Problem
Post migration, discovery failing for snapshot manager
Error Message
[Debug] NB 51216 ncfcloudpi 497 PID:6720 TID:356 File ID:366 [No context] 2 [nbdiscover] CPResiliency: CPResiliency::checkResponseJSON:Json string {
"msg": "Failed to verify certificate signature.",
"errMsg": "Failed to verify certificate signature.",
"httpStatusCode": 401,
"type": "error"
}
Cause
CA certificate on the snapshot manager and the target NetBackup primary server are not matching
Solution
- Run the following commands on the target primary server to make sure certificates are up to date:
/usr/openv/netbackup/bin/nbcertcmd -getCACertificate
/usr/openv/netbackup/bin/nbcertcmd -getCertificate -force - Run the following commands to list the CA certificate present on the target Primary server:
a) /usr/openv/netbackup/bin/nbcertcmd -displayCACertDetail
One certificate will be listed here.
example:
CA Certificate received successfully from server PrimaryServerName.
Subject Name : /CN=nbatd/OU=root@PrimaryServerName/O=vx
Start Date : Apr 03 11:40:28 2025 GMT
Expiry Date : Mar 29 12:55:28 2045 GMT
SHA-1 Fingerprint : 59:93:F8:E2:B1:41:A9:5D:67:01:A8:00:B2:A7:1E:14:47:92:30:F8
SHA-256 Fingerprint : 81:4E:7C:99:5B:B4:80:A4:AC:52:F7:61:82:9B:E0:5F:B4:96:BB:86:0F:D0:16:87:B1:F1:3A:07:12:FB:FC:2F
CA Certificate State : Trusted
Key Strength : 2048
Subject Key Identifier : 13:CB:CE:2F:5A:A9:FB:C6:02:F5:8C:6D:9E:D5:1A:9A:4F:6E:74:BD
b) /usr/openv/netbackup/bin/nbcertcmd -listCACertdetails
Two certificates should be listed here.
example:
Subject Name : /CN=nbatd/OU=root@PrimaryServerName/O=vx
Start Date : Apr 03 11:40:28 2025 GMT
Expiry Date : Mar 29 12:55:28 2045 GMT
SHA-1 Fingerprint : 59:93:F8:E2:B1:41:A9:5D:67:01:A8:00:B2:A7:1E:14:47:92:30:F8
SHA-256 Fingerprint : 81:4E:7C:99:5B:B4:80:A4:AC:52:F7:61:82:9B:E0:5F:B4:96:BB:86:0F:D0:16:87:B1:F1:3A:07:12:FB:FC:2F
Key Strength : 2048
Subject Key Identifier : 13:CB:CE:2F:5A:A9:FB:C6:02:F5:8C:6D:9E:D5:1A:9A:4F:6E:74:BD
Subject Name : /CN=nbatd/OU=root@PrimaryServerName/O=vx
Start Date : Apr 08 10:54:36 2025 GMT
Expiry Date : Apr 03 12:09:36 2045 GMT
SHA-1 Fingerprint : 28:E4:CB:BF:96:43:E0:21:2B:F7:56:0F:C8:48:66:C3:12:85:2E:EA
SHA-256 Fingerprint : C1:29:CE:D5:FD:D5:01:8B:A3:A4:38:E5:E5:8B:E4:1A:0E:F2:07:40:1E:F1:19:E0:A7:0C:7B:38:9D:B1:F4:79
Key Strength : 2048
Subject Key Identifier : AB:75:FF:BF:A0:74:29:D2:5C:D6:A3:34:90:9A:72:3B:E7:5B:03:E2
Note down the SHA-1 fingerprint of the CA Certificate that is not present in the output of 2.a
example:
28:E4:CB:BF:96:43:E0:21:2B:F7:56:0F:C8:48:66:C3:12:85:2E:EA
- Remove the CA whose fingerprint is noted in 2.b:
/usr/openv/netbackup/bin/nbcertcmd -removeCACertificate -fingerPrint <certificate_fingerprint>
Where:
<certificate_fingerprint> is the fingerprint noted in 2.b - Restart NetBackup services on the target primary server.
- Run the discovery for the snapshot manager.
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.