Test the vnetd proxy connections
The NetBackup command that you use to test the vnetd proxy connections differs between a server and a client.
To test connections from a NetBackup 8.1 or later server to another NetBackup 8.1 or later host, you can use the NetBackup bptestbpcd command with the -verbose option. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of the status codes.
The following example shows a successful connection test from a NetBackup media server named connect-host.example.com to a media server named accept-host.example.com:
# bptestbpcd -host accept-host.example.com -verbose 1 1 1 127.0.0.1:43697 -> 127.0.0.1:58089 PROXY 10.80.97.186:47054 -> 10.80.97.140:1556 127.0.0.1:52061 -> 127.0.0.1:58379 PROXY 10.80.97.186:37522 -> 10.80.97.140:1556 LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx LOCAL_CERT_SUBJECT_COMMON_NAME = a753da9b-b1ff-4a5f-b57d-69a4e2b47e29 PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4 PEER_NAME = connect-host.example.com HOST_NAME = accept-host.example.com CLIENT_NAME = accept-host.example.com VERSION = 0x08100000 PLATFORM = linuxR_x86_2.6.18 PATCH_VERSION = 8.1.0.0 SERVER_PATCH_VERSION = 8.1.0.0 MASTER_SERVER = primary.example.com EMM_SERVER = primary.example.com NB_MACHINE_TYPE = MEDIA_SERVER SERVICE_TYPE = VNET_DOMAIN_CLIENT_TYPE PROCESS_HINT = 7157d866-8eb2-45bb-bde8-486790c0b40c
Conversely, the following example shows a connection test to the same media server that fails after its security certificate was revoked:
# bptestbpcd -host accept-host.example.com -verbose <16>bptestbpcd main: Function ConnectToBPCD(accept-host.example.com) failed: 7653 <16>bptestbpcd main: The Peer Certificate is revoked <16>bptestbpcd main: The certificate of the host that you want to connect to is revoked. Revocation Reason Code : 0 Revocation Time : 1502637798: 7653 The Peer Certificate is revoked
NetBackup hosts must have a valid host ID-based security certificate and a valid certificate revocation list so they can communicate with other NetBackup hosts. The lack of either prevents communication. In this case, you can look up status code 7653 to find the explanation for and recommended action to recover from the error.
On a NetBackup 8.1 or later client, you can use the NetBackup bpclntcmd command to test the connection to the primary server. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of status codes. The following is the command syntax:
Windows:
install_path\\NetBackup\bin\bpclntcmd -pn -verbose
UNIX:
/usr/openv/netbackup/bin/bpclntcmd -pn -verbose
The following example shows a successful response to the bpclntcmd command:
# bpclntcmd -pn -verbose expecting response from server primary.example.com 127.0.0.1:52704 -> 127.0.0.1:33510 PROXY 10.80.97.186:40348 -> 10.80.97.157:1556 LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx LOCAL_CERT_SUBJECT_COMMON_NAME = 7157d866-8eb2-45bb-bde8-486790c0b40c PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4 PEER_IP = 10.80.97.186 PEER_PORT = 40348 PEER_NAME = connect-host.example.com POLICY_CLIENT = *NULL* Old Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint New Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint 7157d866-8eb2-45bb-bde8-486790c0b40c
Conversely, the following example shows a response to the bpclntcmd command on a NetBackup client that has a revoked certificate:
# bpclntcmd -pn -verbose
Unable to perform peer host name validation. Curl error has occurred for peer name:
primary.example.com, self name: connect-host: 0
[PROXY] Encountered error (VALIDATE_PEER_HOST_PROTOCOL_RUNNING) while processing
(ValidatePeerHostProtocol).: 1
Can't connect to host primary.example.com: cannot connect on socket (25)If the vnetd proxy connections are active, examine the log files of the connecting and accepting processes