NetWorker:AUTHC 连接失败并显示 HTTP 400/403 错误
Summary: 与 NetWorker 身份认证服务 (AUTHC) 的连接失败。报告的错误为 HTTP 400(错误请求)或 HTTP 403(禁止访问)
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
The NetWorker nsrlogin 命令失败并显示 HTTP 400 或 403:
nsrlogin -u administrator
130136:nsrlogin: Please enter password:
117849:nsrlogin: Authentication library error: CONNECT tunnel failed, response 403
Server Message : Make sure that server is running
或者:
nsrlogin -u Administrator
130136:nsrlogin: Please enter password:
117849:nsrlogin: Authentication library error: CONNECT tunnel failed, response 400
Server Message : Make sure that server is running
NetWorker 身份验证和其他连接到身份验证服务的尝试失败,并显示类似的错误。
nsrauthtrust -H NETWORKER_SERVER_NAME -P 9090
125927:nsrauthtrust: Failed to retrieve certificate: CONNECT tunnel failed, response 403
NetWorker Management Console (NMC) 和 NetWorker Web 用户界面 (NWUI) 升级 (Windows) 和升级后脚本 (Linux) 报告 AUTHC 端口上的连接故障。
Cause
此问题发生在 NetWorker 之外。The NetWorker nsrlogin 命令还报告“Connect Tunnel Failed”(连接隧道失败),因为环境中配置了 HTTPS 代理。可以使用 curl 命令执行此操作:
curl https://NETWORKER_SERVER_ADDRESS:9090
curl -v https://NETWORKER_SERVER_ADDRESS:9090 * Rebuilt URL to: https://NETWORKER_SERVER_ADDRESS:9090/ * Uses proxy env variable no_proxy == 'HTTP_PROXY_HOSTNAME' * Uses proxy env variable https_proxy == 'http://HTTP_PROXY_HOSTNAME:8080' * Trying HTTP_PROXY_IP... * TCP_NODELAY set * Connected to HTTP_PROXY_HOSTNAME (HTTP_PROXY_IP) port 8080 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to NETWORKER_SERVER_ADDRESS:9090 > CONNECT NETWORKER_SERVER_ADDRESS:9090 HTTP/1.1 > Host: NETWORKER_SERVER_ADDRESS:9090 > User-Agent: curl/7.61.1 > Proxy-Connection: Keep-Alive < HTTP/1.1 403 Forbidden < Server: squid/3.5.20 < Mime-Version: 1.0 < Date: Thu, 03 Jul 2025 15:36:25 GMT < Content-Type: text/html;charset=utf-8 < Content-Length: 3548 < X-Squid-Error: ERR_ACCESS_DENIED 0 < Vary: Accept-Language < X-Cache: MISS from HTTP_PROXY_HOSTNAME < X-Cache-Lookup: NONE from HTTP_PROXY_HOSTNAME:8080 < Via: 1.1 HTTP_PROXY_HOSTNAME (squid/3.5.20) < Proxy-Connection: Keep-Alive * Received HTTP code 403 from proxy after CONNECT * Closing connection 0 * Curl: (56) Received HTTP code 403 from proxy after CONNECT
或者:
curl -v https://NETWORKER_SERVER_ADDRESS:9090 * Uses proxy env variable https_proxy == 'http://HTTP_PROXY_HOSTNAME:443' * Trying HTTP_PROXY_IP:443... * Connected to HTTP_PROXY_HOSTNAME (HTTP_PROXY_IP) port 443 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to NETWORKER_SERVER_ADDRESS:9090 > CONNECT NETWORKER_SERVER_ADDRESS:9090 HTTP/1.1 > Host: NETWORKER_SERVER_ADDRESS:9090 > User-Agent: curl/7.76.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 400 Bad Request < Server: openresty < Date: Thu, 03 Jul 2025 14:11:12 GMT < Content-Type: text/html < Content-Length: 154 < Connection: close < * Received HTTP code 400 from proxy after CONNECT * CONNECT phase completed! * Closing connection 0
返回的具体错误可能因所使用的特定代理供应商和配置而异。它们的共同点是,您会看到通过 HTTPS 代理主机重定向到 NetWorker 身份认证 (AUTHC) 端口(默认值 9090)的通信。返回的错误是 HTTP 4xx 错误;400(错误请求)或 403(禁止)。
Resolution
专门针对端口 9090 上的身份验证流量使用 HTTPS 代理未明确记录或测试为受支持的配置。NetWorker 组件通常期望服务之间直接通信,尤其是对于身份验证。
删除 NetWorker 服务器上的 HTTP/HTTPS 代理配置。还必须从与 NetWorker 服务器上的端口 9090 通信的任何 NetWorker 主机中删除此项。请参阅:NetWorker 进程和端口
在 NetWorker 服务器上运行:
unset https_proxy unset http_proxy
提醒:将变量名称替换为 NetWorker 服务器上使用的 HTTPS 代理变量。这些变量显示在
curl 连接输出。如果无法确定变量,请咨询系统管理员或代理供应商文档。可能需要进行其他更改才能禁用 HTTPS 代理请求。此配置在 NetWorker 软件或配置外部。
取消设置变量后,尝试 nsrlogin 再。如果成功,请运行 nsrlogout。
[admin@lnx-srvr01 root]$ nsrlogin -u Administrator 130136:nsrlogin: Please enter password: Authentication succeeded [admin@lnx-srvr01 root]$ nsrlogout
这表示与 NetWorker AUTHC 服务的通信正常运行。涉及 NetWorker 身份验证或通过端口 9090 进行通信的其他进程预计会成功。
Additional Information
而 unset 命令仅取消设置当前 shell 会话的变量。如果设置为系统或配置文件变量,它们会在您打开终端、重新启动系统或启动新的 shell 会话时自动加载。必须执行以下作,以防止在下一次会话或重新引导时加载变量。
Windows: 检查 SYSTEM 或 USER 变量,并删除用于定义 HTTP/HTTPS 代理主机的任何变量。
Linux:检查以下文件中是否有任何 HTTP/HTTPS 变量设置并将其删除:
- ~/.bashrc
- ~/.bash_profile
- ~/。轮廓
- /etc/environment
- /etc/profile
- /etc/profile.d/*.sh
Affected Products
NetWorkerProducts
NetWorker FamilyArticle Properties
Article Number: 000340491
Article Type: Solution
Last Modified: 08 Jul 2025
Version: 1
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.