NetBackup™ Troubleshooting Guide
- Introduction
- Troubleshooting procedures
- Troubleshooting NetBackup problems
- Troubleshooting vnetd proxy connections
- Troubleshooting security certificate revocation
- Verifying host name and service entries in NetBackup
- Frozen media troubleshooting considerations
- Troubleshooting problems with the NetBackup web services
- Resolving PBX problems
- Troubleshooting problems with validation of the remote host
- Troubleshooting Auto Image Replication
- Using NetBackup utilities
- About the NetBackup support utility (nbsu)
- About the NetBackup consistency check utility (NBCC)
- About the robotic test utilities
- About the NetBackup Smart Diagnosis (nbsmartdiag) utility
- Disaster recovery
- About disk recovery procedures for UNIX and Linux
- About clustered NetBackup server recovery for UNIX and Linux
- About disk recovery procedures for Windows
- About clustered NetBackup server recovery for Windows
- About recovering the NetBackup catalog
- About NetBackup catalog recovery
- About recovering the entire NetBackup catalog
- About recovering the NetBackup catalog image files
- About recovering the NetBackup databases
Determining a NetBackup host's certificate state
You can determine the state of a NetBackup certificate: Active or Revoked. Doing so may help troubleshoot connection and communication problems. Three methods exist to determine a certificate state, as follows:
Verify a host certificate from the host itself | The method uses the NetBackup nbcertcmd command. |
Verify a host certificate from a NetBackup server | The method uses the NetBackup bptestbpcd command. See “To verify from a NetBackup server if a different host's certificate is revoked”. |
Verify a host certificate from the NetBackup Administration Console |
To verify the host's certificate state from the host
- Optionally, on the NetBackup host run the following command as an administrator to get the most recent certificate revocation list:
UNIX: /usr/openv/netbackup/bin/nbcertcmd -getCRL [-server primary_server_name]
Windows: install_path\NetBackup\bin\nbcertcmd -getCRL [-server primary_server_name]
To get a CRL from a NetBackup domain other than the default, specify the -server primary_server_name option and argument.
- On the NetBackup host, run the following command as an administrator:
UNIX: /usr/openv/netbackup/bin/nbcertcmd -hostSelfCheck [-cluster] [-server primary_server_name]
Windows: install_path\NetBackup\bin\nbcertcmd -hostSelfCheck [-cluster] [-server primary_server_name]
Use one or both of the following options if necessary:
-cluster
Use this option on the active node of a NetBackup primary server cluster to verify the certificate of the virtual host.
-server
Use this option with the primary_server_name argument to verify a certificate from a primary server other than the default.
- Examine the command output. The output indicates that either the certificate is or is not revoked.
To verify from a NetBackup server if a different host's certificate is revoked
- As an administrator on the NetBackup primary server or a NetBackup media server, run the following command:
UNIX: /usr/openv/netbackup/bin/admincmd/bptestbpcd - host hostname -verbose
Windows: install_path\NetBackup\bin\bptestbpcd - host hostname -verbose
For - host hostname, specify the host for which you want to verify the certificate.
- Examine the command output. If the certificate on the specified host is revoked, the command output includes the string The Peer Certificate is revoked. If the command output does not include that string, the certificate is valid.
To verify a host's certificate
- On the left pane, select Certificates under Security.
- Click the certificate name to examine the status of the certificate.
You can determine the state of an external CA-signed host certificate: Active or Revoked. Doing so may help troubleshoot connection and communication problems.
Two methods exist to determine a certificate state, as follows:
Verify a host certificate from the host itself | |
Verify a host certificate from a NetBackup server | See “To verify from a NetBackup server if a different host's certificate is revoked”. |
To verify a host certificate from the host itself
- Refresh the CRLs in the NetBackup CRL cache.
See Troubleshooting issues with external CA-signed certificate revocation.
- On the NetBackup host, run the following command as an administrator:
UNIX: /usr/openv/netbackup/bin/nbcertcmd -hostSelfCheck [-cluster]
Windows: install_path\NetBackup\bin\nbcertcmd -hostSelfCheck [-cluster]
Use the -cluster option on the active node of a clustered primary server to verify the certificate of the virtual name.
- Examine the command output. The output indicates whether the certificate is revoked or not.
To verify from a NetBackup server if a different host's certificate is revoked
- As an administrator on the NetBackup primary server or a NetBackup media server, run the following command:
UNIX: /usr/openv/netbackup/bin/admincmd/bptestbpcd -host hostname -verbose
Windows: install_path\NetBackup\bin\bptestbpcd -host hostname -verbose
For -host hostname, specify the host for which you want to verify the certificate.
- Examine the command output. If the certificate on the specified host is revoked, the command output includes the string 'The Peer Certificate is revoked'. If the command output does not include that string, the certificate is valid.