Tomcat and nbwebsvc certificates are not renewed automatically on the master server with non-English locale.

Tomcat and nbwebsvc certificates are not renewed automatically on the master server with non-English locale.

  • Article ID:100044601
  • Last Published:
  • Product(s):Appliances, NetBackup
  • Ratings: 2 0

Problem

Tomcat and nbwebsvc certificates are not renewed automatically on the master server with non-English locale.
Tomcat and nbwebsvc certificates expire one year after their issue date. They are supposed to be automatically renewed 180 days before the expiration date.
But they are not renewed automatically if non-English local is used for the master server.
The issue affects NetBackup 8.0 through 8.1.2 on all of the operating system using non-English locale.

For example, you may experience the following situation when a certificate expires.

  -. The expiration of these certificates results in failures of all of the NetBackup operations such as running backups, logging in to NetBackup Administration Console.
  -. You cannot login to NetBackup Administration Console, but the backup jobs will continue to run as normal after the expiration of the certificates.

Error Message

The renewal process is performed every 24 hours, and nbwebservice log shows the following messages (java.text.ParseException: Unparseable date) each time.
You can see these messages in OID 466 (NetBackup 8.1 and earlier) or OID 495 (NetBackup version 8.1.1 and later).

  NBCertRenewTask failed to renew nbwebsvc user credentials - java.text.ParseException: Unparseable date
  NBCertRenewTask failed to renew web service NBAC credentials - java.text.ParseException: Unparseable date
  NBCertRenewTask failed to renew TOMCAT credentials - java.text.ParseException: Unparseable date

 

When certificate expires, the following errors appear depending on the situation.

  A backup job fails with Status 8506: The certificate has expired.
  NetBackup Administration Console fails to login to the Master Server with Status 7656: Certificate Revocation List is out of date.
  "nbcertcmd -getCertificate -force" fails with Status 8625: Server is unavailable to process the request. Please try later.

Cause

The renewal process on non-English locale fails to parse expiry date. When NBCertRenew class of renewal process does format and parse dates with Java SimpleDateFormat class, an exception occurs because it does not consider locale.

Solution

Veritas Technologies LLC is aware that the above-mentioned issue (Etrack 3966961) is present in the current version(s) of the product(s) mentioned in this article. Veritas is committed to product quality and satisfied customers.

Please note that Veritas reserves the right to remove any fix from the targeted release if it does not pass quality assurance tests or introduces new risks to overall code stability. Veritas' plans are subject to change and any action taken by you based on the above information or your reliance upon the above information is made at your own risk.

Workaround:

An Emergency Engineering Binary (EEB) containing a fix for this issue for NetBackup 8.1 is available by contacting Veritas technical support, referencing this document ID and Etrack 3966961.
If the certificate has already been expired or you want to manually regenerate the certificates before installing EEB, perform the following steps on NetBackup master server.

  UNIX/Linux:
   1) /usr/openv/netbackup/bin/nbwmc -terminate
   2) /usr/openv/netbackup/bin/admincmd/nbcertconfig -u -i
   3) /usr/openv/netbackup/bin/admincmd/nbcertconfig -m
   4) /usr/openv/netbackup/bin/admincmd/nbcertconfig -t
   5) /usr/openv/wmc/bin/install/configureWmc
   6) /usr/openv/wmc/bin/install/configureCerts
   7) /usr/openv/wmc/bin/install/setupWmc
   8) /usr/openv/netbackup/bin/nbwmc -start
   9) /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
  10) /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force
  11) Remove the /usr/openv/var/global/vxss/nbcertservice/install_token file

  Windows:
   1) <Install_Path>\NetBackup\bin\bpdown -e "NetBackup Web Management Console" -f -v
   2) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -u -i
   3) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -m
   4) <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t
   5) <Install_Path>\NetBackup\wmc\bin\install\configureWmc
   6) <Install_Path>\NetBackup\wmc\bin\install\configureCerts
   7) <Install_Path>\NetBackup\wmc\bin\install\setupWmc
   8) <Install_Path>\NetBackup\bin\bpup -e "NetBackup Web Management Console" -f -v
   9) <Install_Path>\NetBackup\bin\nbcertcmd -getCACertificate
  10) <Install_Path>\NetBackup\bin\nbcertcmd -getCertificate -force
  11) Remove the <install_path>\NetBackup\var\global\vxss\nbcertservice\install_token file

  *) In the case of Windows, perform "set WEBSVC_PASSWORD=<nbwebsvc password>" command in advance.
  *) If NetBackup master server is 8.1.1 or above, step 4) is "nbcertconfig -t -f".
  *) If step 10) fails, then run the following command to create a token.

    a) Login to bpnbat as follows

      UNIX/Linux:  /usr/open/netbackup/bin/bpnbat -login -loginType WEB
      Windows:     <install_path>\Veritas\NetBackup\bin\bpnbat -login -loginType WEB

      Provide the following information:

      Authentication Broker [MasterServer1 is default]:
      Authentication port [0 is default]:
      Authentication type (NIS, NISPLUS, WINDOWS, vx, unixpwd, ldap) [unixpwd is default]:
      Domain [MasterServer1 is default]:  example.netbackup.com
      Login Name [root is default]:
      Password:

    b) Run the following to create a reissue token

      UNIX/Linux:  /usr/openv/netbackup/bin/nbcertcmd -createToken -name token-YYYYMMDD -reissue -host <Master server name>
      Windows:     <Install_Path>Veritas\netbackup\bin\nbcertcmd -createToken -name token-YYYYMMDD -reissue -host <Master server name>

      Note: The token name token-YYYYMMDD is just an example, enter a relevant name for token and use the one that you get after running the command.

    c) Run the nbcertcmd command, to store the Certificate Authority certificate and to generate the host certificate.

      UNIX/Linux: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
                             /usr/openv/netbackup/bin/nbcertcmd -getCertificate -token <a reissue token> -force

      Windows:    <install_path>\Veritas\NetBackup\bin\nbcertcmd -getCACertificate
                           <install_path>\Veritas\NetBackup\bin\nbcertcmd -getCertificate -token <a reissue token> -force

      Note: In above command replace <a reissue token> with actual token obtained in previous command without brackets.

If the certificate has already been expired on NetBackup media server or client before installing EEB, perform the following steps on NetBackup media server or client.

  UNIX/Linux: /usr/openv/netbackup/bin/nbcertcmd -getCACertificate
                         /usr/openv/netbackup/bin/nbcertcmd -getCertificate -force

  Windows:    <install_path>\Veritas\NetBackup\bin\nbcertcmd -getCACertificate
                       <install_path>\Veritas\NetBackup\bin\nbcertcmd -getCertificate -force

 

Downloads

Windows:

eebinstaller_3966961_1_AMD64.exe

RedHat Enterprise Linux:

eebinstaller_3966961_1_linuxR_x86  

Other Operating Systems:

NB_8.1_eebinstaller_3966961_1.zip

Zip File Package Contents:

eebinstaller_3966961_1_hpia64

eebinstaller_3966961_1_linuxS_x86    

eebinstaller_3966961_1_rs6000    

eebinstaller_3966961_1_solaris    

eebinstaller_3966961_1_solaris_x86    

Appliances:

NBAPP_EEB_ET3966961-3.1.0.0-1.x86_64.rpm    

VRTSflex-nb_EEB_ET3966961-8.1-1.x86_64.rpm

 

Checksums

EEB Installer      sha256sum

eebinstaller_3966961_1_AMD64.exe              eb3294f5ca491bbb54402e9e9b1fd1d928362a232b94d64f5e5b6a1892326183

eebinstaller_3966961_1_hpia64              1ca05622778ef44b8ecce37e54d82c3babee53a26da9d5a78c492119dff87223

eebinstaller_3966961_1_linuxR_x86              e37849af0a2d0d1d8079f4a3e8277a7e928acb20da8cc16d127339a8f33cb214

eebinstaller_3966961_1_linuxS_x86              58632e58b43c2d52990724ec43659f6b02c6a0fba600798e216c572caf9f8d54

eebinstaller_3966961_1_rs6000              1a1d982b5f32d9f0624fece8a1b103b83d1453158b1fd7f49b77fbfdf357d620

eebinstaller_3966961_1_solaris              62732f08733d06add0fdd62d8108e14a88393fb28c7b8d71e9c0b54feb6a1cca

eebinstaller_3966961_1_solaris_x86              fdee27a816b9e9ad5d22be3110d0ea4a12b56afe84b2bb80792a6c3ea9db336e

NBAPP_EEB_ET3966961-3.1.0.0-1.x86_64.rpm              d9d9ef74b2d1a0a5dcfca73a0c1ebcdf479ae618fb77f677ca87b22955520071

VRTSflex-nb_EEB_ET3966961-8.1-1.x86_64.rpm              0fa76099d03668683558bb52fca48914d06fbb090f4bf5f7a66e1371221a9f5c

Downloads

References

Etrack : 3966961

Was this content helpful?