Tomcat and nbwebsvc certificates are not renewed even though the hotfix in article 100044601 was applied.
Problem
You may observe the issue reported in Article 100044601 reoccurring after the hotfixes were installed.
The associated EEB's are:
NetBackup 8.1 Hotfix - Etrack 3966961
NetBackup 8.1.2 / 3.1.2 Hotfix - Etrack 3967638
NetBackup 8.0 / 3.0 Hotfix - Etrack 3967584
NetBackup 8.1.1 / 3.1.1 Hotfix - Etrack 3967620
Error Message
When the certificate expire, the following errors appear depending on the situation:
- A backup job fails with Status 8506: The certificate has expired.
- NetBackup Administration Console fails to login to the Master Server with Status 7656: Certificate Revocation List is out of date.
- "nbcertcmd -getCertificate -force" fails with Status 8625: Server is unavailable to process the request. Please try later.
Cause
The installation of the hotfix will update the file security.war (8.1 and earlier) or netbackup.war (8.1.1 and later) in order to resolve the issue.
If "configureWmc" is run after the hotfix was installed, the above files revert back to their original versions, which will make it as if the hotfix had never been applied. The paths to configureWmc are found here:
UNIX / Linux:
/usr/openv/wmc/bin/install/configureWmc
Windows:
<Install_Path>\NetBackup\wmc\bin\install\configureWmc
Solution
The version of the .war files can usually be returned to the hotfixed state by uninstalling and reinstalling the EEB. Note that it is expected that a checksum error will appear in regards to the .war file.
If uninstallation and re-installation of the EEB fails to return the .war to the correct state, you can recover the .war file with the step below:
1. Stop NetBackup services.
UNIX/Linux: /usr/openv/netbackup/bin/bp.kill_all
Windows: <install_path>\NetBackup\bin\bpdown
2. Extract the war files from the EEB without installing it by using the "-extractonly" option.
The current directory will be used if a path is not specified.
Example: UNIX/Linux: eebinstaller_3967638_1_linuxR_x86 -extractonly [PATH]
Windows: eebinstaller_3967638_1_AMD64.exe -extractonly [PATH]
The eebinstaller for the EEB's can be found at these locations:
UNIX/Linux: /usr/openv/pack/EEB/
Windows: <install_path>\Patch\EEB
3. Confirm that the extracted war files exist under the following path.
-- for NetBackup 8.0 and 8.1 --
UNIX/Linux: [PATH]/wmc/webserver/webapps_api/security.war
Windows: [PATH]\Netbackup\wmc\webserver\webapps_api\security.war
-- for NetBackup 8.1.1 and 8.1.2 --
UNIX/Linux: [PATH]/wmc/webserver/webapps_api/netbackup.war
Windows: [PATH]\Netbackup\wmc\webserver\webapps_api\netbackup.war
4. Replace the following war files by the file extracted in step 3.
-- for NetBackup 8.0 and 8.1 --
UNIX/Linux: /usr/openv/wmc/webserver/webapps_api/security.war
Windows: <install_path>\NetBackup\wmc\webserver\webapps_api\security.war
-- for NetBackup 8.1.1 and 8.1.2 --
UNIX/Linux: /usr/openv/wmc/webserver/webapps_api/netbackup.war
Windows: <install_path>\NetBackup\wmc\webserver\webapps_api\netbackup.war
5. Start NetBackup services.
UNIX/Linux: /usr/openv/netbackup/bin/bp.start_all
Windows: <install_path>\NetBackup\bin\bpup
Related articles
nbcheck reports tomcat_certificates failure during NetBackup upgrade
"binary operator expected" while troubleshooting NetBackup Web Management Console
STATUS 5969 Web Management Console service could not be parsed
nbcheck reports java_key_store failed during NetBackup upgrade
Web services fail to start during a master server installation on HPUX
Netbackup Web Management Service is not starting
Related Etrack
NetBackup 8.0 / 3.0 Hotfix - Certificates not renewed automatically (Etrack 3967584)
Related Knowledge Base Articles
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.