Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting vnetd proxy connections
  9. vnetd proxy connection requirements
NetBackup™ Troubleshooting Guide

vnetd proxy connection requirements

Note:

To verify the settings for mapping NetBackup host IDs and for communication with 8.0 and earlier hosts, open the NetBackup web UI. At the top right, click Settings > Global security. The click on the Secure communication tab.

For communication within the same NetBackup domain, note these requirements:

  • Host ID-based certificates and a certificate revocation list must be present on all NetBackup 8.1 and later hosts.

    The NetBackup global security settings configure how NetBackup provisions certificates.

    To observe the certificates that NetBackup uses between hosts, use the -verbose option with the bptestbpcd -host command and option and with the bpclntcmd -pn command and option.

  • Host IDs must be mapped for host names on all NetBackup 8.1 and later hosts.

    The NetBackup global security settings configure how NetBackup maps host IDs to names.

    As an alternative to the web UI, you can use the following command and option:

    Windows:

    install_path\NetBackup\bin\admincmd\nbseccmd -getsecurityconfig -autoaddhostmapping

    UNIX:

    /usr/openv/netbackup/bin/admincmd/nbseccmd -getsecurityconfig -autoaddhostmapping

  • For NetBackup hosts earlier than 8.1, you must allow insecure communication.

    The NetBackup global security settings configure if NetBackup can communicate with hosts earlier than 8.1.

    As an alternative to the web UI, you can use the following command and option:

    Windows:

    install_path\NetBackup\bin\admincmd\nbseccmd -getsecurityconfig -insecurecommunication

    UNIX:

    /usr/openv/netbackup/bin/admincmd/nbseccmd -getsecurityconfig -insecurecommunication

  • The NetBackup web services on the primary server must be active. To confirm that they are active, use the following NetBackup command and option:

    Windows: install_path\NetBackup\bin\nbcertcmd -ping

    UNIX: /usr/openv/netbackup/bin/nbcertcmd -ping

  • If the primary server is configured to use external CA-signed certificates, the hosts should enroll their external CA-signed certificates with the appropriate primary server domain.

    For more information on external CA support and certificate enrollment, refer to the NetBackup Security and Encryption Guide.

For Auto Image Replication, host ID-based certificates from the source primary server are required on all of the trusted primary servers in the destination domains.

If the primary server is configured to use external CA-signed certificates, ensure that trust is established between the source and target primary servers using external CA-signed certificates.

For more information, see the NetBackup Deduplication Guide.

Feedback

Was this page helpful?
Previous

Troubleshooting vnetd proxy connections

Next

Where to begin to troubleshoot vnetd proxy connections

Feedback

Was this page helpful?