About NetBackup secure communication logging
NetBackup logs information for secure communication of control-type functions between NetBackup hosts. These functions include command execution and the starting processes that are required to initiate a backup or restore. Currently, these processes do not include the bpbkar or tar data transfer. The hosts must have a Certificate Authority (CA) certificate and a host ID-based certificate for successful communication. NetBackup uses the Transport Layer Security (TLS) protocol for host communication where each host needs to present its security certificate and validate the peer host's certificate against the Certificate Authority (CA) certificate.
The primary server acts as the CA. The primary server depends on the correct installation and configuration of services, such as pbx, nbatd and nbwmc, to deploy the certificates.
NetBackup certificates are deployed to all the media servers and the clients when they are upgraded. If certificate deployment fails, backups and restores cannot occur. Deployment fails if the following occurs:
The pbx, nbatd, or
nbwmcprocesses are not running on the primary server.A host cannot retrieve both the CA certificate and the host ID-based certificate from the primary server during the installation or upgrade.
When you diagnose issues with secure communication and certificates, the services or processes that run on the primary server are typically involved. After verifying that the services are running and are at the expected NetBackup version, the log files can help determine the issue.