Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting Auto Image Replication
  9. Targeted A.I.R. trusted primary server operation fails with an external certificate configuration
  11. Troubleshoot adding or updating the trust
NetBackup™ Troubleshooting Guide

Troubleshoot adding or updating the trust

This topic describes how to troubleshoot the issue when an operation fails to add or update the trust between the source and the target primary server.

Problem

Adding or updating the trust between the source and target primary server has failed.

Cause

The issue can occur because of the following reasons:

  • Cause 1 - Enrollment of source primary server to target primary server failed.

  • Cause 2 - Failed to add the target primary server in the trusted primary server database and in the configuration file as TRUSTED_MASTER.

Solution for cause 1 - External certificate enrollment of the source primary server with the target primary server failed.

See Troubleshooting Windows certificate store issues.

Solution for cause 2 - Failed to add the target primary server in the trusted primary server database and in the configuration file as TRUSTED_MASTER

To troubleshooting adding or updating the trust

  1. Review the error message: EXIT STATUS 5630: Failed to get version of remote primary server.

    If the vnetd proxy service is down or the connection to the vnetd proxy has failed on the source primary server, review the logs in the following order:

    • Review the connection to the vnetd proxy of the remote primary server.

      To review the connection to the remote primary server's vnetd proxy, run the bptestbpcd -host remote_primary_server_name command.

    • Review the proxy logs:

      Windows: C:\Program Files\Cohesity NetBackup\NetBackup\logs\nbpxyhelper\log_file

      Linux: /usr/openv/logs/nbpxyhelper/log_file

  2. Review the error message: EXIT STATUS 5616: The local primary server is not reachable. The trust is unidirectional right now, the remote primary server trusts the local primary server, but the local primary server doesn't trust the remote master. Please remove the trust

    If the bprd service is down on the source primary server, review the logs in the following order:

    • Review the bprd logs.

      Windows: C:\Program Files\Cohesity NetBackup\NetBackup\logs\bprd\log_file

      UNIX: /usr/openv/netbackup/logs/bprd/log_file

    • Review the proxy logs.

      Windows: C:\Program Files\Cohesity NetBackup\NetBackup\logs\nbpxyhelper\log_file

      Linux: /usr/openv/logs/nbpxyhelper/log_file

    • Review the EMM database logs.

      Windows: C:\Program Files\Cohesity NetBackup\NetBackup\logs\nbemm\log_file

      Linux: /usr/openv/logs/nbemm/log_file

Feedback

Was this page helpful?
Previous

Targeted A.I.R. trusted primary server operation fails with an external certificate configuration

Next

Troubleshoot removing the trust

Feedback

Was this page helpful?