Data-in-transit encryption (DTE) enabled Hadoop Restore failing while restoring from Tape Storage with error code 2850.

Problem

Data-in-transit encryption(DTE) enabled Hadoop Restore to fail while restoring from Tape Storage with the below error code 2850.

Error Message

Restore job fails with status code 2850.

Cause

SSL handshake failure between NetBackup entities (media server and client) during data transfer, or the tar is failing to get psk because psk was never submitted for the SSL connection as it is a proxied connection.

Solution

NetBackup 10.0 supports Data-in-transit encryption (DTE) with which in operation like backup, restore and duplication, data is directly transferred between NetBackup entities (media server and client) over secure TLS channels. Data is TLS encrypted from peer to peer and no proxy is involved in between.

If data-in-transit encryption (DTE) enabled operation has failed, the user needs to look into media server bpbrm, bptm/bpdm and client bpbkar/tar logs.

If the failure is consistent, contact support or set ENABLE_PROXY_FOR_DTE=1 in the bp.conf configuration file. With this configuration set, data is transferred over a secure channel via vnetd proxy.

• For backup & restore, ENABLE_PROXY_FOR_DTE is needed to be set in media server bp.conf.
• For duplication, ENABLE_PROXY_FOR_DTE is needed to be set in primary server bp.conf.
• Please note, this workaround will cause performance degradation.

Use the nbsetconfig command to update the given NetBackup configuration option. For more information about the nbsetconfig command, please see the Veritas NetBackup Commands Reference Guide.