Netbackup Could Not Establish Secure Connection to Trusted Master

NetBackup Targeted AIR Trusted Master Setup Error receives error, "Could Not Establish Secure Connection to Trusted Master. The remote master server may not be running NetBackup 7.6 or higher (5614)."

Error Message

While establishing a mutual trust using the NetBackup Admin Gui, an error may be received,

Cause

It can be observed in /usr/openv/var/vxss/credentials​ that one or more of the credential file have encountered an issue such as:

• Server configuration change which causes a mismatch in certificate information.
• Damaged or corrupted file.
• Invalid or missing information.
• Difference in encryption versions.
• Date/Time Mismatch

This is not an exhaustive list – it is provided as a guideline.

Solution

Ensure the following conditions are met.

• Source and Target Masters,
  • Port 1556 is open bidirectional. 
  • Master server entries exist in /etc/hosts on both Source and Target – IP | short name | fqdn 
  • Master servers are reachable.
• Verify the the observed date/time stamps or other discrepancies mentioned prior regarding the credential files in, 
  • /usr/openv/var/vxss/credentials are current.

Note: Both the Host short name and FQDN credential files should be present.

• If a discrepancy exists such as the date/time stamp mismatch or credential file missing, running the following command will resolve these discrepancies:
  /usr/openv/netbackup/bin/admincmd/bpnbaz -configureauth

After running this command, a prompt to cycle NetBackup services will be returned.

• Verify the credential files show a current date/time stamp, short name and FQDN on both source and target masters.

In some conditions where multiple interfaces are present, configuring a Preferred Network may be necessary using the MATCH option.

• Run the following command to establish a mutual trust from /usr/openv/netbackup/bin/admincmd/. Ensure that the correct FQDN is entered in the fields marked as <fqdn> below:
  ./nbseccmd -setuptrustedmaster -add -masterserver <source fqdn> -remotemasterserver <target fqdn> -mutualtrust -username <user> -password <pass> -domainname unixpwd

• Example Command: 
  ./nbseccmd -setuptrustedmaster -add -masterserver source.domain.com -remotemasterserver target.domain.com -mutualtrust -username root -password N3t8@ckup -domainname unixpwd

Executing this command will return confirmation of a successful trust established.

Terms of use for this information are found in Legal Notices.