Data-in-transit encryption (DTE) enabled Backup/Restore/Duplication failing with error 8314, 8315, 8316, 9131.

Problem

Data-in-transit encryption(DTE) enabled Backup/Restore/Duplication failing with following error codes.

8314,8315,8316,9131.

Error Message

8314 - The media is not yet ready for the backup operation.

8315 - The media server has not completed the backup operation.

8316 - Failed to retrieve the pre-shared key which is required for TLS communication.

9131 - The SSL handshake failed.

Cause

SSL handshake failure between NetBackup entities(media server and client) during data transfer or the media server that has requested the backup operation is busy.

Solution

NetBackup 10.0 supports Data-in-transit encryption(DTE) with which in operation like backup, restore and duplication, data is directly transferred between NetBackup entities(media server and client) over secure TLS channel. Data is TLS encrypted from peer to peer and no proxy is involved in between.

If data-in-transit encryption(DTE) enabled operation has failed, user needs to look into media server bpbrm, bptm/bpdm and client bpbkar/tar logs.

If the failure is consistent, contact support or set ENABLE_PROXY_FOR_DTE=1 in the bp.conf configuration file. With this configuration set, data is transferred over secure channel via vnetd proxy.

• For backup & restore, ENABLE_PROXY_FOR_DTE is needed to be set in media server bp.conf.
• For duplication ENABLE_PROXY_FOR_DTE is needed to be set in primary server bp.conf.
• Please note, this workaround will cause performance degradation.

Use the nbsetconfig command to update the given NetBackup configuration option. For more information about the nbsetconfig command, please see the Veritas NetBackup Commands Reference Guide.