Unable to log into NBU Master with NBU Java Console
Created: 08 Mar 2013 | Updated: 08 Mar 2013 | 13 comments
Hi All,
I am trying to login into NBU 7.5.0.4 master server (Windows 2008 R2) using NBU Java console. Login fails with error 503 (Invalid User).
looking into bpjava-msvc logs I can see the below error mesage.
16:23:15.081 [14920.2400] <2> supportFiles: bpjava-msvc compiled on Sep 16 2012 at 09:33:51, NetBackup 7.5, level = 750000
16:23:15.081 [14920.2400] <2> supportFiles: debug level is 1
16:23:15.081 [14920.2400] <2> logparams: -transient
16:23:15.081 [14920.2400] <2> bpjava-msvc: myhostame = MASTER, I am >netbackup<, real locale = C, messsage locale = C, my master is MASTER.domian.com
16:23:15.081 [14920.2400] <2> StartedByInetd: I was NOT started by the bpInetd process
16:23:15.081 [14920.2400] <2> bpjava-msvc: transient Master, I am not the daemon
16:23:15.081 [14920.2400] <2> bpjava-msvc: currentObj.MyPort = 13722 , main_accept_init = 268, username = netbackup, real locale = C, auth.conf in D:\Program Files\Veritas\java
16:23:15.439 [14920.2400] <2> command_LOGON_TO_MSERVER: lines = 6, expectXML = 0
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: user = nbuadmin
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: this host = MASTER.domian.com
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: locale = en_US
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: currentObj.AuthConfPath = D:\Program Files\Veritas\java\auth.conf
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: client version = 750000 IPC , my version = 750000 [IPC]
16:23:15.658 [14920.2400] <2> command_LOGON_TO_MSERVER: converted to common locale = en_US
16:23:15.673 [14920.2400] <2> command_LOGON_TO_MSERVER: converted to real locale = american
16:23:15.673 [14920.2400] <2> command_LOGON_TO_MSERVER: Oracle locale NLS_LANG = AMERICAN_AMERICA.US7ASCII
16:23:15.673 [14920.2400] <2> peerconnect: peer hostname is a2md11873.domian.com, peer address is 172.22.9.20
16:23:15.673 [14920.2400] <2> newAuthenticate: domain\username = nbuadmin
16:23:15.673 [14920.2400] <16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
16:23:15.673 [14920.2400] <16> command_LOGON_TO_MSERVER: authenticate failed for user nbuadmin (user not found)
16:23:15.876 [14920.2400] <2> readCharByChar: socket closed gracefully
16:23:15.876 [14920.2400] <16> poll_listen: can't find file descriptor 000000000000010C in polling table
16:23:15.876 [14920.2400] <2> KillSessionsJobs: getjobcount = 0
16:23:15.876 [14920.2400] <2> poll_exit: all done, code = 0
16:23:15.876 [14920.2400] <4> bpjava-msvc: NEW_LOG closing debugFD and seting NB_INVALID
I have created a auth.conf with valid etries
domainname\nbuadmin ADMIN=ALL JBP=ALL
domainname\netbackup ADMIN=ALL JBP=ALL
Any one with ideas why it fails to EnablePrivilege for assigning Token.
Is there any specfic permission to be set for netbackup user in AD???
Discussion Filed Under:
Comments 13 Comments • Jump to latest comment
hi
First check are you able to do login using the same user to the server?
check by starting the java console as " run as admininstartor"
try disabling the User accout control in windows 2008
Hi,
UAC is disabled and netbackup user is a domain user with local admin privilages on master server. nbuadmin is a local user account on master server and is also part of local admin for Master Server.
The NBU services are running as user netbackup. All features and functions work fine, but for some reason it fails to auth the user.
Running JAVA console from Master server stills ends with same message.
<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
Regards
Shantharam Sahyadri
How are you logging in? domain\username? localserver\nbuadmin? you will need to do it that way for this to work.
The above comments are not to be construed as an official stance of the company I work for; hell half the time they are not even an official stance for me.
Yes logging with domainname\username or localserver\username too ends with the same message.
What's in D:\Program Files\Veritas\java\auth.conf ? Is an entry for nbuadmin in there? Is it what you would expect, or does it need a quick edit?
D:\Program Files\Veritas\java\auth.conf contains
hi,
your Previous post is saying that nbuadmin is local accout but auth.conf has entry like
domainname\nbuadmin ADMIN=ALL JBP=ALL.
try either of the below entires and see how it works
nbuadmin ADMIN=ALL JBP=ALL
or
* ADMIN=ALL JBP=ALL
Hi,
Sorry my mistake.. the entry for nbuadmin is
hostname\nbuadmin ADMIN=ALL JBP=ALL
domainname\netbackup ADMIN=ALL JBP=ALL.
I am sure its not issue with auth.conf because looking at log I can see it fails to even search for user on (see error User not found) local machine or in Active Directory. auth.conf would come later to provide authorization. Here authentication is failling.
Will open a tech case for this and see..
We have a 2008 server that we do not use a auth.conf for at all. We log in using domain\username. The user is a part of a AD group that has admin rights to the box. I might suggest renaming the auth.conf and trying again.
The above comments are not to be construed as an official stance of the company I work for; hell half the time they are not even an official stance for me.
The default setup does not have auth.conf. I had to create it because it was not allowing me to login with domain account or local admin account
That is the point I was trying to make. We do not have an auth.conf and mulltiple people can log in using the domain\userid combination. They are members of the local administrators group by virtue of group membership. See the attached picture.
The above comments are not to be construed as an official stance of the company I work for; hell half the time they are not even an official stance for me.
removing the auth file is of no help. still ending up with
<16> EnablePrivilege: AdjustTokenPrivileges of SeAssignPrimaryTokenPrivilege failed, result = 1, errno = 1300 = Not all privileges or groups referenced are assigned to the caller.
error.
this is why we have unix Master
will restore -- where there is a Will there is a way
Would you like to reply?
Login or Register to post your comment.