Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting issues with FIPS mode
NetBackup™ Troubleshooting Guide

Troubleshooting issues with FIPS mode

ECA configuration with non-FIPS compliant key fails

The given private key in the ECA configuration is in non-FIPS compliant PKCS1 format that causes the ECA configuration to fail.

Reason:

The PKCS1 format that is used to encrypt the private key uses MD5 algorithm, which is not a FIPS-compliant algorithm. Therefore, the ECA configuration fails in FIPS mode.

Sample log message:

PEM_read_PrivateKey failed to read private key from file[C:\eca\private\key-pkcs1_ENCRYPTED.pem]. Provided private key is not FIPS supported.

Solution:

Use the private key with the PKCS8 format.

Launching NetBackup Administration Console on UNIX takes longer time than usual when the FIPS mode is enabled

This problem can occur if there is insufficient entropy on the host where the NetBackup Administration Console runs.

Entropy is the randomness collected by an operating system.

Reason:

The Java processes use /dev/random as a default character device to provide cryptographically secure random output in your NetBackup environment, which is the blocking call.

To check the status of entropy on the host where the NetBackup Administration Console runs, execute the following command. If the command returns the value less than 200, there is an entropy issue on that host.

cat /proc/sys/kernel/random/entropy_avail

Solution:

Set the USE_URANDOM option to 1 in the nbj.conf configuration file. The Java processes start using the /dev/urandom device.

The NetBackup Web Management Console service (nbwmc) takes unusually long time to start

This problem can occur if there is insufficient entropy on the host where the nbwmc service runs.

Entropy is the randomness collected by an operating system.

Reason:

The Java processes use /dev/random as a default character device to provide cryptographically secure random output in your NetBackup environment, which is the blocking call.

To check the status of entropy on the primary server, run the following command. If command returns value less than 200, there is a problem of entropy on that server.

cat /proc/sys/kernel/random/entropy_avail

Solution:

Set the USE_URANDOM option to 1 in the configuration file. The nbwmc service starts using the /dev/urandom device.

The NetBackup Web Management Console service (nbwmc) failed to start

Reason:

If NetBackup CA or ECA hierarchy key size is less than 2048 or more than 3072 while you try to enable the FIPS mode.

Sample log message:

Attempt to use RSA key with non-approved size: 1024: RSA

Solution:

Reconfigure the NetBackup CA hierarchy and use a key size that is supported for FIPS mode - either 2048 bits or 3072 bits.

Feedback

Was this page helpful?
Previous

Troubleshooting the VxUpdate add package process

Next

Troubleshooting issues with malware scanning

Feedback

Was this page helpful?