Login to the appliance WEB UI fails

Article:TECH199318  |  Created: 2012-11-02  |  Updated: 2014-07-03  |  Article URL http://www.symantec.com/docs/TECH199318
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution

Product(s)

Issue



Login to the appliance WEB UI fails when tried to login using the correct user id 'admin' and it's password.


Error



There are two possible locations to observe the error:

#1. Error message displayed in the appliance WEB UI when tried to login:

    Login failed. Please contact your System Administrator.

#2. Error massage logged in the catalina log (/opt/SYMCnbappws/webserver/logs/catalina.out):

    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run (JIoEndpoint.java:489)
    at java.lang.Thread.run(Unknown Source) Caused by: javax.net.ssl.SSLHandshakeException:
    java.security.cert.CertificateException: No name matching <appliance hostname>  found


Environment



NetBackup 52x0 appliances


Cause



Appliance hostname in the security certificate file is somehow changed to appliance default name nb-appliance.

For example, after doing appliance factory reset.

 


Solution



1. Verify whether the appliance hostname is correct in the security certificate file:

In the example below the appliance real hostname is missing, say the real hostname is 'abc', the hostname indeed appears as the appliance default name nb-appliance:

/opt/SYMCnbappws/Security # strings keystore
netbackupapplianceui
nb-appliance1
NetBackupApplianceUI1
nb-appliance0
nb-appliance1
NetBackupApplianceUI1
nb-appliance0

2. Save the original security certificate file and remove it to generate a new key with FQDN:

 

 /opt/SYMCnbappws/Security # mv keystore keystore.org

 

3. Stop appliance webserver services:

/opt/SYMCnbappws/bin # sh /opt/SYMCnbappws/bin/appwebadmin.sh stop
Stopping NetBackup Appliance Web Server

Stopping NetBackup Appliance Web Server Service
Stopping Authentication Service

4. Make sure the appliance webserver services are down:

/opt/SYMCnbappws/bin # sh /opt/SYMCnbappws/bin/appwebadmin.sh monitor
Authentication service is down
Private Branch Exchange service is up
NetBackup Appliance Web Server is down

5. Generate a new certificate with FQDN (Do Not use shortname):

 

/opt/SYMCnbappws/Security # /usr/java/latest/bin/keytool -genkeypair -alias NetBackupApplianceUI -keyalg RSA -keypass appliance -validity 3650  -dname "CN=<appliance hostname>, ou=NetBackupApplianceUI, o=<appliance hostname>" -storepass appliance -keystore /opt/SYMCnbappws/Security/keystore

If the key already has been generated with shortname, you can see the below error message. In this case, please remove the keystore file and generate a new certificate with FQDN

keytool error: java.lang.Exception: Key pair not generated, alias <NetBackupApplianceUI> already exists

 

6. Now view the security certificate file, this time appliance hostname 'abc' should be present:

/opt/SYMCnbappws/Security # strings keystore
netbackupapplianceui
abc.symantec.com1
NetBackupApplianceUI1
abc.symantec.com0
abc.symantec.com1
NetBackupApplianceUI1
abc.symantec.com0

 

7. Start appliance webserver services:

sh /opt/SYMCnbappws/bin/appwebadmin.sh start
 

8. Login to the appliance WEB UI now should be successfull.




Article URL http://www.symantec.com/docs/TECH199318


Terms of use for this information are found in Legal Notices