|
[Veritas-bu] RE: How to troubleshoot a Firewall Client Backup with Clustered Netbackup Server
2005-11-08 12:31:16
|
Subject: |
[Veritas-bu] RE: How to troubleshoot a Firewall Client Backup with Clustered Netbackup Server |
|
From: |
mark.kilpatrick AT sabeo DOT com (Kilpatrick, Mark) |
|
Date: |
Tue, 8 Nov 2005 17:31:16 -0000 |
This is a multi-part message in MIME format.
------_=_NextPart_001_01C5E48A.390B6016
Content-Type: text/plain; charset="UTF-7"
Content-Transfer-Encoding: 7bit
I got some great information from responses on this list to my firewall
issue. I was able to use all the troubleshooting tips to suggest that
the problem lied with the firewall. I could telent from the client to
the media server but I could NOT telnet from the media server to the
client. This has now been resolved but I have not yet had a successful
backup. The client is now creating logs for bpcd and the error message
is Reserved Port Mismatch.
Any ideas what Reserved Port Mismatch could be? Am I still looking at a
firewall issue?
NAT is turned off for my IP addresses in question. There are two
firewalls in the picture, using Check Point and Side Winder.
Thanks again.
-----Original Message-----
From: Kilpatrick, Mark
Sent: 07 November 2005 17:11
To: 'veritas-bu AT mailman.eng.auburn DOT edu'
Subject: How to troubleshoot a Firewall Client Backup with Clustered
Netbackup Server
Hi, I am attempting to backup two Solaris NBU5.1 clients through a
firewall and they are unsuccessful. I would like some pointers on
troubleshooting this procedure.
The firewall rules have been set up for bpcd (13782) going out to the
client from the master server and media servers.
The firewall rules have been set up for vnetd (13724) going into the
server.
The client attribute of vnetd port has been selected from the master
server properties for each of the clients.
When selecting the client properties from the NBU admin interface the
error of cannot connect on socket (status 25) returns immediately
When running a test backup the error of (58) can't connect to client
returns almost immediately.
I have run the bpclient -client -nameofclient -L command on each of the
firewalled clients and the No call back connections is set to yes. But
the IP address returned is 0.0.0.0
I have checked the /etc/services and /etc/inetd.conf on each client
I have checked the bp.conf on each client and server and media server
names are present
I have checked /etc/hosts on server and client
I have enabled logging of bpcd and vnetd on the clients but there are no
log files created - indicating no communication with the clients from
the master
I have enabled logging of bpcd on the master
How can I determine if the problem lies with the firewall rules created
by the firewall admin team or with netbackup (version 5.1 HP-UX running
on a VCS cluster). Could the issue be related to the fact that I have a
netbackup clustered server. The firewall rules only specify the virtual
server hostname. Addition of physical name and IP to firewall rules is
not possible.
Regards, Mark K
Due to continued expansion Sabeo Technologies have moved office +IBM to The
Courtyard, Carmanhall Road, Sandyford, Dublin 18. Our telephone and fax
numbers remain unchanged. A location map is available on our website
www.sabeo.com.
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
Sabeo Technologies.
This footnote also confirms that this email message has been swept for the
presence of computer viruses.
**********************************************************************
------_=_NextPart_001_01C5E48A.390B6016
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dus-ascii">
<meta name=3DGenerator content=3D"Microsoft Word 10 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.emailstyle17
{font-family:Arial;
color:windowtext;}
span.EmailStyle18
{font-family:Arial;
color:navy;}
@page Section1
{size:612.0pt 792.0pt;
margin:72.0pt 90.0pt 72.0pt 90.0pt;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>I got some great information from
responses on this list to my firewall issue. I was able to use all the
troubleshooting tips to suggest that the problem lied with the firewall. I
could telent from the client to the media server but I could NOT telnet from
the media server to the client. This has now been resolved but I have not y=
et
had a successful backup. The client is now creating logs for bpcd and the e=
rror
message is Reserved Port Mismatch.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Any ideas what Reserved Port Mismatch
could be? Am I still looking at a firewall issue?</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>NAT is turned off for my IP addresses =
in
question. There are two firewalls in the picture, using Check Point and Side
Winder.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'>Thanks again.</span></font></p>
<p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span style=
=3D'font-size:
10.0pt;font-family:Arial;color:navy'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DTah=
oma><span
style=3D'font-size:10.0pt;font-family:Tahoma'>-----Original Message-----<br>
<b><span style=3D'font-weight:bold'>From:</span></b> Kilpatrick, Mark <br>
<b><span style=3D'font-weight:bold'>Sent:</span></b> 07 November 2005 17:11=
<br>
<b><span style=3D'font-weight:bold'>To:</span></b>
'veritas-bu AT mailman.eng.auburn DOT edu'<br>
<b><span style=3D'font-weight:bold'>Subject:</span></b> How to troubleshoot=
a
Firewall Client Backup with Clustered Netbackup Server</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> </span></fo=
nt></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>Hi, I am attempting to backup =
two
Solaris NBU5.1 clients through a firewall and they are unsuccessful. I would
like some pointers on troubleshooting this procedure.</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>The firewall rules have been s=
et up
for bpcd (13782) going out to the client from the master server and media
servers.</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>The firewall rules have been s=
et up
for vnetd (13724) going into the server.</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>The client attribute of vnetd =
port
has been selected from the master server properties for each of the clients=
.</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>When selecting the client prop=
erties
from the NBU admin interface the error of cannot connect on socket (status =
25)
returns immediately</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>When running a test backup the=
error
of (58) can’t connect to client returns almost immediately.</span></f=
ont></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have run the bpclient
–client –nameofclient –L command on each of the firewalled
clients and the No call back connections is set to yes. But the IP address
returned is 0.0.0.0 </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have checked the /etc/servic=
es and
/etc/inetd.conf on each client</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have checked the bp.conf on =
each
client and server and media server names are present</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have checked /etc/hosts on s=
erver
and client</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have enabled logging of bpcd=
and
vnetd on the clients but there are no log files created – indicating =
no
communication with the clients from the master</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>I have enabled logging of bpcd=
on
the master</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'>How can I determine if the pro=
blem
lies with the firewall rules created by the firewall admin team or with
netbackup (version 5.1 HP-UX running on a VCS cluster). Could the issue be
related to the fact that I have a netbackup clustered server. The firewall
rules only specify the virtual server hostname. Addition of physical name a=
nd
IP to firewall rules is not possible.</span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D2 face=3DAri=
al><span
style=3D'font-size:10.0pt;font-family:Arial'> </span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'>Regards, Mark K <=
/span></font></p>
<p class=3DMsoNormal style=3D'margin-left:36.0pt'><font size=3D3
face=3D"Times New Roman"><span style=3D'font-size:12.0pt'> </span></fo=
nt></p>
</div>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"></span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Due to continued expa=
nsion Sabeo Technologies have moved office – to The Courtyard, Carma=
nhall Road, Sandyford, Dublin 18. Our telephone and fax numbers remain unc=
hanged. A location map is available on our website www.sabeo.com.</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"></span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"></span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"></span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">*********************=
*************************************************</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">This email and any fi=
les transmitted with it are confidential and</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">intended solely for t=
he use of the individual or entity to whom they</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">are addressed. If you=
have received this email in error please notify</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">Sabeo Technologies.</=
span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"></span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">This footnote also co=
nfirms that this email message has been swept for the presence of computer =
viruses.</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;">*********************=
*************************************************</span></p>
<p><span style=3D"font-family:'Arial';font-size:8pt;"> </span></p></bo=
dy>
</html>
------_=_NextPart_001_01C5E48A.390B6016--
|
| <Prev in Thread] |
Current Thread |
[Next in Thread>
|
- [Veritas-bu] RE: How to troubleshoot a Firewall Client Backup with Clustered Netbackup Server,
Kilpatrick, Mark <=
|
|
|
