Video Screencast Help
Give us your opinion and win with Symantec! Please help us by taking this survey to tell us about your experience with Symantec Connect, so that we can continue to grow and improve.  Take the survey.

Netbackup Java Console "Unable to login,status:503" Invalid Username(AD Is Windows Server 2012)?

Created: 07 Nov 2013 • Updated: 10 Nov 2013 | 10 comments
This issue has been solved. See solution.


I am trying to login into Netbackup master server (Windows Server 2008 R2 SP1) using Netbackup Java console

But login fails with "Unable to login,status:503" Invalid Username"

I have created file in C:\Program Files\Veritas\Java\auth.conf with valid etries 
netbackup75\Administrator ADMIN=ALL JBP=ALL
BACKUPDEPT\netbackup75 ADMIN=ALL JBP=ALL   ------Active Directory is Windows Server 2012
Finished! Still tips me the same error.
BACKUPDEPT\netbackup75 has already added Local Administrator Group!
"Logon as a service" has been enabled in Local Group Policy!
UAC has been disabled!
Why still error?
Somebody gives me a solution.
Thank you!
Operating Systems:

Comments 10 CommentsJump to latest comment

inn_kam's picture
Error "Unable to login, status: 503 Invalid user name" shown in NetBackup Java Console
Article:TECH166557  |  Created: 2011-08-05  |  Updated: 2011-08-05  |  Article URL
Getting "Unable to login, Status 503 Invalid Username" when using a non administrator user in the for the Java GUI.
Article:TECH72342  |  Created: 2009-01-14  |  Updated: 2013-04-26  |  Article URL
Ray_Xu's picture

Seems like need NetBackup Authentication and Authorization,right?

Don't put your work at risk! Next Time -- Back Up!

Ray_Xu's picture

So, I need to configuring NBAC in a Domain environment?

Don't put your work at risk! Next Time -- Back Up!

SymTerry's picture

Yes, NetBackup can use your domain, with proper configuration, to authenticate your users and set limits to their access in NetBackup.

Configuration of NBAC can be found in chapter 4 of the Security and Encryption guide here.

Ray_Xu's picture

Thank you!

I executed "bpnbaz -setupmaster" successfully.

But login to java console still error.

Don't put your work at risk! Next Time -- Back Up!

quebek's picture

I would also grant this user with:

Replace a process level token,

Act as part of the operating system,

Create a token object.

Once added (either via secpol.msc or GPO - depends on your AD configuration/needs) reboot the system as in rsop.msc these won't be shown (until reboot will be done).

After a reboot try to logon via Java - if still unsuccessful create a directory bpjava-msvc in

<install path>\NetBackup\logs

and review the file created there after next login attempt from Java GUI.

Ray_Xu's picture

I executed the command "bpnbaz -setupmaster",and it's successful.

It still error when I login java console, I created "bpjava-msvc" dir. Log shows:

17:27:23.673 [2680.4772] <2> supportFiles: C:\Program Files\Veritas\NetBackup\Logs\bpjava-susvc does not exist, i.e. no user server logging.
17:27:23.673 [2680.4772] <2> logparams:  -transient
17:27:23.688 [2680.4772] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1,  errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
17:27:23.688 [2680.4772] <16> command_LOGON_TO_MSERVER: authenticate failed for user BACKUPDEPT\netbackup75 (user not found)
17:27:23.688 [2680.4772] <16> poll_listen: can't find file descriptor 0000000000000160 in polling table
17:27:23.688 [2680.4772] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID

How should I do?

Don't put your work at risk! Next Time -- Back Up!

Ray_Xu's picture

Thank you so much, after I check, I find domain account BACKUPDEPT\netbackup75 is not been added to "Replace a process level token" policy.

After added, It's successful.

Thanks again! : )

Don't put your work at risk! Next Time -- Back Up!

quebek's picture


If you would listen to me you would be done :)

Do a quick search on google after SeAssignPrimaryTokenPrivilege....

It will give you answers like this:

from first link I recieved I can read


Replace a process-level token

Allows a process that has this privilege to replace the access token associated with a process

So please add the roles I already mentioned in this thread, reboot that master and you will be OK

I think this issue is not really tight to the NBAZ/NBAC

I had to add the same roles to all my NBU master server so OpsCenter can pull capacity reports...