NetWorker: Error "nsrexecd NSR critical Unable to authenticate user <remoteUsername>"

Summary: Networker server has hundreds of daemon.raw entries:  nsrexecd NSR critical Unable to authenticate user /@DOMAIN: Unable to read request from 'RemoteHostName' for a GSS authentication status update: An existing connection was forcibly closed by the remote host. . Consult 's daemon log for additional information ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

NetWorker server has hundreds of daemon.raw entries:  
nsrexecd  Unable to authenticate User/remotehost Unable to read request from remotehost
 
Example:
 
MM/DD/YYYY HH:mm:ss PM  <NetworkerServerName> nsrexecd NSR critical Unable to authenticate user <remoteUsername>/<RemoteHostName>@DOMAIN: 
Unable to read request from 'RemoteHostName' for a GSS authentication status update: An existing connection was forcibly closed by the remote host. 
 Consult <RemoteHostNames>'s daemon log for additional information
.

Cause

There are several possible causes for this error, including the following.
  • Windows Firewall service disabled - Disabling Windows Firewall service can cause many other issues and Microsoft does not support disabling Windows firewall.  
  • NSR Auditlog -- this is cached from server to each client. If this is out of sync then it is usually caused by a missing Networker permission issue or even a Windows Firewall issue (such as disabling the firewall service.) 
  • DNS lookup failures or incorrect Hosts file entries.
  • Peer information mismatches - note that this can be caused by DNS/Hosts file issues
  • Incorrect Remote User or Password fields in resources such as Client, Devices. 
  • Client ID issues.

About NSR Audtlog.

The nsrlogd daemon records messages describing security related events to the Security
Audit Log file. The service records configuration changes of sensitive fields in
both the NetWorker client and server, including user passwords and privileges,
modification of remote binary executables, changes to authorization methods, as well
as log in attempts and failures.

The logging service is configured by the NSR auditlog RAP resource. The NSR auditlog
resource is created by default and cannot be deleted. Only users with the Security
Administrator role can change the resource on the server. The client maintains a
read-only copy of the resource.

The resource can be used to define which client acts as the host for the nsrlogd daemon,
the level of detail that the log records at, the size of the log, and how the logs are
rendered.

Resolution

To resolve thee issues, review all of the following:
  • Windows Firewall service disabled - Disabling Windows Firewall service can cause many other issues and Microsoft does not support disabling Windows firewall.  
  • NSR Auditlog -- this is cached from server to each client. If this is out of sync then it is usually caused by a missing Networker permission issue or even a Windows Firewall issue (such as disabling the firewall service.) 
  • Correct DNS lookup failures or missing/improper Hosts file entries
  • Correct peer information mismatches.
  • Correct Remote User or Password fields in resources such as Client, Devices. 
  • Correct Client ID issues for one or more client. 
Article Properties
Article Number: 000035336
Article Type: Solution
Last Modified: 27 May 2024
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.