Is that MSSQL dump you backup also compressed folder? You should really use online backup module. As for tapes encrypted, you should get tape encyption HW module for that - what you do is enrypting stream from client which is not what security guy has asked.
No, the SQL dump is not a compressed folder and it was working just fine before the upgrade to 8. We've looked into the online backup module, but it is not cost effective for us. We have a Quantum Scalar i500 tape library, so we would need that Quantum Security Key management device?
So you are saying that the AES encryption in networker is only encrypting the stream from client to server, but once there it is not encrypted?
No, data on tape is encrypted, but if security offices wants this as I assume he wants to make sure no one gets tape in a way that it can read data from them, they you should get dedicated hardware for that. And budget should come from whoever approved that measure
Is dump compressed (as SQL compressed)? If yes, can you make test with uncompressed dump and see if encryption would work then?
Sorry, it has been a while since I updated this. It isn't just the SQL backup locations that are having the issue. It is regular files too. One system that was running fine for weeks, suddenly wasn't able to encrypt the data the other night. I've had to turn off the encryption in most of the directives because of this. It only affects 8.0 clients, anything not on 8 is ok. But even then it isn't even all the folders that have the problem on the 8 clients, some of them work.
Have everything from Windows 2000 to 2008 R2. But since 8 doesn't work on 2000 this is only affecting the 2003 and 2008 servers that have 8.0.1.1 Build 132. This last server is a 2003 R2 domain controller.
When I said server, I was referring to backup server. So, 8.0.1.1 has this issues - what about 8.0.1.2 or earlier 8.0.0.x versions? How does your directive look like and is it client side or server side directive?
Sorry, yes the server and storage nodes are 8.0.1.1 also. I have not tried the 8.0.1.2 yet since it doesn't mention that as a fix in the readme. Does the server have to go up to 8.0.1.2 first? I will grab the 8.0 client and see if it happens with it also.
Old one now, but I've just had a few servers reporting this and didn't find a solution online fast. Rendered the client's daemon.raw and found the following:
nsrexecd GSS critical An authentication request from was denied. The 'NSR peer information' provided did not match the one stored by . To accept this request, delete the 'NSR peer information' resource with the following attributes from 's NSRLA database: name: ; NW instance ID: 751507ed-00000004-8866ab53-5710b255-000136a0-d8541e9f; peer hostname:
Looks like the original error results from dodgy "nsr peer information" on clients with the "Encryption directive" set.
ble1
4 Operator
•
14.4K Posts
0
February 27th, 2013 11:00
Is that MSSQL dump you backup also compressed folder? You should really use online backup module. As for tapes encrypted, you should get tape encyption HW module for that - what you do is enrypting stream from client which is not what security guy has asked.
LFloden
8 Posts
0
February 28th, 2013 06:00
No, the SQL dump is not a compressed folder and it was working just fine before the upgrade to 8. We've looked into the online backup module, but it is not cost effective for us. We have a Quantum Scalar i500 tape library, so we would need that Quantum Security Key management device?
So you are saying that the AES encryption in networker is only encrypting the stream from client to server, but once there it is not encrypted?
ble1
4 Operator
•
14.4K Posts
0
February 28th, 2013 13:00
No, data on tape is encrypted, but if security offices wants this as I assume he wants to make sure no one gets tape in a way that it can read data from them, they you should get dedicated hardware for that. And budget should come from whoever approved that measure
Is dump compressed (as SQL compressed)? If yes, can you make test with uncompressed dump and see if encryption would work then?
ble1
4 Operator
•
14.4K Posts
0
March 28th, 2013 07:00
What is the server version you use? And which client versions of 8 tree did you try?
LFloden
8 Posts
0
March 28th, 2013 07:00
Sorry, it has been a while since I updated this. It isn't just the SQL backup locations that are having the issue. It is regular files too. One system that was running fine for weeks, suddenly wasn't able to encrypt the data the other night. I've had to turn off the encryption in most of the directives because of this. It only affects 8.0 clients, anything not on 8 is ok. But even then it isn't even all the folders that have the problem on the 8 clients, some of them work.
LFloden
8 Posts
0
March 28th, 2013 07:00
Have everything from Windows 2000 to 2008 R2. But since 8 doesn't work on 2000 this is only affecting the 2003 and 2008 servers that have 8.0.1.1 Build 132. This last server is a 2003 R2 domain controller.
ble1
4 Operator
•
14.4K Posts
0
March 28th, 2013 09:00
When I said server, I was referring to backup server. So, 8.0.1.1 has this issues - what about 8.0.1.2 or earlier 8.0.0.x versions? How does your directive look like and is it client side or server side directive?
LFloden
8 Posts
0
March 28th, 2013 13:00
Sorry, yes the server and storage nodes are 8.0.1.1 also. I have not tried the 8.0.1.2 yet since it doesn't mention that as a fix in the readme. Does the server have to go up to 8.0.1.2 first? I will grab the 8.0 client and see if it happens with it also.
ble1
4 Operator
•
14.4K Posts
0
April 3rd, 2013 01:00
Meanwhile, it is 8.0.1.3. Did you try to run this in debug mode to get more details why it fails?
StuartWhitby
45 Posts
0
April 20th, 2016 02:00
Old one now, but I've just had a few servers reporting this and didn't find a solution online fast. Rendered the client's daemon.raw and found the following:
nsrexecd GSS critical An authentication request from was denied. The 'NSR peer information' provided did not match the one stored by . To accept this request, delete the 'NSR peer information' resource with the following attributes from 's NSRLA database: name: ; NW instance ID: 751507ed-00000004-8866ab53-5710b255-000136a0-d8541e9f; peer hostname:
Looks like the original error results from dodgy "nsr peer information" on clients with the "Encryption directive" set.