NetBackup™ Troubleshooting Guide

Last Published:
Product(s): NetBackup & Alta Data Protection (10.5)
  1. Introduction
    1.  
      Additional resources on NetBackup logging and status code information
    2.  
      Troubleshooting a problem
    3.  
      Problem report for Technical Support
    4.  
      About gathering information for NetBackup-Java applications
  2. Troubleshooting procedures
    1.  
      About troubleshooting procedures
    2. Troubleshooting NetBackup problems
      1.  
        Verifying that all processes are running on UNIX or Linux servers
      2.  
        Verifying that all processes are running on Windows servers
    3.  
      Troubleshooting installation problems
    4.  
      Troubleshooting configuration problems
    5.  
      Device configuration problem resolution
    6.  
      Testing the primary server and clients
    7.  
      Testing the media server and clients
    8.  
      Resolving network communication problems with UNIX clients
    9.  
      Resolving network communication problems with Windows clients
    10. Troubleshooting vnetd proxy connections
      1.  
        vnetd proxy connection requirements
      2.  
        Where to begin to troubleshoot vnetd proxy connections
      3.  
        Verify that the vnetd process and proxies are active
      4.  
        Verify that the host connections are proxied
      5.  
        Test the vnetd proxy connections
      6.  
        Examine the log files of the connecting and accepting processes
      7.  
        Viewing the vnetd proxy log files
    11. Troubleshooting security certificate revocation
      1.  
        Troubleshooting cloud provider's revoked SSL certificate issues
      2.  
        Troubleshooting cloud provider's CRL download issues
      3.  
        How a host's CRL affects certificate revocation troubleshooting
      4.  
        NetBackup job fails because of revoked certificate or unavailability of CRLs
      5.  
        NetBackup job fails because of apparent network error
      6.  
        NetBackup job fails because of unavailable resource
      7.  
        Primary server security certificate is revoked
      8.  
        Determining a NetBackup host's certificate state
      9.  
        Troubleshooting issues with external CA-signed certificate revocation
    12.  
      About troubleshooting networks and host names
    13. Verifying host name and service entries in NetBackup
      1.  
        Example of host name and service entries on UNIX primary server and client
      2.  
        Example of host name and service entries on UNIX primary server and media server
      3.  
        Example of host name and service entries on UNIX PC clients
      4.  
        Example of host name and service entries on UNIX server that connects to multiple networks
    14.  
      About the bpclntcmd utility
    15.  
      Using the Host properties to access configuration settings
    16.  
      Resolving full disk problems
    17. Frozen media troubleshooting considerations
      1.  
        Logs for troubleshooting frozen media
      2.  
        About the conditions that cause media to freeze
    18. Troubleshooting problems with the NetBackup web services
      1.  
        Viewing NetBackup web services logs
      2.  
        Troubleshooting web service issues after external CA configuration
    19.  
      Troubleshooting problems with the NetBackup web server certificate
    20. Resolving PBX problems
      1.  
        Checking PBX installation
      2.  
        Checking that PBX is running
      3.  
        Checking that PBX is set correctly
      4.  
        Accessing the PBX logs
      5.  
        Troubleshooting PBX security
      6.  
        Determining if the PBX daemon or service is available
    21. Troubleshooting problems with validation of the remote host
      1.  
        Viewing logs pertaining to host validation
      2.  
        Enabling insecure communication with NetBackup 8.0 and earlier hosts
      3.  
        Approving pending host ID-to-host name mappings
      4.  
        Clearing host cache
    22. Troubleshooting Auto Image Replication
      1.  
        Rules for primary servers used with Auto Image Replication and SLPs
      2. Targeted A.I.R. trusted primary server operation failed in case of external certificate configuration
        1.  
          Add or update trust
        2.  
          Remove trust
      3.  
        About troubleshooting automatic import jobs that SLP components manage
    23.  
      Troubleshooting network interface card performance
    24.  
      About SERVER entries in the bp.conf file
    25.  
      About unavailable storage unit problems
    26.  
      Resolving a NetBackup Administration operations failure on Windows
    27.  
      Resolving garbled text displayed in NetBackup Administration Console on a UNIX computer
    28.  
      Troubleshooting error messages in the NetBackup web UI and the NetBackup Administration Console
    29.  
      Extra disk space required for logs and temporary files for the NetBackup Administration Console
    30.  
      Unable to logon to the NetBackup Administration Console after external CA configuration
    31.  
      Troubleshooting file-based external certificate issues
    32.  
      Troubleshooting issues with external certificate configuration
    33.  
      Troubleshooting Windows certificate store issues
    34.  
      Troubleshooting backup failures
    35.  
      Troubleshooting backup failure issues with NAT clients or NAT servers
    36.  
      Troubleshooting issues with the NetBackup Messaging Broker (or nbmqbroker) service
    37.  
      Troubleshooting issues with email notifications for Windows systems
    38.  
      Troubleshooting issues with KMS configuration
    39.  
      Troubleshooting issues with initiating the NetBackup CA migration because of large key size
    40.  
      Troubleshooting issues with the non-privileged user (service user) account
    41.  
      Troubleshooting issues with group name format in the auth.conf file
    42.  
      Troubleshooting the VxUpdate add package process
    43.  
      Troubleshooting issues with FIPS mode
    44.  
      Troubleshooting issues with malware scanning
    45.  
      Troubleshooting issues with NetBackup jobs that are enabled for data-in-transit encryption
    46.  
      Troubleshooting issues with Unstructured Data Instant Access
    47.  
      Troubleshooting issues with multifactor authentication
    48.  
      Troubleshooting issues with multi-person authorization
    49.  
      Troubleshooting connections to the NetBackup Scale-Out Relational Database
    50.  
      Troubleshooting issues with private key encryption
    51.  
      Troubleshooting issues with the security configuration risk feature
  3. Using NetBackup utilities
    1.  
      About NetBackup troubleshooting utilities
    2.  
      About the analysis utilities for NetBackup debug logs
    3.  
      About the Logging Assistant
    4.  
      About network troubleshooting utilities
    5. About the NetBackup support utility (nbsu)
      1.  
        Output from the NetBackup support utility (nbsu)
      2.  
        Example of a progress display for the NetBackup support utility (nbsu)
    6. About the NetBackup consistency check utility (NBCC)
      1.  
        Output from the NetBackup consistency check utility (NBCC)
      2.  
        Example of an NBCC progress display
    7.  
      About the NetBackup consistency check repair (NBCCR) utility
    8.  
      About the nbcplogs utility
    9. About the robotic test utilities
      1.  
        Robotic tests on UNIX
      2.  
        Robotic tests on Windows
    10. About the NetBackup Smart Diagnosis (nbsmartdiag) utility
      1.  
        Workflow to use the nbsmartdiag utility for NetBackup host communication
    11.  
      About log collection by job ID
  4. Disaster recovery
    1.  
      About disaster recovery
    2.  
      Recommended backup practices
    3.  
      Requirements and notes for disaster recovery
    4.  
      Disaster recovery packages
    5.  
      About disaster recovery settings
    6. About disk recovery procedures for UNIX and Linux
      1. About recovering the primary server disk on Linux
        1.  
          Recovering the primary server when root is intact
        2.  
          Recovering the primary server when the root partition is lost
      2.  
        About recovering the NetBackup media server disk for UNIX
      3.  
        Recovering the system disk on a UNIX client workstation
    7. About clustered NetBackup server recovery for UNIX and Linux
      1.  
        Replacing a failed node on a UNIX or Linux cluster
      2.  
        Recovering the entire UNIX or Linux cluster
    8. About disk recovery procedures for Windows
      1. About recovering the primary server disk for Windows
        1.  
          Recovering the primary server with Windows intact
        2.  
          Recovering the primary server and Windows
      2.  
        About recovering the NetBackup media server disk for Windows
      3.  
        Recovering a Windows client disk
    9. About clustered NetBackup server recovery for Windows
      1.  
        Replacing a failed node on a Windows VCS cluster
      2.  
        Recovering the shared disk on a Windows VCS cluster
      3.  
        Recovering the entire Windows VCS cluster
    10.  
      Generating a certificate on a clustered primary server after disaster recovery installation
    11.  
      About the DR_PKG_MARKER_FILE environment variable
    12.  
      Restoring the disaster recovery package on Windows
    13.  
      Restoring the disaster recovery package on Linux
    14. Options to recover the NetBackup catalog
      1. Prerequisites for recovering the NetBackup catalog or NetBackup catalog image files
        1.  
          Establishing a connection with NAT media server before catalog recovery
      2.  
        About NetBackup catalog recovery on Windows computers
      3.  
        About NetBackup catalog recovery from disk devices
      4.  
        About NetBackup catalog recovery and symbolic links
      5.  
        NetBackup disaster recovery email example
      6. About recovering the entire NetBackup catalog
        1.  
          Recovering the entire NetBackup catalog using the NetBackup catalog recovery wizard
        2.  
          Recovering the entire NetBackup catalog using bprecover -wizard
        3.  
          Specifying the NetBackup job ID number after a catalog recovery
      7. About recovering the NetBackup catalog image files
        1.  
          Recovering the NetBackup catalog image files using the NetBackup catalog recovery wizard
        2.  
          Recovering the NetBackup catalog image files using bprecover -wizard
      8. About recovering the NetBackup databases
        1.  
          Recovering the NetBackup database from a backup
        2.  
          Recovering the NetBackup database from staging
        3.  
          About processing the NetBackup database in staging
        4.  
          Terminating database connections
      9.  
        Recovering the NetBackup catalog when NetBackup Access Control is configured
      10.  
        Recovering the NetBackup catalog from a nonprimary copy of a catalog backup
      11.  
        Recovering the NetBackup catalog without the disaster recovery file
      12.  
        Recovering a NetBackup user-directed online catalog backup from the command line
      13.  
        Restoring files from a NetBackup online catalog backup
      14.  
        Unfreezing the NetBackup online catalog recovery media
      15.  
        Steps to carry out when you see exit status 5988 during catalog recovery

Troubleshooting issues with multifactor authentication

This topic provides information on troubleshooting issues that are specific to multifactor authentication in NetBackup.

For more information on multifactor authentication, see the NetBackup Web UI Administrator's Guide.

Table:

Sr. No.

Issue

Possible reason

Resolution

1.

You attempt to log in to the NetBackup web UI but instead you land on the page to configure multifactor authentication.

NetBackup administrator has enforced multifactor authentication in the domain, however you have not configured it for your user account.

As multifactor authentication is enforced, you must configure multifactor authentication for your user account.

2.

During multifactor authentication configuration, you are not able to scan the QR code using multifactor authentication configuration UI.

There maybe some issue with the QR code or the QR code scanner.

If you are not able to scan the QR code from the multifactor authentication configuration UI, you can copy or see the secret key, and can manually insert the secret key in the authenticator application.

3.

During multifactor authentication configuration, the user is not able to see or copy the secret key from the multifactor authentication configuration UI.

There maybe some issue with the hide / show option or the copy option in the UI.

From the authenticator application, you can scan the QR code.

4.

During configuration of multifactor authentication, after specifying the correct one-time password and clicking Configure, the following error is displayed:

Failed to validate one-time password.

There is a time difference between your handheld device and the NetBackup primary server or the specified one-time password is wrong.

Ensure that the time of your handheld device matches that of the primary server.

Enter the correct one-time password before it expires.

5.

During multifactor authentication configuration, when you scan the QR code and try to overwrite the existing security information in the authenticator application, an error is displayed.

Authenticator application is not able to overwrite the security information.

Before scanning the QR code, ensure that a duplicate entry is not present.

6.

If multifactor authentication is configured, but the security entry in the authentication application is not present. As a result, you cannot see the one-time password and cannot authenticate.

One-time password cannot be generated in the authenticator application. The smart device is lost.

You must contact the NetBackup administrator to reset your multifactor authentication configuration.

After the successful reset, reconfigure multifactor authentication for your user account.

7.

You are a NetBackup administrator and have configured multifactor authentication for your own user account, however one-time password is not available.

Security information is deleted from the authenticator application or the handheld device is lost.

You can request another administrator to reset your multifactor authentication configuration and then you can reconfigure multifactor authentication for your user account.

Alternatively, you can request the OS Administrator to reset your multifactor authentication configuration using the following command:

nbseccmd -resetMFA -userinfo <domain type>:<domain name>:<user name>

8.

The bpnbat -login CLI shows the following error:

AT authentication failed

You have configured multifactor authentication for your user account, however the login type 'AT' does not support multifactor authentication.

Use the bpnbat -login -logintype WEB command if multifactor authentication is configured for your user account.

It is recommended that you use the interactive mode (bpnbat -login (-Interactive | -i )) to login if multifactor authentication is configured.

9.

You have not configured multifactor authentication for your user account and bpnbat -login fails.

NetBackup administrator must have enforced multifactor authentication for all users in the domain.

If multifactor authentication is enforced, you have to configure it for your user account and run the bpnbat -login (-Interactive | -i ) command to login.

10.

During the bpnbat -login operation, you have specified the correct username and password to logon to the NetBackup host that is earlier than 10.3, but authentication fails.

You have configured multifactor authentication for your user account.

You must provide the one-time password after the password when you run the bpnbat -login command.

11.

During the bpnbat -login operation, the cred file (-cf ) is used, but login failed.

You have configured multifactor authentication for your user account.

You must use the bpnbat -login (-Interactive | -i ) command to login when the cred file is used.

12.

During bpnbat -login, you have provided the correct user name, password, and one-time password, but authentication failed.

There is a time difference between your handheld device and the NetBackup primary server or the specified one-time password is wrong.

Ensure that the time of your handheld device matches that of the primary server.

Enter the correct one-time password before it expires.

13.

During the NetBackup Administration Console login, the following error is displayed: "Failed to check whether multifactor authentication is enabled for the user account or not."

The web service is down or the it is unable to process the request.

Ensure that the web service up and running. Check the following logs:

bpjava logs: /usr/openv/netbackup/logs/bpjava-msvc

web service logs: /usr/openv/logs/nbwebservice

14.

During the NetBackup Administration Console login, the following error is displayed even when the correct username and password are specified: "Invalid username or password."

You have configured multifactor authentication for your user account.

You should provide the one-time password after the password.

15.

In the NetBackup Administration Console, the following error is displayed:

Failed to validate the one-time password.

There is a time difference between your handheld device and the NetBackup primary server or the specified one-time password is wrong.

Ensure that the time of your handheld device matches that of the primary server.

Enter the correct one-time password before it expires.

16.

When setting up trust between NetBackup primary server using nbseccmd, authentication failed.

You have configured multifactor authentication for your user account.

You should provide the one-time password after the password.

17.

The nbdeployutil --gather command failed for one or more primary servers.

You have configured multifactor authentication for your user account in a failed primary server.

Run the following command:

Run the nbdeployutil --gather CLI with the --apikey-file option.

The format of apikey key file should be NetBackup Primary hostname : APIKey For multiple NetBackup domains, ensure that apikeys are provided for all primary server hosts.

18.

When setup trust between primary servers fails from the NetBackup web UI, NetBackup Administration Console, or nbseccmd CLI

You have configured multifactor authentication for your user account.

If the user account is configured for multifactor authentication on the target host, append appropriate one-time password to the password.

19.

The following error is displayed when you use the validate OTP API:

The multifactor authentication request ID does not exist.

The specified request ID does not exist.

Specify a valid request ID while using the validate OTP API.

20.

The following error is displayed when you use the validate OTP API:

The multifactor authentication request is not valid.

The JWT token that is used for the subsequent API call is different than the earlier one.

Use the same JWT token for both the API calls.

21.

The following error is displayed when you change the NetBackup configuration:

The configuration cannot be changed using this host.

Multifactor authentication is configured for the user account, however this host does not support multifactor authentication.

Use the NetBackup web UI to perform the operation.

22.

The following error is displayed when you execute the nbcertcmd or nbseccmd command:

EXIT STATUS 3676: invalid error number

Multifactor authentication is configured for the user account, however this host does not support multifactor authentication.

Use the NetBackup web UI to perform the operation.

28.

The following error is displayed while you modify global security settings, create API keys, or run the nbcertcmd or nbseccmd command:

The multifactor authentication request has timed out.

There was a delay in entering the one-time password.

During multifactor authentication, ensure that you enter the one-time password within 180 seconds.

When you use APIs, ensure that you call the successive 'validate OTP' API within 180 seconds.