Problem:
Unable to open the NetBackup Administration Console.
Error Message:
Unable to login, status: 526
Cannot connect to the PBX service.
Windows log data path:
Example:
C:\Program Files\Veritas\NetBackup\logs\user_ops\nbjlogs\jbp.2019021312374595
[2/13/19 12:38:19 PM EST {1550079499635}] [-1] [Session] shutdown SI, siShutdown:false, initialLoginRequired:true
Can not connect to the NB-Java authentication service on master_server on port 1556. Exception:
vrts.shared.server.CantConnectToAuthServViaVNETDException
Cause:
The Linux Master server is using a firewall (iptables) and blocking communication to PBX port 1556.
Solution:
REF: NetBackup 6.x and 7.x and 8.x firewall port requirements
Java/Windows admin consoles to master and media servers requires the TCP port for PBX/1556, bi-directional.
This article offers two suggestions.
1. Allow communication to NetBackup port 1556 in the firewall.
Example:
a. View the firewall settings.
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Note: The above is default and there's no exception for PBX (1556).
b. Open PBX port (1556):
# iptables -I INPUT -p tcp -m tcp --dport 1556 -j ACCEPT
b. Save the changes:
# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
c. Reload the service:
# service iptables reload
d. View the firewall settings and note that 1556 is now ACCEPT.
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:1556
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
2. Disable the firewall.
a. Stop the service.
# service iptables stop
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
b. View the firewall settings.
# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Note: This temporary work-around will remain in effect until the server is rebooted. Refer to the Linux Operating System guide(s) if you want to disable the firewall permanently.
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.