Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting vnetd proxy connections
  9. Test the vnetd proxy connections
NetBackup™ Troubleshooting Guide

Test the vnetd proxy connections

The NetBackup command that you use to test the vnetd proxy connections differs between a server and a client.

Testing a vnet proxy connection from a server

To test connections from a NetBackup 8.1 or later server to another NetBackup 8.1 or later host, you can use the NetBackup bptestbpcd command with the -verbose option. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of the status codes.

The following example shows a successful connection test from a NetBackup media server named connect-host.example.com to a media server named accept-host.example.com:

# bptestbpcd -host accept-host.example.com -verbose
1 1 1
127.0.0.1:43697 -> 127.0.0.1:58089 PROXY 10.80.97.186:47054 -> 10.80.97.140:1556
127.0.0.1:52061 -> 127.0.0.1:58379 PROXY 10.80.97.186:37522 -> 10.80.97.140:1556
LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx
LOCAL_CERT_SUBJECT_COMMON_NAME = a753da9b-b1ff-4a5f-b57d-69a4e2b47e29
PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx
PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4
PEER_NAME = connect-host.example.com
HOST_NAME = accept-host.example.com
CLIENT_NAME = accept-host.example.com
VERSION = 0x08100000
PLATFORM = linuxR_x86_2.6.18
PATCH_VERSION = 8.1.0.0
SERVER_PATCH_VERSION = 8.1.0.0
MASTER_SERVER = primary.example.com
EMM_SERVER = primary.example.com
NB_MACHINE_TYPE = MEDIA_SERVER
SERVICE_TYPE = VNET_DOMAIN_CLIENT_TYPE
PROCESS_HINT = 7157d866-8eb2-45bb-bde8-486790c0b40c

Conversely, the following example shows a connection test to the same media server that fails after its security certificate was revoked:

# bptestbpcd -host accept-host.example.com -verbose
<16>bptestbpcd main: Function ConnectToBPCD(accept-host.example.com) failed: 7653
<16>bptestbpcd main: The Peer Certificate is revoked
<16>bptestbpcd main: The certificate of the host that you want to connect to is revoked.
Revocation Reason Code : 0 Revocation Time : 1502637798: 7653
The Peer Certificate is revoked

NetBackup hosts must have a valid host ID-based security certificate and a valid certificate revocation list so they can communicate with other NetBackup hosts. The lack of either prevents communication. In this case, you can look up status code 7653 to find the explanation for and recommended action to recover from the error.

Testing a vnet proxy connection from a client

On a NetBackup 8.1 or later client, you can use the NetBackup bpclntcmd command to test the connection to the primary server. Examine the command output for status codes or any indications of failure. Then, refer to the NetBackup documentation for the explanations of status codes. The following is the command syntax:

Windows:

install_path\\NetBackup\bin\bpclntcmd -pn -verbose

UNIX:

/usr/openv/netbackup/bin/bpclntcmd -pn -verbose

The following example shows a successful response to the bpclntcmd command:

# bpclntcmd -pn -verbose
expecting response from server primary.example.com
127.0.0.1:52704 -> 127.0.0.1:33510 PROXY 10.80.97.186:40348 -> 10.80.97.157:1556
LOCAL_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx
LOCAL_CERT_SUBJECT_COMMON_NAME = 7157d866-8eb2-45bb-bde8-486790c0b40c
PEER_CERT_ISSUER_NAME = /CN=broker/OU=root@primary.example.com/O=vx
PEER_CERT_SUBJECT_COMMON_NAME = b900a238-d7be-4c6e-8af6-19b5c1d1dec4
PEER_IP = 10.80.97.186
PEER_PORT = 40348
PEER_NAME = connect-host.example.com
POLICY_CLIENT = *NULL*
Old Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint
New Domain Service Type VNET_DOMAIN_SERVER_TYPE and Hint 7157d866-8eb2-45bb-bde8-486790c0b40c

Conversely, the following example shows a response to the bpclntcmd command on a NetBackup client that has a revoked certificate:

# bpclntcmd -pn -verbose
Unable to perform peer host name validation. Curl error has occurred for peer name: 
primary.example.com, self name: connect-host: 0
        [PROXY] Encountered error (VALIDATE_PEER_HOST_PROTOCOL_RUNNING) while processing
        (ValidatePeerHostProtocol).: 1
Can't connect to host primary.example.com: cannot connect on socket (25)

If the vnetd proxy connections are active, examine the log files of the connecting and accepting processes

Feedback

Was this page helpful?
Previous

Verify that the host connections are proxied

Next

Examine the log files of the connecting and accepting processes

Feedback

Was this page helpful?