Troubleshooting backup failures
Backup fails with the following peer host validation error: Certificate operation failed because NetBackup CA certificates cannot be used for host communication in the domain.
Possible reasons for the failure are:
The primary server (web server) is configured to use only external CA-signed certificates, but the media server or the clients are not configured to use external certificates. Their external certificates are not enrolled with the primary server domain.
The primary server (web server) is configured to use only external CA-signed certificates, but the media server or the clients are still not upgraded to 8.2 or later.
Check the primary server certificate authority (CA) configuration using the nbcertcmd -getsecconfig -caUsage command, the NetBackup Web UI.
If the web server is configured to use only external certificates, do the following:
Identify the two hosts for which the communication fails.
Check if any of the two hosts is 8.2 or later, but is not configured to use external certificates.
If it is true, enroll an external certificate for the host with the primary server domain.
Check if any of the two hosts is 8.1.x.
If it is true, upgrade the host to 8.2 or later and enroll an external certificate for the host with the primary server domain or configure the web server to use both external and NetBackup certificates.
Clear the cache memory on the hosts using the following command:
bpclntcmd -clear_host_cache
Check vnet proxy logs at: install_path/logs/nbpxyhelper.
Check the web service logs at: install_path/logs/nbwebservice