Veritas NetBackup™ Troubleshooting Guide
- Introduction
- Troubleshooting procedures
- Troubleshooting NetBackup problems
- Troubleshooting vnetd proxy connections
- Troubleshooting security certificate revocation
- Verifying host name and service entries in NetBackup
- Frozen media troubleshooting considerations
- Troubleshooting problems with the NetBackup web services
- Resolving PBX problems
- Troubleshooting problems with validation of the remote host
- About troubleshooting Auto Image Replication
- Using NetBackup utilities
- About the NetBackup support utility (nbsu)
- About the NetBackup consistency check utility (NBCC)
- About the robotic test utilities
- Disaster recovery
- About disk recovery procedures for UNIX and Linux
- About clustered NetBackup server recovery for UNIX and Linux
- About disk recovery procedures for Windows
- About clustered NetBackup server recovery for Windows
- About recovering the NetBackup catalog
- About NetBackup catalog recovery and OpsCenter
- About recovering the entire NetBackup catalog
- About recovering the NetBackup catalog image files
- About recovering the NetBackup relational database
Test the vnetd proxy connections
The NetBackup command that you use to test the vnetd proxy connections differs between a server and a client.
To test connections from a NetBackup 8.1 or later server to another NetBackup 8.1 or later host, you can use the NetBackup bptestbpcd command with the -verbose option. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of the status codes.
The following example shows a successful connection test from a NetBackup media server named connect-host.example.com to a media server named accept-host.example.com:
# bptestbpcd -host accept-host.example.com -verbose 1 1 1 127.0.0.1:43697 -> 127.0.0.1:58089 PROXY 10.80.97.186:47054 -> 10.80.97.140:1556 127.0.0.1:52061 -> 127.0.0.1:58379 PROXY 10.80.97.186:37522 -> 10.80.97.140:1556 LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@master.example.com/O=vx LOCAL_CERT_SUBJECT_COMMON_NAME = a753da9b-b1ff-4a5f-b57d-69a4e2b47e29 PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@master.example.com/O=vx PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4 PEER_NAME = connect-host.example.com HOST_NAME = accept-host.example.com CLIENT_NAME = accept-host.example.com VERSION = 0x08100000 PLATFORM = linuxR_x86_2.6.18 PATCH_VERSION = 8.1.0.0 SERVER_PATCH_VERSION = 8.1.0.0 MASTER_SERVER = master.example.com EMM_SERVER = master.example.com NB_MACHINE_TYPE = MEDIA_SERVER SERVICE_TYPE = VNET_DOMAIN_CLIENT_TYPE PROCESS_HINT = 7157d866-8eb2-45bb-bde8-486790c0b40c
Conversely, the following example shows a connection test to the same media server that fails after its security certificate was revoked:
# bptestbpcd -host accept-host.example.com -verbose <16>bptestbpcd main: Function ConnectToBPCD(accept-host.example.com) failed: 7653 <16>bptestbpcd main: The Peer Certificate is revoked <16>bptestbpcd main: The certificate of the host that you want to connect to is revoked. Revocation Reason Code : 0 Revocation Time : 1502637798: 7653 The Peer Certificate is revoked
NetBackup hosts must have a valid host ID-based security certificate and a valid certificate revocation list so they can communicate with other NetBackup hosts. The lack of either prevents communication. In this case, you can look up status code 7653 to find the explanation for and recommended action to recover from the error.
On a NetBackup 8.1 or later client, you can use the NetBackup bpclntcmd command to test the connection to the master server. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of status codes. The following is the command syntax:
Windows:
install_path\Veritas\NetBackup\bin\bpclntcmd -pn -verbose
UNIX:
/usr/openv/netbackup/bin/bpclntcmd -pn -verbose
The following example shows a successful response to the bpclntcmd command:
# bpclntcmd -pn -verbose expecting response from server master.example.com 127.0.0.1:52704 -> 127.0.0.1:33510 PROXY 10.80.97.186:40348 -> 10.80.97.157:1556 LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@master.example.com/O=vx LOCAL_CERT_SUBJECT_COMMON_NAME = 7157d866-8eb2-45bb-bde8-486790c0b40c PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@master.example.com/O=vx PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4 PEER_IP = 10.80.97.186 PEER_PORT = 40348 PEER_NAME = connect-host.example.com POLICY_CLIENT = *NULL* Old Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint New Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint 7157d866-8eb2-45bb-bde8-486790c0b40c
Conversely, the following example shows a response to the bpclntcmd command on a NetBackup client that has a revoked certificate:
# bpclntcmd -pn -verbose Unable to perform peer host name validation. Curl error has occurred for peer name: master.example.com, self name: connect-host: 0 [PROXY] Encountered error (VALIDATE_PEER_HOST_PROTOCOL_RUNNING) while processing (ValidatePeerHostProtocol).: 1 Can't connect to host master.example.com: cannot connect on socket (25)
If the vnetd proxy connections are active, examine the log files of the connecting and accepting processes