NetWorker: Unable to log in to NetWorker Web UI (NWUI)
Сводка: NetWorker Web UI (NWUI) login attempts fail with an SSL handshake error indicating PKIX path building failure, preventing authentication against the NetWorker Authentication Server.
Данная статья применяется к
Данная статья не применяется к
Эта статья не привязана к какому-либо конкретному продукту.
В этой статье указаны не все версии продуктов.
Симптомы
- Users are unable to log in to the NetWorker Web User Interface (NWUI).
- The following error is observed in
nwui.log:- Linux:
/nsr/authc/logs/nwui.log - Windows (Default):
C:\Program Files\EMC NetWorke\nsr\authc-server\tomcat\logs\nwui.log
- Linux:
ERROR c.e.n.c.n.impl.GlobalApi - Failed to authenticate user <username> with the provided password on Authentication Server <NetWorker server>. javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Причина
This issue appears because of missing or incorrect emcauthtomcat certificate/signature in the NetWorker runtime cacerts file. For example, During certificate import, the following command was previously ran successfully:
C:\Program Files\NRE\java\jdk-17.0.18\bin>keytool.exe -import -alias emcauthtomcat -cacerts -storepass changeit -file "C:\Program Files\EMC NetWorke\nsr\authc-server\conf\emcauthcsaml.cer"
In this scenario, the issue occurs because emcauthcsaml.cer was imported into the Java cacerts truststore using the alias emcauthtomcat.
NWUI expects the Tomcat authentication certificate (emcauthctomcat.cer), not the SAML certificate, to be trusted. Importing the wrong certificate results in an SSL trust chain failure, causing the PKIX path building error.
Разрешение
The process outlined ensures that all the certificates required for NWUI are properly set.
NOTE: The process outlined returns the default self-signed certificates deployed by NetWorker, to use CA-signed certificates instead, see:
- Stop the NetWorker and NWUI services:
Windows:
net stop nwui net stop nsrexecd /y
Linux:
systemctl stop nwui nsr_shutdown
- Change directory to your NetWorker runtime bin directory and remove the
emcauthctomcat,emcnwuimonitoring, andemcnwuiservcertificates from the NetWorker runtimecacertskeystore:
Windows:
cd "C:\Program Files\NRE\java\jdk-#.#.#\bin" # You must cd to your NRE java bin folder. The jdk/jre version differs depending on the NRE version installed
.\keytool.exe -delete -alias emcauthtomcat -keystore ..\lib\security\cacerts -storepass changeit
.\keytool.exe -delete -alias emcnwuimonitoring -keystore ..\lib\security\cacerts -storepass changeit
Linux:
cd /opt/nre/java/latest/bin/ ./keytool -delete -alias emcauthtomcat -keystore ../lib/security/cacerts -storepass changeit ./keytool -delete -alias emcnwuimonitoring -keystore ../lib/security/cacerts -storepass changeit ./keytool -delete -alias emcnwuiserv -keystore ../lib/security/cacerts -storepass changeit
NOTE: Networker Runtime Environemtn 17.x will report "
Warning: use -cacerts option to access cacerts keystore". The above commands still work on NRE 17.x; however, the "-keystore ..\lib\security\cacerts" option can be replaced with "-cacerts" instead. On Windows, the Java bin path differs depending on the Java version installed.
- Import the correct certificates into the Java cacerts keystore. When prompted, type `
yes` to trust the certificate.
Windows:
.\keytool.exe -import -alias emcauthtomcat -keystore ..\lib\security\cacerts -storepass changeit -file "C:\Program Files\EMC NetWorke\nsr\authc-server\conf\emcauthctomcat.cer" .\keytool.exe -import -alias emcnwuimonitoring -keystore ..\lib\security\cacerts -storepass changeit -file "C:\Program Files\EMC NetWorker\nwui\monitoring\app\conf\emcnwuimonitoring.cer"
NOTE: The above commands assume that the default NetWorker installation path is used. If NetWorker is installed in another location, adjust the commands for your install path.
Linux:
./keytool -import -alias emcauthtomcat -keystore ../lib/security/cacerts -storepass changeit -file /nsr/authc/conf/emcauthctomcat.cer ./keytool -import -alias emcnwuimonitoring -keystore ../lib/security/cacerts -storepass changeit -file /nsr/nwui/monitoring/app/conf/emcnwuimonitoring.cer ./keytool -import -alias emcnwuiserv -keystore ../lib/security/cacerts -storepass changeit -file /opt/nwui/conf/emcnwuiserv.cer
- Start the NetWorker and NWUI services:
Windows:
net start nsrexecd net start nsrd net start nwuiLinux:
systemctl start networker systemctl start nwui
- After services have started log in through the NWUI interface
Authentication should complete successfully without SSL or PKIX errors.
Свойства статьи
Номер статьи: 000460962
Тип статьи: Solution
Последнее изменение: 30 Jun 2026
Версия: 2
Получите ответы на свои вопросы от других пользователей Dell
Услуги технической поддержки
Проверьте, распространяются ли на ваше устройство услуги технической поддержки.