Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

NBConsole.exe cifs connection to Unix Host?

Created: 04 Dec 2012 • Updated: 04 Dec 2012 | 7 comments

Hi,

I found a very odd behavior in our NetBackup environment.

Every now and then the NBConsole.exe tries to establish an smb/cifs connection to two of our AIX Hosts. Here is a snippet from the NTLM log on the master server:

NTLM client blocked audit: Audit outgoing NTLM authentication traffic that would be blocked.

Target server: cifs/<AIX server hostname>
Supplied user: (NULL)
Supplied domain: (NULL)
PID of client process: 4076
Name of client process: C:\Program Files\Veritas\NetBackup\bin\NBConsole.EXE
LUID of client process: 0x73b75
User identity of client process: <my admin account>
Domain name of user identity of client process: <domain name>
Mechanism OID: (NULL)
 
Audit the NTLM authentication requests from this computer that would be blocked by the target server cifs/<AIX server hostname> if the security policy Network Security: Restrict NTLM: Outgoing NTLM traffic to remote servers is set to Deny all.
 
What is that? 
 
On top of that the samba server on the AIX host tries to authenticate the request with the domain controlelrs, and gets a NT_STATUS_LOGON_FAILURE.  
So if this happens more than 5 times in 5 minutes my admin accounts gets locked out from the domain, that happesn every couple of month and it took us weeks to break down this behavior to the netbackup master server.
 
The AIX server is a media server with a couple aof LTO5 adrives connected and hosts a couple of SAP/DB2 systems, all backups are running fine for the host.
 
HELP! :)
 
Best regards
 
Volker
Discussion Filed Under:

Comments 7 CommentsJump to latest comment

Yasuhisa Ishikawa's picture

I have never heard such behavior.

Does anyone add AIX host as cient in MS-Windows policy and browse File Selections?

Authorized Symantec Consultant(ASC) Data Protection in Tokyo, Japan

Volker Spies's picture

Hi Yasuhisa,

sound like a solution!

Unfortunaltely it's not, I searched for the host in all policies and it only popped up in a unix file backup policy with policy type standard.

Thanks for your reply anyway!

maybe someone with deep NetBackup knowledge can point out: When does netbackup use cifs/smb connections to hosts? Do Windows Media servers with DSSU or dedup pools use smb connections to other hosts?

Do I read the log correct? Does netbackup try to reach a share on the AIX Server, or does nbconsole try to authenticate a user with the AIX host?

Volker

Mark_Solutions's picture

Is the AIX Media Server also a BMR boot server?

The NetBackup console makes connections with BMR Servers when it is opened and used - not sure if that would be cifs/smb though

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Mark_Solutions's picture

Unless you have any cifs / samba attached storage units of course?

Also has the feeling replication director and NetApps plugins used something but i guess you need an engineer on the case as you said

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Volker Spies's picture

Hi Mark,

no, I have no Storage Units that are on Samba shares.

How do I figure out that the host is a BMR boot server, in the policy the "Bare Metal Restore" is not checked in the policy.

But the "Collect true image restore information. with move detection" is checked, but as I understand the documentation this should work even on Unix hosts.

You are right, I will open a case with symantec, I refused to do that because sometimes it's painfull to overcome the first level of support and get to someone that has actually the knowledge to help.

But that is not the right place to discuss that, :)

Thanks to all of you anyways, will keep you updated if I have a solution.

Volker

mandar_khanolkar's picture

>> How do I figure out that the host is a BMR boot server, in the policy the "Bare Metal Restore" is not checked in the policy.

On you NB master server fire below query to check if the host name exists.

netbackup/bin/bmrs -o list -r bootserver

Thanks.

Mandar

Mark_Solutions's picture

In the admin console go to the BMR section at the bottom - expand it and check in the BMR Boot Server section to see if it is listed there

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.