A communication error occurs with some clients on other side of a firewall with network address translation (NAT) enabled.

Article:TECH66968  |  Created: 2009-01-21  |  Updated: 2014-01-20  |  Article URL http://www.symantec.com/docs/TECH66968
Article Type
Technical Solution


Environment

Issue



A communication error occurs with some clients on other side of a firewall with network address translation (NAT) enabled.


Error



EXIT STATUS 23: can't connect to client
bpcd peer_hostname: gethostbyaddr failed : The requested name is valid, but no data of the requested type was found. (0)
bpcd peer_hostname: gethostbyaddr failed to return peer host, herrno = 0
bptestbpcd main: Function ConnectToBPCD(server_name)failed: 23
 


Environment



  • Master/media server's Physical IP 10.106.62.# >NAT translated IP to the network is 10.106.4.#
  • Client's Public IP address is 10.106.4.#
  • Firewall's external Public IP address is 10.106.4.##

 


Solution



 
TROUBLESHOOTING:
1.  Updated the host file on the master server and the client.
2.  Updated the server list with client hostname entry under Host Properties --> Master Server --> Servers --> Additional Servers
3.  <install_path>\Veritas\NetBackup\bin\bpclntcmd works fine
4.  telnet on bpcd/bprd/vnetd master<--->client > works fine
5.  When opening the client host properties, it fails with error 23
6.  Enable bpcd logging on the client.
 
Client Log Files:
The NetBackup Client Service (bpcd) log shows the incoming connection from the firewall's Public IP address. Notice the 'gethostbyaddr' name resolution reverse lookup failure because it knows the master server by it's private IP, not the firewall's public IP:
 
bpcd log:
12:50:30.416 [96108.97500] <2> bpcd main: ReadKeyfile failed
12:50:30.416 [96108.97500] <2> bpcd main: offset to GMT 18000
12:50:30.416 [96108.97500] <2> bpcd main: Got socket for input 488
12:50:30.416 [96108.97500] <2> logconnections: BPCD ACCEPT FROM 10.106.4.17.11049 TO 10.106.4.20.13724
12:50:30.416 [96108.97500] <2> bpcd main: setup_sockopts complete
12:50:30.416 [96108.97500] <2> vauth_acceptor: ..\libvlibs\vauth_comm.c.337: no methods for address: no authentication required
12:50:30.416 [96108.97500] <2> bpcd main: no authentication required
12:50:34.922 [96108.97500] <8> bpcd peer_hostname: gethostbyaddr failed : The requested name is valid, but no data of the requested type was found. (0)
12:50:34.922 [96108.97500] <16> bpcd peer_hostname: gethostbyaddr failed to return peer host, herrno = 0
12:50:34.922 [96108.97500] <16> bpcd main: Couldn't get peer hostname
 

bptestbpcd output:
 
C:\Program Files\Veritas\NetBackup\bin\admincmd>bptestbpcd.exe -client <server_name> -debug
 
16:25:31.127 [4044.1956] <2> logconnections: BPCD CONNECT FROM 10.106.62.48.4557 TO 10.106.4.20.13724
16:25:31.127 [4044.1956] <2> vnet_connect_to_vnetd_extra: vnet_vnetd.c.179: msg: VNETD CONNECT FROM 10.106.62.48.4558 TO 10.106.4.20.13724 fd = 764
16:25:31.174 [4044.1956] <2> vnet_vnetd_connect_forward_socket_begin: vnet_vnetd.c.532: VN_REQUEST_CONNECT_FORWARD_SOCKET: 10 0x0000000a
16:25:31.330 [4044.1956] <2> vnet_vnetd_connect_forward_socket_begin: vnet_vnetd.c.549: ipc_string: 1326
16:25:35.815 [4044.1956] <2> get_short: (1) cannot read (byte 1) from network: An existing connection was forcibly closed by the remote host.
16:25:35.815 [4044.1956] <2> bpcr_put_vnetd_forward_socket: get_short failed: 10054
16:25:35.815 [4044.1956] <2> local_bpcr_connect: bpcr_put_vnetd_forward_socket failed: 23
16:25:35.815 [4044.1956] <2> ConnectToBPCD: bpcd_connect_and_verify(server_name) failed: 23
<16>bptestbpcd main: Function ConnectToBPCD(server-mxi) failed: 23
16:25:35.815 [4044.1956] <16> bptestbpcd main: Function ConnectToBPCD(server_name) failed: 23
<2>bptestbpcd: socket read failed
16:25:35.815 [4044.1956] <2> bptestbpcd: socket read failed
<2>bptestbpcd: EXIT status = 23
16:25:35.815 [4044.1956] <2> bptestbpcd: EXIT status = 23
socket read failed

RESOLUTION:
 
To resolve this problem, simply correct the reverse name lookup issue by reconfiguring the client operating system to resolve the NetBackup master/media server to the firewall's public IP OR else update the hosts file on the client with the firewall's Public IP mapped to master server host name. 
 



Legacy ID



317839


Article URL http://www.symantec.com/docs/TECH66968


Terms of use for this information are found in Legal Notices