateException
Failed to communicate with NetBackup master server master_server_name on port 8443 with the supplied authentication token. Please verify that NetBackup master server name, port and authentication token are valid.
To correctly determine the problem and the corrective action, you must review the VxUL log file. On the master server, issue the command shown:
vxlogview -i nbwebservice -p nb - L -E
The log file includes messages similar to the following:
02/17/2017 10:03:37.831 [Error] Remote host name does not match the name in the certificate, remote name:vcenter02.domain.com, name from certificate:vcenter02
In the log snip shown, the name in the token is vcenter02
and the required name is vcenter02.domain.com
.
Veritas recommends that you revoke the existing token, generate a new token with the required name, and use the new token on the vCenter. If you cannot do that, add the vCenter's fully qualified domain name as an alias for the existing token, as follows:
manageClientCerts -addAlias vcenter02 -HOST vcenter02.domain.com
As an alternative, you can use the -ANY option:
manageClientCerts -addAlias vcenter02 -ANY
-ANY allows any host or any IP address to communicate with the NetBackup server by means of this token.
Caution:
The -ANY option is not a secure method for restores. Please see the NetBackup Commands Reference Guide for more information on the manageClientCerts command.
The log file includes messages similar to the following:
02/17/2017 16:18:13.951 [Error] Remote host name does not match the name in the certificate, remote name:10.10.10.11, name from certificate:vcenter02
In the log snip shown, the name in the token is vcenter02
and the required name is 10.10.10.11
.
Veritas recommends that you revoke the existing token, generate a new token with the required name, and use the new token on the vCenter. If you cannot do that, add the vCenter's TCP/IP address as an alias for the existing token, as follows:
manageClientCerts -addAlias vcenter02 -IP 10.10.10.11
As an alternative, you can use the -ANY option:
manageClientCerts -addAlias vcenter02 -ANY
-ANY allows any host or any IP address to communicate with the NetBackup server by means of this token.
Caution:
The -ANY option is not a secure method for restores.
Additional information is available:
See Adding or deleting an additional host name or IP address for an authentication token.
See the manageClientCerts command in the NetBackup Commands Reference Guide.