Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Troubleshooting Guide
  5. Troubleshooting procedures
  7. Troubleshooting issues with NetBackup jobs that are enabled for data-in-transit encryption
NetBackup™ Troubleshooting Guide

Troubleshooting issues with NetBackup jobs that are enabled for data-in-transit encryption

The given NetBackup job can be of type backup, restore, duplication, replication, import, verify and so on. The job is enabled for data-in-transit encryption (DTE) through the global DTE setting or the client DTE mode.

For more details on DTE, see the NetBackup Security and Encryption Guide.

Issue: Operation fails with EXIT STATUS 23: socket read failed

The given operation can be backup, restore, import, verify, duplication, synthetic backup ans so on. The failure is in determining the DTE mode for the given operation. This is due to failure in fetching the global DTE mode as it is not refreshed in the bpcd process.

The following error is seen in bpcd: 

The global data-in-transit encryption setting cannot be fetched (8304).

Table: Logs to be checked

Operation

Logs

Backup or archive

Primary server - nbjm, bpcd, nbwebservice

Restore

Primary server - admin (catalog recovery), bprd, bpcd, nbwebservice

Duplication, verify, synthetic backup, replication

Primary server - admin, bpcd, nbwebservice

Import

Primary server - admin, bpcd, nbwebservice

Media server - bpdm or bptm

Logs for UNIX:

Legacy logs: /usr/openv/netbackup/logs

VxUL logs: /usr/openv/logs

Logs for Windows: install_path\NetBackup\logs

Cause

The NetBackup web service took more time to restart as a result of which the global DTE cache of bpcd is not refreshed. It results into a failure of the given operation while determining the DTE mode.

Resolution

Retry the operation after 2 minutes of the service restart so that the global DTE mode is successfully refreshed by the web service in the next iteration.

Issue: Cannot determine the data-in-transit encryption (DTE) mode, status 3000004

The failure is during determining the DTE mode for the given operation. This is because the media server DTE mode cannot be retrieved.

Table: Logs to be checked

Operation

Logs

Backup or archive

Primary Server - nbjm, nbemm

Restore

Primary Server - bprd, nbemm

Duplication, verify, synthetic backup, replication

Primary Server - admin, nbemm

Import

Primary Server - admin, nbemm

Media Server - bpdm or bptm

Logs for UNIX:

Legacy logs: /usr/openv/netbackup/logs

VxUL logs: /usr/openv/logs

Logs for Windows: install_path\NetBackup\logs

Cause

Failure in retrieving the media server DTE setting from EMM, resulting in failure of the operation.

Resolution

Retry the operation to successfully retrieve the media server DTE mode.

Issue: Operation fails with error - Failed to retrieve the pre-shared key which is required for TLS communication (8316)

Table: Logs to be checked

Operation

Logs

Backup or archive

Client - bpbkar or dbclient, vnetd, bpclntcmd

Media server - bptm, bpclntcmd, vnetd

Restore

Client - tar or dbclient, vnetd, bpclntcmd

Media server - bpbrm, bptm, bpclntcmd, vnetd

Duplication

Both media servers - bptm or bpdm, vnetd, bpclntcmd

Logs for UNIX: /usr/openv/netbackup/logs

Logs for Windows: install_path\NetBackup\logs

Cause

There is a failure while retrieving the pre-shared key that is required for TLS handshake between hosts. This is because of either of the following issues in bpclntcmd such as:

  • storing the pre-shared key in bpclntcmd failed

  • bpclntcmd failed to provide the pre-shared key

As a result of this issue, multiple NetBackup operations such as backup, restore or duplication fail.

Resolution

Stop the existing bpclntcmd -store process and retry the operation.

Issue: Duplication fails with error - cannot connect on socket (25) or the requested operation was partially successful (1)

Table: Logs to be checked

Operation

Logs

Duplication

Target media server - bptm or bpdm, vnetd

Logs for UNIX: /usr/openv/netbackup/logs

Logs for Windows: install_path\NetBackup\logs

Error in job details:

Jan 19, 2022 8:49:36 PM - Error bpdm (pid=18607) cannot connect to the 
writing side process for duplication, Success Jan 19, 2022 9:37:02 PM - Error bptm 
(pid=1028) listen protocol error - couldn't accept from data socket, 
The operation completed successfully. Jan 19, 2022 9:37:03 PM - Info bptm 
(pid=1028) EXITING with status 25 <----------
Cause

When data-in-transit encryption (DTE) is enabled, vnetd process is responsible for setting up the pre-requisites required for DTE TLS handshake. On a busy machine, if vnetd spends more time doing this, bptm times out before vnetd forwards the connection. As a result of this, duplication fails.

Solution

On the target host, increase the timeout for accepting connection from vnetd. Use the nbgetconfig and nbsetconfig commands to increase the timeout of the VNET_OPTIONS configuration option.

For example, to change the timeout from 120 seconds to 300 run the following commands:

nbgetconfig VNET_OPTIONS VNET_OPTIONS = 120 3600 200 40 3 1 30 10 1793 32 0 0

nbsetconfig nbsetconfig> VNET_OPTIONS = 300 3600 200 40 3 1 30 10 1793 32 0 0

Only the first value is changed to '300'.

Feedback

Was this page helpful?
Previous

Troubleshooting issues with malware scanning

Next

Troubleshooting issues with Unstructured Data Instant Access

Feedback

Was this page helpful?