Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Netbackup 7.5.0.6 Java Console "Unable to login,status:503" Invalid Username(AD Is Windows Server 2012)?

Created: 07 Nov 2013 • Updated: 10 Nov 2013 | 10 comments
This issue has been solved. See solution.

Hello,

I am trying to login into Netbackup 7.5.0.6 master server (Windows Server 2008 R2 SP1) using Netbackup Java console 7.5.0.6.

But login fails with "Unable to login,status:503" Invalid Username"

I have created file in C:\Program Files\Veritas\Java\auth.conf with valid etries 
 
netbackup75\Administrator ADMIN=ALL JBP=ALL
BACKUPDEPT\netbackup75 ADMIN=ALL JBP=ALL   ------Active Directory is Windows Server 2012
 
Finished! Still tips me the same error.
 
BACKUPDEPT\netbackup75 has already added Local Administrator Group!
"Logon as a service" has been enabled in Local Group Policy!
UAC has been disabled!
 
Why still error?
Somebody gives me a solution.
 
Thank you!
Operating Systems:

Comments 10 CommentsJump to latest comment

inn_kam's picture
 
Error "Unable to login, status: 503 Invalid user name" shown in NetBackup Java Console
Article:TECH166557  |  Created: 2011-08-05  |  Updated: 2011-08-05  |  Article URL http://www.symantec.com/docs/TECH166557
 
 
Getting "Unable to login, Status 503 Invalid Username" when using a non administrator user in the for the Java GUI.
Article:TECH72342  |  Created: 2009-01-14  |  Updated: 2013-04-26  |  Article URL http://www.symantec.com/docs/TECH72342
 
Apollo_Xu's picture

Seems like need NetBackup Authentication and Authorization,right?

Persional Information Should Be Protected!

Apollo_Xu's picture

So, I need to configuring NBAC in a Domain environment?

Persional Information Should Be Protected!

SymTerry's picture

Yes, NetBackup can use your domain, with proper configuration, to authenticate your users and set limits to their access in NetBackup.

Configuration of NBAC can be found in chapter 4 of the Security and Encryption guide here.

Apollo_Xu's picture

Thank you!

I executed "bpnbaz -setupmaster" successfully.

But login to java console still error.

Persional Information Should Be Protected!

quebek's picture

I would also grant this user with:

Replace a process level token,

Act as part of the operating system,

Create a token object.

Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).

After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in

<install path>\NetBackup\logs

and review the file created there after next login attempt from Java GUI.

SOLUTION
Apollo_Xu's picture

I executed the command "bpnbaz -setupmaster",and it's successful.

It still error when I login java console, I created "bpjava-msvc" dir. Log shows:

17:27:23.673 [2680.4772] <2> supportFiles: C:\Program Files\Veritas\NetBackup\Logs\bpjava-susvc does not exist, i.e. no user server logging.
17:27:23.673 [2680.4772] <2> logparams:  -transient
17:27:23.688 [2680.4772] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
17:27:23.688 [2680.4772] <16> command_LOGON_TO_MSERVER: authenticate failed for user BACKUPDEPT\netbackup75 (user not found)
17:27:23.688 [2680.4772] <16> poll_listen: can't find file descriptor 0000000000000160 in polling table
17:27:23.688 [2680.4772] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
 

How should I do?

Persional Information Should Be Protected!

Apollo_Xu's picture

Thank you so much, after I check, I find domain account BACKUPDEPT\netbackup75 is not been added to "Replace a process level token" policy.

After added, It's successful.

Thanks again! : )

Persional Information Should Be Protected!

quebek's picture

Well,

If you would listen to me you would be done :)

Do a quick search on google after SeAssignPrimaryTokenPrivilege....

It will give you answers like this:

from first link I recieved I can read http://technet.microsoft.com/en-us/library/cc77914...

SeAssignPrimaryTokenPrivilege

Replace a process-level token

Allows a process that has this privilege to replace the access token associated with a process

So please add the roles I already mentioned in this thread, reboot that master and you will be OK

I think this issue is not really tight to the NBAZ/NBAC

I had to add the same roles to all my NBU master server so OpsCenter can pull capacity reports...