Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Security and Encryption Guide
  5. Section I. Identity and access management
  7. NetBackup Access Control Security (NBAC)
  9. Troubleshooting Access Management
  11. Windows verification points
  13. Media server verification points for Windows
NetBackup™ Security and Encryption Guide

Media server verification points for Windows

The following topics describe the media server verification procedures for Windows:

  • Verify the media server.

  • Verify that the server has access to the authorization database.

  • Unable to load library message

The following table describes the media server verification procedures for Windows.

Table: Media server verification procedures for Windows

Procedure

Description

Verify the media server

To determine which authentication broker the media server is authenticated against, run bpnbat -whoami with -cf for the media server's credential file. The server credentials are located in the c:\Program Files\Veritas\Netbackup\var\vxss\credentials\... directory.

For example:

   bpnbat -whoami -cf "c:\Program 
   Files\Veritas\Netbackup\var\vxss\credentials\
    win_media.company.com"
   Name: win_media.company.com
   Domain: NBU_Machines@win_primary.company.com
   Issued by: /CN=broker/OU=root@win_primary.company.com/
    O=vx
   Expiry Date: Oct 31 20:11:40 2007 GMT
   Authentication method: Veritas Private Security
   Operation completed successfully.

If the domain listed is not NBU_Machines@win_primary.company.com, consider running bpnbat -addmachine for the name in question (win_media). This command is run on the computer with the authentication broker that serves the NBU_Machines domain (win_primary).

Then, on the computer where we want to place the certificate (win_media), run:

bpnbat -loginmachine

Verify that the server has access to the authorization database

To make sure that the media server is able to access the authorization database as it needs, run bpnbaz -ListGroups -CredFile "machine_credential_file"

For example:

   bpnbaz -ListGroups -CredFile "C:\Program 
   Files\Veritas\NetBackup\var\vxss\credentials\
    win_media.company.com"
   NBU_Operator
   NBU_Admin
   NBU_SAN Admin
   NBU_User
   NBU_Security Admin
   Vault_Operator
   Operation completed successfully.

If this command fails, run bpnbaz -AllowAuthorization on the primary server that is the authorization server (win_primary.company.com).

Unable to load library message

Verify the media server and that it has access to the proper database. This verification indirectly informs you that the NetBackup Authentication and Authorization client libraries for both authentication and authorization are properly installed. If either of these procedures fail with a message "unable to load libraries": Check to make certain the authentication client libraries and authorization client libraries are installed.

You may also verify that the authentication domains are correct by viewing the access control host properties for this media server.

Feedback

Was this page helpful?
Previous

Primary server verification points for Windows

Next

Client verification points for Windows

Feedback

Was this page helpful?