Video Screencast Help

Need some help with KMS, status 9

Created: 23 Dec 2013 • Updated: 24 Dec 2013 | 7 comments
This issue has been solved. See solution.

Hi All,

Hope anyone can help me.

Running Windows Server 2008 R2 SP1 x64 and NetBackUp 7.5.0.1 with a Dell ML6000 (IBM Ultrium TD3 SCSI tape drives)

I want to do server side encryption, so I configured KMS (correctly?) and ticked the box "Encryption" in the policy.

But why does this job always fails with "status 9: a necessary extension package is not installed or not configured properly"?

Regards,

Operating Systems:

Comments 7 CommentsJump to latest comment

Mark_Solutions's picture

If your drives are SCSI then you cannot use KMS - only enabled drives will work - a selected few Fibre and SAS attached LTO4/5/6 drives

So your error will be caused by your tape drives not actually supporting encryption

See the hardware compatibility list for full details - the encryption and security section:

http://www.symantec.com/docs/TECH76495

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

Will Restore's picture

See Marianne's solution in this older thread:

https://www-secure.symantec.com/connect/forums/err...

Will Restore -- where there is a Will there is a way

RamNagalla's picture

Did you push the encryption binaries to the client

follow the tech note to get this configured successfully

http://www.symantec.com/business/support/index?page=content&id=TECH72130

Oddman's picture

@ wr & Nagalla,

Thank you for your reply but I do not want to use client side encryption.Only want the data written to tape to be encrypted, not transfered encrypted over the network.

@ Mark_Solutions. Why must the tape drive support encryption? Thought that the data would be encrypted on the server and then be writting to tape.

Mark_Solutions's picture

From the Security and Encryption Guide:

About the Key Management Service (KMS)
The NetBackup Key Management Service (KMS) feature is included as part of the
NetBackup Enterprise Server and NetBackup Server software.Anadditional license
is not required to use this functionality. KMS runs on NetBackup and is a master
server-based symmetric Key Management Service. The KMS manages symmetric
cryptography keys for the tape drives that conform to the T10 standard (LTO4).
KMS has been designed to use volume pool-based tape encryption. KMS is used
with the tape hardware that has a built-in hardware encryption capability. An
example of a tape drive that has built-in encryption is the IBM ULTRIUM TD4
cartridge drive. KMS is also used with disk volumes associated with NetBackup
AdvancedDisk storage solutions. KMS runs with Cloud storage providers. KMS
runs on Windows and UNIX. KMS generates keys from your passcodes or it
auto-generates keys. The KMS operations are done through the KMS command
line interface (CLI) or the Cloud Storage Server Configuration Wizard (when KMS
is used with Cloud storage providers). The CLI options are available for use with
both nbms and bmkmsutil.
KMS has a minimal effect on existing NetBackup operation system management
and yet provides a foundation for future Key Management Service enhancements

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.

SOLUTION
Oddman's picture

Thank you very much Mark_Solutions. I'll upgrade the drives.

Regards

Mark_Solutions's picture

You are welcome - have a good Xmas

Authorised Symantec Consultant

Don't forget to "Mark as Solution" if someones advice has solved your issue - and please bring back the Thumbs Up!!.