Important Update: Cohesity Products Knowledge Base Articles
All Cohesity Knowledge Base Articles are now managed via the Cohesity Support Portal: https://support.cohesity.com/s/searchunify. The Knowledge Base articles available here will not reflect the latest information or may no longer be accessible.
Problem
When opening WebUI with the IP address of the master server ( example - https://192.168.2.48/webui/) webUI will not open.
Error Message
{"errorCode":8963,"errorMessage":"The host name that you have specified to connect to the NetBackup web server is not present in the NetBackup web server certificate."}
In Catalina logs, the following SEVERE error messages can be seen:
28-May-2024 10:18:15.355 SEVERE [catalina-exec-19] com.netbackup.tomcat.filter.NetBackupRequestValidatorFilter.validateHostHeader Allowed ORIGIN header values = [localhost4, localhost4.localdomain4, masterservername] Received header value = [192.168.2.48]
OR
05-Jun-2024 08:07:44.658 SEVERE [catalina-exec-17] com.netbackup.tomcat.filter.NetBackupRequestValidatorFilter.validateHostHeader Allowed HOST header values = [127.0.0.1, localhost, localhost4, localhost4.localdomain4, masterservername, masterservername.domain] Received header value = [192.168.2.48]
Cause
Check the tomcat certificate's Subject Alternative names :# /usr/openv/netbackup/bin/goodies/vxsslcmd x509 -in /usr/openv/var/global/vxss/tomcatcreds/nbwebsvc/.VRTSat/profile/certstore/523b9e6a-masterservername!1556!nbatd!1556.0 -noout -text
# /usr/openv/netbackup/bin/goodies/vxsslcmd x509 -in /usr/openv/var/global/vxss/tomcatcreds/credentials/masterservername -noout -text
X509v3 Subject Alternative Name:
DNS:masterservername.domain.example, DNS:masterservername.domain.local, DNS:masterservername, DNS:localhost4.localdomain4, DNS:localhost4
Solution
Workaround: specify the NetBackup Primary (master) hostname instead of IP address in the web browser URL.
Solution:
Create allowedlist.properties file as below and set file permissions# touch /usr/openv/var/global/wsl/config/allowedlist.properties
# chmod a+r /usr/openv/var/global/wsl/config/allowedlist.properties
# chown nbwebsvc:nbwebgrp /usr/openv/var/global/wsl/config/allowedlist.properties
Add required additional valid host.headers, origin.headers & x.forwarded.host.headers header values as required and save the file.
Restart the NetBackup Web Management Console service.
On a Windows system, the NetBackup Web Management Console service can be restarted from the Windows Service Control Manager.
On UNIX systems /usr/openv/netbackup/bin/nbwmc stop && /usr/openv/netbackup/bin/nbwmc start.
E.g. Edit the file allowedlist.properties as mentioned below to contain IP address or hostname for which error is reported in Catalina logs.
[root@masterservername config]# cat allowedlist.properties
#Properties file to allow additional valid HOST and X-FORWARDED-HOST header values
#Tue Jan 25 2022
host.headers=<IP address>
x.forwarded.host.headers=<IP address>
origin.headers=<IP address>
NOTE: Add the origin.headers OR host.headers header values (primary server hostname or IP addresses) depending upon the error seen in Catalina logs and save the file.
Reference:
NB 10.x - https://www.veritas.com/support/en_US/doc/44037985-162575251-0/v149597730-162575251
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.