NetWorker: Remote storage node is not turning into a ready state

Remote storage node is not turning into a ready state for use.

From the NetWorker Management Console (NMC)--> Devices--> Devices Tab on the left column --> Right Click the device and click Mount. 

The Device fails to mount. An error appears, stating "Storage node not ready." 

Daemon logs on the NetWorker server and remote storage node show:

• Linux: /nsr/logs/daemon.raw
• Windows (Default): C:\Program Files\EMC NetWorker\nsr\logs\daemon.raw
•  NetWorker: How to use nsr_render_log to render .raw log files

nsrsnmd NSR notice 22 Shutting down snmd
Unable to connect to server: Unable to authenticate with server nsrserver: Authentication error; why = Client credential too weak

On NetWorker server: 
Run the following command from an Administrator prompt or root shell: 

nsradmin -p nsrexec
NetWorker administration program.
Use the "help" command for help.
nsradmin> . type: nsrla
Current query set
nsradmin> show auth methods
nsradmin> print
auth methods: "0.0.0.0/0,nsrauth/oldauth";

On the remote storage node:

nsradmin -p nsrexec
NetWorker administration program.
Use the "help" command for help.
nsradmin> . type: nsrla
Current query set
nsradmin> show auth methods
nsradmin> print
auth methods: "0.0.0.0/0,nsrauth";

The auth method on the NetWorker server does not match the auth method on the remote storage node. 

NetWorker Server:

auth methods: "0.0.0.0/0,nsrauth/oldauth";

Remote storage node: 

auth methods: "0.0.0.0/0,nsrauth";

• From NetWorker 19.4 and later, oldauth is removed as one of the default authentication methods for all new installations. There is no change when an upgrade is performed. When a NetWorker upgrade is performed, the value oldauth in auth methods continues to exist.
• For compatibility with earlier NetWorker releases, NetWorker supports oldauth authentication. It is recommended that you use nsrauth authentication and only enable oldauth authentication when two hosts cannot authenticate by using nsrauth. The oldauth authentication method is not secure. 

All supported NetWorker releases are intended to function using nsrauth only, all versions requiring oldauth are no longer supported. As stated above, oldauth fallback was intended to allow support for older releases; however, this is no longer required. Since oldauth is considered "not secure" it should be removed if found. Clear NetWorker peer certificate information after updating auth methods.

Ensure that both the NetWorker server and storage nodes are using nsrauth only.

On each host, perform the following from an Administrator prompt or root shell:

1. Use nsradmin to access the client service: nsradmin -p nsrexecd
2. From the nsradmin prompt, run: . type: nsrla
3. Enter: show auth methods
4. Enter: print
5. If it shows "0.0.0.0/0,nsrauth/oldauth," enter: update auth methods: "0.0.0.0/0,nsrauth"
6. Confirm the change by entering: y
7. Exit nsradmin: quit

Example:

nsradmin -p nsrexec
NetWorker administration program.
Use the "help" command for help.
nsradmin> . type: nsrla
Current query set
nsradmin> show auth methods
nsradmin> print
auth methods: "0.0.0.0/0,nsrauth/oldauth";
nsradmin> update auth methods: "0.0.0.0/0,nsrauth"
auth methods: "0.0.0.0/0,nsrauth";
Update? y

8. Restart NetWorker service on each host:

• Linux: systemctl restart networker
• Windows (PowerShell syntax): net stop nsrexecd /y ; net start nsrexecd
  • On Windows NetWorker servers you must also run: net start nsrd
  • If the Windows NetWorker server is also the NetWorker Management Console (NMC) server, you must also run: net start gstd

9. Clear the peer information about each host: nsradmin -C -y -p nsrexecd "nsr peer information"

Review the output from the above command, in case it is unable to clear peer information, you must do so manually. See: NetWorker: Fixing inconsistent NSR peer information

10. Once the above steps have been completed, monitor the storage node's ready state from the NMC.

In some scenarios "oldauth," is enabled to bypass nsrauth related authentication failures. This practice involves using less secure communication to bypass issues seen during secure communication. This is not a best practice solution. If nsrauth communication is not functioning correctly, oldauth can be enabled as a workaround; however, the cause of nsrauth communication failures must be investigated and resolved to return secure communication.