NW Upgrade to 19.10.0: Failed to Load Server Certificates: Extensions Not Allowed in v2 Certificate
Summary: After the NetWorker Server update from 19.10.x NMC and NetWorker UI failed to be used.
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
- NetWorker server is upgraded 19.10.x from a previous release.
- NetWorker server is installed on a Windows operating system, and the NetWorker environment is configured with NetWorker VMware Protection (NVP) vProxy appliances.
- NetWorker Management Console (NMC) login is successful, but connecting to the NetWorker server from the NMC fails with:
- The NMC server's \Program Files\EMC NetWorker\Management\GST\logs\gstd.raw contains:
0 1712568824 1 5 0 11428 8016 0 [Server].[Domain] gstd NSR notice 7 %s %s%s 3 0 24 04/08/24 11:33:44.642188 0 8 gstd-D0 0 333 ERROR generated: "Unable to set user privileges based on user token for SYSTEM on [Server].[Domain]: Unable to initialize certificates list: FAILED_TO_LOAD_SERVER_CERTIFICATE : Failed to load server certificate(s): Extensions not allowed in v2 certificate" in file "D:/views/nw/19.10/nsrwebui/modules/nsm/gt_server.c" line #170
- NetWorker Web User Interface (NWUI) failed immediately after login
Unable to initialize certificates list: FAILED_TO_LOAD_SERVER_CERTIFICATE : Failed to load server certificate(s): Extensions not allowed in v2 certificate
Cause
This issue was raised to NetWorker engineering.
Code defect, impacting NetWorker 19.10.0.0 -> 19.10.0.2
Code defect, impacting NetWorker 19.10.0.0 -> 19.10.0.2
Resolution
This issue is fixed in NetWorker 19.10.0.3 (NETWORKER-94923)
Upgrade to NetWorker 19.10.0.3 or later for a code fix:
https://www.dell.com/support/home/product-support/product/networker/drivers
NetWorker: How to Upgrade NetWorker and Best Practices Prior to Upgrade
Additional Information
Workaround:
- Open an Administrator PowerShell prompt.
- Stop all NetWorker server and NMC services:
net stop nsrexecd /y
- Move all <hostname>.cacert files from C:\Program Files\EMC NetWorker\nsr\sec\authcerts\ to c:\temp\
NOTE: The path shown is for the default NetWorker install location; if another location was used, adjust the commands and locations accordingly. Files can also be moved using Windows File Explorer instead of PowerShell.
New-Item -Path "C:\temp\authcerts" -Type Directory ; Move-Item -Path "C:\Program Files\EMC NetWorker\nsr\sec\authcerts\*.*" -Destination "C:\temp\authcerts\" -Verbose -Force
Example:
PS C:\Users\Administrator> New-Item -Path "C:\temp\authcerts" -Type Directory ; Move-Item -Path "C:\Program Files\EMC NetWorker\nsr\sec\authcerts\*.*" -Destination "C:\temp\authcerts\" -Verbose
Directory: C:\temp
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 5/15/2024 10:40 AM authcerts
VERBOSE: Performing the operation "Move File" on target "Item: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-nwserver.amer.lan.cacert Destination: C:\temp\authcerts\win-nwserver.amer.lan.cacert".
VERBOSE: Performing the operation "Move File" on target "Item: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-nwserver.amer.lan.cacert.old Destination: C:\temp\authcerts\win-nwserver.amer.lan.cacert.old".
VERBOSE: Performing the operation "Move File" on target "Item: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-nwserver.amer.lan_9090 Destination: C:\temp\authcerts\win-nwserver.amer.lan_9090".
PS C:\Users\Administrator>
- Start NetWorker and NMC services:
net start nsrd
If NMC is installed on the same host:
net start gstd
- Copy the <hostname>.cacert file back to C:\Program Files\EMC NetWorker\nsr\sec\authcerts\
Copy-Item -Path "C:\temp\authcerts\*" -Destination "C:\Program Files\EMC NetWorker\nsr\sec\authcerts\" -Force -Recurse -Verbose
Example:
PS C:\Users\Administrator> Copy-Item -Path "C:\temp\authcerts\*" -Destination "C:\Program Files\EMC NetWorker\nsr\sec\authcerts\" -Recurse -Verbose VERBOSE: Performing the operation "Copy File" on target "Item: C:\temp\authcerts\win-nwserver.cacert Destination: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-nwserver.lan.cacert". VERBOSE: Performing the operation "Copy File" on target "Item: C:\temp\authcerts\win-nwserver.amer.lan.cacert.old Destination: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-win-nwserver.cacert.old". VERBOSE: Performing the operation "Copy File" on target "Item: C:\temp\authcerts\win-nwserver.amer.lan_9090 Destination: C:\Program Files\EMC NetWorker\nsr\sec\authcerts\win-nwserver.amer.lan_9090". PS C:\Users\Administrator>
- Re-establish trust with the authc server:
nsrauthtrust -H NetWorker_Server_HostName -P 9090 nsraddadmin -H NetWorker_Server_HostName -P 9090 nsraddadmin -u SYSTEM@NetWorker_Server_HostName
NMC and NWUI should now function correctly.
NOTE: This issue may reappear after a NetWorker service restart. If the issue reappears, the above workaround must be repeated until a code fix is applied.
Products
NetWorker FamilyArticle Properties
Article Number: 000224032
Article Type: Solution
Last Modified: 26 Jun 2024
Version: 7
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.