Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

KMS problem

Created: 27 Mar 2013 • Updated: 30 Mar 2013 | 15 comments
This issue has been solved. See solution.

I have configued the Netbackup KMS on my master server with one pool ENCR_volume
backups run fine encrypted and encryption tag is shown.

the problem is that I  cannot not see the following files (in the below directory or any other directory) which should be generated once KMS is configured.

 

/opt/openv/kms/db/KMS_DATA.dat
/opt/openv/kms/key/KMS_HMKF.dat
/opt/openv/kms/key/KMS_KPKF.dat

note: HMK and KPK is created with their passphrase

 

any suggestion? when do I need those files?

 

 

Operating Systems:

Comments 15 CommentsJump to latest comment

Yasuhisa Ishikawa's picture

Please check under /usr/openv/kms instead. NetBackup is installed under /usr/openv by default except Solaris.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SARA_8's picture

 the directory /usr/openv/kms exists  but it is empty !!

in the documentaion it says the files will be under  /opt/openv/kms/

 

Thanks

 

Yasuhisa Ishikawa's picture

Ooops! NetBackup Security and Encryption Guide states as such. I believe this is documentation error.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

Marianne's picture

Have you tried the 'find' command?

e.g.
find / -name KMS_DATA.dat -print

Supporting Storage Foundation and VCS on Unix and Windows as well as NetBackup on Unix and Windows
Handy NBU Links

SARA_8's picture

yes I tried the find command , but no result

Mark_Solutions's picture

Take a look in the admin or bptm log files to see if the keys are being referenced when encryption runs - most encryption information should log to the admin log

Also make sure you are logged in as root in case you just cannot see the files? (and on the Master of course where the commands were run to configure encryption)

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

SARA_8's picture

Mark , I can see the image got encrypted using the key

please see the attachement

 

does it mean I can run the backup encrypted withou those files existense ?

Mark_Solutions's picture

It does look like encryption is working but you should have a copy of the file for DR purposes so you do need to find them

Have you check the admin log?

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

SARA_8's picture

I will check bptm log

please correct me if im wrong,we need those files ONLY when we need to restore from different master

Yasuhisa Ishikawa's picture

I confirmed that these files are created under /usr/openv/kms after firing "nbkms -createemptydb" on AIX machine.

Please check nbkms log by "vxlogview -p NB -o nbkms ....". Path of key files were logged when you created DB and keys. KMS database location(/usr/openv/kms" is also logged when nbkms starts.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SARA_8's picture

yes it is clustered, but im testing kms on the active node

/usr/openv/kms exist but there is no files in it !!

Thanks

 

Yasuhisa Ishikawa's picture

Any chance your master is clustered?

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

Mark_Solutions's picture

Have you looked under the db directory on the shared disk of the cluster?

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Yasuhisa Ishikawa's picture

KMS_DIR parameter must be in bp.conf, and that indicate the directory where KMS files are placed.
It must be shared_disk/kms. KMS files are there.

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

SOLUTION
SARA_8's picture

Thanks Yasuhisa & Mark
the path was in KMS_DIR