Important Update: Cohesity Products Knowledge Base Articles
All Cohesity Knowledge Base Articles are now managed via the Cohesity Support Portal: https://support.cohesity.com/s/searchunify. The Knowledge Base articles available here will not reflect the latest information or may no longer be accessible.
Problem
NetBackup communication that utilizes 'curl' fails when http/https proxy environment variables are configured.
Error Message
Error 7658: Connection cannot be established because the host validation cannot be performed on the target host
EXIT STATUS 8510: Web service certificate verification failed
Cause
Many organizations redirect Internet-bound traffic through a proxy server. As a result, NetBackup communication that utilizes CURL will fail due to the connection being redirected away from the NetBackup Primary server by the proxy setting.
On Linux clients, look for the following environment variables used for proxy configuration:
http_proxy=
- Sets an endpoint for all HTTP traffic traversing port 80.
https_proxy=
- Similar to http_proxy, this sets an endpoint for all traffic SSL\TLS encrypted traffic traversing port 443.
no_proxy=
- A comma-delimited list of subnets, IP addresses, hostnames and domain names to exclude from proxy. Traffic matching any of the patterns set here will go directly to the destination host.
Example Output of the environment variables where local bypass is omitted:
$ env | egrep -i 'proxy'
http_proxy=http://1.2.3.4:8080
https_proxy=https://1.2.3.4:8080
On Windows clients the following environment variables are used for proxy configuration:
HTTP_PROXY
HTTPS_PROXY
Solution
Option 1 - Configure a local network proxy by-pass using 'no_proxy' environment variable (Linux hosts)
Below is an example on how to set the proxy variables at the shell:
$ export http_proxy=http://1.2.3.4:8080/
$ export https_proxy=https://1.2.3.4:8080/
$ export no_proxy="localhost,127.0.0.1,nbuserver.example.org"
NOTE: To make the proxy settings globally persistent, refer to the Linux documentation for the distribution in use.
On Windows hosts, use the SET command to view or change existing environment variables.
Option 2 - Unset the environment variables in NetBackup start script (Linux hosts)
$ unset http_proxy
$ unset https_proxy
To start NetBackup and PBX without the http/https proxies set, add the following three lines into the start-up scripts for both netbackup and vxpbx_exchanged.
The script locations are:
/etc/rc.d/init.d/netbackup
/etc/rc.d/init.d/vxpbx_exchanged
Add the following 3 lines to the start-up script files above:
# Unsetting proxy variables to fix NetBackup certificate issues
unset http_proxy
unset https_proxy
Restart NetBackup and PBX services.
/etc/rc.d/init.d/netbackup stop
/etc/rc.d/init.d/vxpbx_exchanged stop
/etc/rc.d/init.d/vxpbx_exchanged start
/etc/rc.d/init.d/netbackup start
NOTE: There are no startup scripting options for NetBackup clients running on Windows. Any changes would need to be done outside of NetBackup.
See Related Article
Linux client was unable to connect to the master server. Error code 8510 https://www.veritas.com/support/en_US/article.100047817
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.