Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Microsoft SQL Server Administrator's Guide
  5. Using instant access with SQL Server
  7. Frequently asked questions
NetBackup™ Web UI Microsoft SQL Server Administrator's Guide

Frequently asked questions

Here are some frequently asked questions for Microsoft SQL instant access Build Your Own (BYO).

Table:

Applicable for

Frequently asked question

Answer

BYO

How can I enable the Microsoft SQL instant access feature on BYO after storage is configured or upgraded without the nginx service installed?

Perform the steps in the following order:

  1. Install the required nginx service version.

  2. Ensure that the new BYO nginx configuration entry: /etc/nginx/conf.d/byo.conf is part of the HTTP section of the original: /etc/nginx/nginx.conf file.

  3. Run the command: /usr/openv/pdde/vpfs/bin/vpfs_config.sh --configure_byo

BYO

How can I resolve the following issue in the vpfs-config.log file that is raised from: Verifying that the MSDP REST API is available via https on port 10087

Perform the steps in the following order:

  1. Install the policycoreutils and policycoreutils-python packages through yum tool.

  2. Add the following rules that SELinux for Nginx requires to bind on the 10087 port.

    • semanage port -a -t http_port_t -p tcp 10087

    • setsebool -P httpd_can_network_connect 1

  3. Run the following command: /usr/openv/pdde/vpfs/bin/vpfs_config.sh --configure_byo

BYO

Instant Access for BYO uses a self-signed certificate by default and only supports *.pem external certificate.

How do I replace it with a certificate signed by external CA (*.pem certificate), if required?

To configure the external certificate, perform the following steps. If the new certificate is already generated (the certificate must contain long and short host names for the media server), go to step 4.

  1. Create the RSA public or private key pair.

  2. Create a certificate signing request (CSR).

    The certificate must contain long and short host names for the media server.

  3. The External Certificate Authority creates the certificate.

  4. Replace <PDDE Storage Path>/spws/var/keys/spws.cert with the certificate and replace <PDDE Storage Path>/spws/var/keys/spws.key with the private key.

  5. Run the following command to reload the certificate:

    /usr/openv/pdde/vpfs/bin/vpfs_config.sh --configure_byo

BYO

How can I disable media automount for the instant access livemount share in gnome?

If the automount is enabled, the source folder is mounted from the livemount share in gnome and smaller disks appear. In this scenario, the instant access feature does not work properly.

The mounted disk content source is from the .../meta_bdev_dir/... folder under livemount share, while the mount target is in the /run/media/... folder.

Follow the guideline to disable the gnome automount:

https://access.redhat.com/solutions/20107

BYO

How can I resolve the following issue in the /var/log/vpfs/vpfs-config.log file?

**** Asking the NetBackup Webservice to trust the MSDP webserver (spws) **** /usr/openv/netbackup/bin/nblibcurlcmd failed (1):

Perform the steps in the following order:

  1. Ensure that your NetBackup master server is up and there is no firewall blocking the connection between the NetBackup master server and storage server.

  2. Run the following command on storage server to verify the connection status:

    /usr/openv/netbackup/bin/bpclntcmd -pn

  3. After the NetBackup master server is up and connection between the NetBackup master server and storage server is allowed, run the following command:

    /usr/openv/pdde/vpfs/bin/vpfs_config.sh --configure_byo

BYO

How can I enable host-based authentication and secure logon for Samba share so that the MSSQL instant access works on specific windows clients?

The clients windows version and the background are listed at the following link:

https://support.microsoft.com/en-us/help/4046019/guest-access-in-smb2-disabled-by-default-in-windows-10-and-windows-ser

Perform the steps in the following order:

  1. In the storage server (one time operation) where the Samba share is exported from:

    • Override the following Samba option to disable the guest logon:

      map to guest = Never

    • Create user credentials for Samba.

      • smbpasswd -a spws

        Set Samba password for Samba user spws

      • smbpasswd -e spws

        Enable Samba user spws

  2. For each Windows client, where the Samba share is accessed using the earlier credentials, save the spws credentials in the credential manager.

Appliance

How can I enable host-based authentication and secure logon for Samba share so that the MSSQL instant access works on NetBackup Appliance and windows clients?

Perform the steps in the following order:

  1. In the storage server (one time operation) where the Samba share is exported from, create new local user credentials for Samba with the following Appliance CLISH path:

    Main_Menu > Settings > Security > Authentication > LocalUser

  2. In each Windows client, where the Samba share is accessed using the earlier credentials, save the new local user credentials in the credential manager.

Feedback

Was this page helpful?
Previous

NetBackup for SQL Server terms

Next

Protecting SQL Server with VMware backups

Feedback

Was this page helpful?