Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Backup exec cannot establish trust relationship with remote linux agent

Created: 29 Feb 2012 • Updated: 01 Mar 2012 | 4 comments
This issue has been solved. See solution.

I just upgraded from 2010 R2 to R3 (5204). The media server is a Windows 2008.

I also installed Service Pack 2.

One of the main reasons was to get the media server to work with new agents.

So i have installed VRTSralus-13.0.5204-0.x86_64.deb in two Ubuntu/Linux servers, but when trying to connect to those servers i get a message like this (screenshot also attached):

"Backup Exece cannot establish a trust relationship with the remote agent because of a security certificate signing request failure..."

I started the "beremote" process in the linux servers with --log-console, and see this in /var/VRTSralus/beremote.service.log

===========================================================================

a94f7700 Wed Feb 29 17:54:09 2012 : Control connection accepted : connection established between end-points <agent-ip>:10000 and <media-server-ip>:50146
a7167700 Wed Feb 29 17:54:09 2012 : sslOpen() : Opening SSL for: 0x7f517eadca8f
a7167700 Wed Feb 29 17:54:09 2012 : sslOpen(): certinfo = 0xe0e72e7f ; sslConn = 0xe0ebcb0f
a7167700 Wed Feb 29 17:54:09 2012 : BENetConfigEx: Successfully refreshed adapter information.
a7167700 Wed Feb 29 17:54:09 2012 : ERROR: LookupMSCertificate: 1 or more certificate files don't exist.  They may have been deleted. Failing verification.
a7167700 Wed Feb 29 17:54:09 2012 : ERROR: LookupMSCertificate: media server not found in certificate cache.  Failing verification.
a7167700 Wed Feb 29 17:54:09 2012 : In ndmpdGetLastError:: Callback to get last NDMP Error.
a7167700 Wed Feb 29 17:54:09 2012 : ERROR: ndmpdCertSSLHandshake:  WritePublicKeyToFilePEM for root returned E000A30C
a7167700 Wed Feb 29 17:54:09 2012 : In ndmpdGetLastError:: Callback to get last NDMP Error.
a7167700 Wed Feb 29 17:54:09 2012 : ndmp_readit: Caught message on closed connection. Socket 0x5 len 0x0
a7167700 Wed Feb 29 17:54:09 2012 : ndmp_readit: ErrorCode :: 2 : 0x       2 (2)
a7167700 Wed Feb 29 17:54:09 2012 : FreeFormatEnv( cur_fmt=0 )
a7167700 Wed Feb 29 17:54:09 2012 : FreeFormatEnv( cur_fmt=0 )
a7167700 Wed Feb 29 17:54:09 2012 : sslClose() : Closing SSL for: 0x7f517eadca8f
===========================================================================
 
WritePublicKeyToFilePEM... does it fail to save the media servers certificate perhaps?
 
How do i solve this?
 
The "for more information..." link in the error message just leads to a "No answers found" page.
 
  wbr / Alex

Comments 4 CommentsJump to latest comment

VJware's picture

Make sure the time is synchronized on the linux & the media servers...

Add these servers through an user-defined selection to establish the trust

Backup_Exec's picture

Hi

Check this link to ad trust relation ship

http://www.symantec.com/docs/TECH178418

Thanks

Sameer

Don't forget to give a "Thumbs Up" or Mark as "Solution" if someones advice has helped you.

ttlop's picture

The cause seems to have been incorrect installation procedure (on my part).

I had just done "dpkg -i VRTSralus-13.0.5204-0.x86_64.deb", and not used the "installralus" script.

Now i used the script and it worked better. A "beoper" group was added, and i can see that a few certificate-related rows were added to /etc/VTRSralus/ralus.cfg.

I seem to be able to backup now, and restore:)

I still have a serious issue with duplicated and mangled file names, but thats another thread.

SOLUTION