Unable to complete the "Configure Cloud Storage Server" wizard due to "Login credentials verification failed for server xxxx"
Problem
When running the NetBackup "Configure Cloud Storage Server" wizard to a local private cloud which is either SSL or TLS enabled, it will be necessary to obtain a proper SSL certificate and apply that certificate to the specified NetBackup Media Server in order to allow the secure connection to complete.
If the required certificate has not been properly applied to NetBackup, the wizard may fail at this point:
Error Message
The Cloud Storage Server Configuration Wizard error reads:
Login credentials verification failed for server xxxx
Cause
This is a generic error. It will be observed when the login credentials are incorrect. For example, "Access key ID" and "Secret access key". This error will also appear if the SSL / TLS certificate is improper, even if the login credentials are technically correct.
To identify if the login credential error observed on-screen while running the wizard is caused by an improper SSL / TLS certificate, it will be necessary to enable tpcommand logging on the Media Server specified in the wizard.
To enable tpcommand logging create the following directory on the Media Server in question:
Windows: install_path\Veritas\Volmgr\debug\tpcommand
It will be necessary to reproduce the error in order to populate content into the tpcommand log folder.
Examination of the tpcommand log shows the following:
11:36:37.616 [29608] <2> MyMaster: ibmcoslan: S3 URL: https://MyLocalCloudAppliance.example.net:443/
11:36:37.616 [29608] <2> MyMaster: ibmcoslan: Setting Url: https://MyLocalCloudAppliance.example.net:443/
11:36:37.616 [29608] <4> MyMaster: CurlHttpClient: CurlHttpClient::addJobForProcessing: adding job 0x1903dd0
11:36:37.616 [29608] <2> MyMaster: ibmcoslan: Building header:
11:36:37.616 [29608] <2> MyMaster: ibmcoslan: stringToSign in object- GET Fri, 03 Feb 2017 16:36:37 GMT /
11:36:37.616 [29608] <4> MyMaster: CurlHttpClient: CurlHttpClient::addToMultiCurlHandle: added handle 0x155f2b0 (easy handle = 0x18ee320) for job 0x1903dd0
11:36:37.616 [29608] <4> MyMaster: CurlHttpClient: CurlHttpClient::doTransfer: 0 curl easy handles running and 1 jobs in run queue at start
11:36:38.663 [29608] <4> MyMaster: CurlHttpClient: After curl_multi_perform: aReadyNess = 0, mStillRunning = 1
11:36:38.665 [29608] <4> MyMaster: CurlHttpClient: After curl_multi_perform: aReadyNess = 1, mStillRunning = 0
11:36:38.665 [29608] <4> MyMaster: CurlHttpClient: CurlHttpClient::processCompletedEasyHandle: job 0x1903dd0 removed from running jobs
11:36:38.665 [29608] <2> MyMaster: CurlHttpClient: CurlHttpClient::processCompletedEasyHandle: Job NOT succeeded, going for retry..
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::getRetryType entry..
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: AmzResiliency::getRetryType for sts error: 2060017, cURL error: 60, multi cURL error: 0, HTTP return value: 0
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::amzIsHttpSuccess entry..
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: HTTP Error : 0 amzIsHttpSuccess Result : 0
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::amzIsHttpSuccess leave..
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::checkResponseXML entry..
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: AmzResiliency::checkResponseXML Error: no xml data received
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: XML String
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: XML errorcode
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::checkResponseXML leave..
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: CommonCurlResiliency::getRetryType entry..
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: CommonCurlResiliency::getRetryType CURL Error : 60
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: CommonCurlResiliency::getRetryType No retry for CURL error 60
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: RetryType : RETRY_NOT_APPLICABLE
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: CommonCurlResiliency::getRetryType leave..
11:36:38.665 [29608] <8> MyMaster: AmzResiliency: RetryType : RETRY_NOT_APPLICABLE
11:36:38.665 [29608] <16> MyMaster: AmzResiliency: AmzResiliency::getRetryType cURL error: 60, multi cURL error: 0, HTTP status: 0, XML response: None, RetryType: RETRY_NOT_APPLICABLE
11:36:38.665 [29608] <2> MyMaster: AmzResiliency: AmzResiliency::getRetryType leave..
11:36:38.665 [29608] <16> MyMaster: CurlHttpClient: CurlHttpClient::processCompletedEasyHandle : retry failed with STS error 2060019 ("error occurred on network socket").
The error observed in the tpcommand log "cURL error: 60" can be decoded by reviewing the cURL error codes documented on this web site:
- 3rd Party Reference: https://curl.se/libcurl/c/libcurl-errors.html
- A "cURL error: 60" is defined as:
CURLE_PEER_FAILED_VERIFICATION (60)
The remote server's SSL certificate or SSH md5 fingerprint was deemed not OK. This error code has been unified with CURLE_SSL_CACERT since 7.62.0. Its previous value was 51.
- A "cURL error: 60" is defined as:
Solution
To correct this error, it is necessary to:
2. Apply the certificate to NetBackup using the steps outlined in the following article:
- https://www.veritas.com/docs/100032993 - Cloud Storage Configuration: How to Add a Cloud Provider (Self-Signed or Public) CA Certificate
- https://www.veritas.com/docs/100032774 - How to clean NetBackup from a failed or successful run of the Cloud Storage Server wizard
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.