Problem
After migration, on Windows server, NetBackup Webui displaying the message "Unable to connect to the server".
Error Message
Cause
After migration, the value certificate.renew.required=1 is set in the web.conf file in the path <install_path>\NetBackup\var\global\wsl\config.
Due to this, NetBackup tries to renew the tomcat/machine/hosts/SAML certificates.
If the SAML certificate is present, then it fails with the following:[Debug] NB 51216 nbwebapi 495 PID:9772 TID:212 File ID:495 [No context] 5 [com.netbackup.security.common.NBCertRenew] com.netbackup.security.common.NBCertRenew configureCerts script exit status : 1
[Debug] NB 51216 nbwebapi 495 PID:9772 TID:212 File ID:495 [No context] 5 [com.netbackup.nbsl.NBSLUtil] calling nbsl logToErrorLog() to log:Error importing new certificate to keystore, with severity:32
Solution
- Update the value of certificate.renew.required from 1 to 0 and add configureCerts.execution.required=0 in the web.conf file in the path <install_path>\NetBackup\var\global\wsl\config.
Example:
Original file value:
#Last Updated on
#Tue Mar 11 04:19:05 UTC 2025
certificate.renew.required=1
db.b64encodedpwd=WURadXh4Wlh3aFdIeHRMWHdSODV4aXBXMjBWek1iVG9KOTAxUUtia0dYY2VnNDhqZ1ZOWEdZWmxvVGI5WUNr
db.pgsqlpoolerport=13787
db.user=NBWEBSVC
Updated file value:
#Last Updated on
#Tue Mar 11 04:19:05 UTC 2025
certificate.renew.required=0
configureCerts.execution.required=0
db.b64encodedpwd=WURadXh4Wlh3aFdIeHRMWHdSODV4aXBXMjBWek1iVG9KOTAxUUtia0dYY2VnNDhqZ1ZOWEdZWmxvVGI5WUNr
db.pgsqlpoolerport=13787
db.user=NBWEBSVC - run the command on the target Windows primary server:
<install_path>\NetBackup\bin\bpnbat -login -loginType WEB
- run the command on the target Windows primary server:
<install_path>\NetBackup\bin\nbidpcmd -cCert -f
- Check if SSO is configured, by running the command on the target Windows primary server:
<install_path>\NetBackup\bin\nbidpcmd -scl
If the output displays the IDP details, then follow step 5.
Example:C:\Veritas\NetBackup\bin>nbidpcmd -sclIdentity provider name: [okta]
Identity provider type: [SAML2]
Enabled: [true]Successfully displayed the details for all the identity providers.
C:\Veritas\NetBackup\bin\>
If the output displays that SSO is not configured, skip step 5.
Example:
C:\Veritas\NetBackup\bin> nbidpcmd -scl
No records were found.
C:\Veritas\NetBackup\bin> If SSO is configured, then download the new metadata and update the IDP with it.
To download the service provider (SP) metadata XML file, enter the following URL in the browser (Primary server is the SP in the NetBackup environment):
https://primaryserver/netbackup/sso/saml2/metadata
Where: primaryserver is the IP address or hostname of the NetBackup primary server.
Update the IDP with this metadata.Restart the NetBackup services on the Windows target primary server.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.