About NetBackup secure communication logging
NetBackup logs information for secure communication of control-type functions between NetBackup 8.1 and later hosts. These functions include command execution and the starting processes that are required to initiate a backup or restore. Currently, these processes do not include the bpbkar or tar data transfer. The hosts must have a Certificate Authority (CA) certificate and a host ID-based certificate for successful communication. NetBackup uses the Transport Layer Security (TLS) protocol for host communication where each host needs to present its security certificate and validate the peer host's certificate against the Certificate Authority (CA) certificate.
The master server acts as the CA. The master server depends on the correct installation and configuration of services, such as pbx, nbatd and nbwmc, to deploy the certificates.
In NetBackup 8.1, certificates are deployed to all the media servers and the clients when they are upgraded. If certificate deployment fails, backups and restores cannot occur. Deployment fails if the following occurs:
The pbx, nbatd, or
nbwmcprocesses are not running on the master server.A host cannot retrieve both the CA certificate and the host ID-based certificate from the master server during the installation or upgrade.
When you diagnose issues with secure communication and certificates, the services or processes that run on the master server are typically involved. After verifying that the services are running and are at the expected NetBackup version, the log files can help determine the issue.
For more details about NetBackup secure communications, see the Read This First for Secure Communications document at the following URL:
https://www.veritas.com/docs/DOC5332
Note:
If you have NetBackup 8.0 hosts in your environment, you can enable insecure communication with the option.