故障:
无法连接客户端58异常,报错信息
12:41:37.116 [547] <16> bptestbpcd main: Function ConnectToBPCD(win2008r2) failed: 7641
<16>bptestbpcd main: Failed to find a common CA Root for secure handshake
12:41:37.133 [547] <16> bptestbpcd main: Failed to find a common CA Root for secure handshake
<2>bptestbpcd: Failed to find a common CA Root for secure handshake
12:41:37.133 [547] <2> bptestbpcd: Failed to find a common CA Root for secure handshake
<2>bptestbpcd: EXIT status = 7641
12:41:37.133 [547] <2> bptestbpcd: EXIT status = 7641
<16>bptestbpcd main: Failed to find a common CA Root to complete secure handshake: Connector CAs(["ca9b0a11-1278-47dd-8e53-27f14df07b42"]), Acceptor CAs(NULL).: 7641
解决方案:
C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getCACertificate -server nbubak01
Authenticity of root certificate cannot be established.
The SHA1 fingerprint of root certificate is 23:7C:EC:F5:81:26:9B:C7:24:C9:9F:CF:
C8:8C:74:F0:1B:7A:15:5C.
Are you sure you want to continue using this certificate ? (y/n): y
The validation of root certificate fingerprint is successful.
CA certificate stored successfully from server nbu8.
C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -displayCACertDetail -server nbubak01
CA Certificate received successfully from server nbubak01.
Subject Name : /CN=nbatd/OU=root@nbubak01/O=vx
Start Date : Aug 04 03:51:03 2018 GMT
Expiry Date : Jul 30 05:06:03 2038 GMT
SHA1 Fingerprint : 23:7C:EC:F5:81:26:9B:C7:24:C9:9F:CF:C8:8C:74:F0:1B:7A:15:5C
CA Certificate State : Trusted
C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -hostselfcheck -server nbubak01
Unable to read CRL for server = nbubak01, error = 5949.
Unable to read certificate.
EXIT STATUS 5949: Certificate does not exist.
C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -getcertificate -server nbubak01
Host certificate and certificate revocation list received successfully from server nbubak01
C:\Program Files\Veritas\NetBackup\bin>bpclntcmd -pn
expecting response from server nbubak01
WIN2008R2 win2008r2 192.168.11.9 62092
C:\Program Files\Veritas\NetBackup\bin>nbcertcmd -hostselfcheck -server nbubak01
Certificate is not revoked.
新客户添加验证
[root@api171 ~]# nbcertcmd -getCACertificate -server nbu-master1
Authenticity of root certificate cannot be established.
The SHA1 fingerprint of root certificate is 22:7D:D7:78:CB:CC:89:BC:E8:57:46:18:3E:91:17:64:C8:05:D8:0F.
Are you sure you want to continue using this certificate ? (y/n): y
The validation of root certificate fingerprint is successful.
[root@api171 ~]# nbcertcmd -hostselfcheck -server nbu-master1
Failed to retrieve the CA usage information of the host with respect to the specified server = nbu-master1
EXIT STATUS 8765: The host does not have any security certificate configured with respect to this master server.
[root@api171 ~]# nbcertcmd -getCertificate -token -server nbu-master1 #部署token,故障恢复
Authorization Token:
[root@api171 ~]# nbcertcmd -hostselfcheck -server nbu-master1
NetBackup CA-signed certificate verification status:
----------------------------------------------------
Certificate is not revoked