Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting issues with initiating the NetBackup CA migration because of large key size
NetBackup™ Troubleshooting Guide

Troubleshooting issues with initiating the NetBackup CA migration because of large key size

Initiating the NetBackup CA migration may be timed out during installation or upgrade because of large key size.

Following is an example of the error that is logged in the installation logs:

06-19-2020,20:40:39 : Initiating the NetBackup CA migration with 16384 
bits key size.
06-19-2020,20:40:39 : NetBackup security service is still generating key 
pairs with key size of 16384 bits.
06-19-2020,20:40:39 : NetBackup will recheck the status of the NetBackup 
CA migration initiation phase after every 30 seconds
06-19-2020,20:40:40 : The NetBackup CA migration initiation process is 
taking more time than expected
06-19-2020,20:40:40 : Failed to set up the new NetBackup CA
06-19-2020,20:40:40 : network connection timed out(Error code: 41)
06-19-2020,20:40:40 : Command returned status 41
06-19-2020,20:40:40 : "C:\Program Files\Cohesity NetBackup\NetBackup\bin\admincmd
\nbseccmd.exe" -nbcamigrate -initiatemigration -quiet -keysize 16384 -reason 
"Upgrade" -installtime, ERROR: nbseccmd.exe failed with error status: 41

In case of such an error, it is possible that the CA migration was successfully initiated but the request is timed out because of the large key size. However, in the background the CA migration initiation may be complete and the certificates may be renewed with the new CA.

To verify if the initiation of NetBackup CA migration was successful

  1. Run the following command:

    nbseccmd -nbcaMigrate -summary

  2. Check if the NetBackup CA migration status is INITIATED.

    • If the migration status is NO_MIGRATION, it implies that the CA migration has failed during installation.

      Initiate a new migration using the following command:

      nbseccmd -nbcaMigrate -initiateMigration | -i -keysize <key-value> [-reason <comment>] [-json] [-quiet]

  3. Once you have ensured that the migration status is INITIATED, run the following command to verify if the new CA is displayed in the list:

    nbseccmd -nbcalist

    • If the new CA is present in the list, it implies that the migration is successfully initiated.

    • If the new CA is not present in the list, run the following command:

      nbseccmd -nbcaMigrate -syncMigrationDB

  4. If the certificates are still not updated, contact Cohesity Technical Support.

Feedback

Was this page helpful?
Previous

Troubleshooting issues with KMS configuration

Next

Troubleshooting issues with the non-privileged user (service user) account

Feedback

Was this page helpful?