- Notes, cautions, and warnings
- Preface
- Overview
- Getting Started
- NetWorker Management Console interface
- Connecting to the Administration window
- Getting started with a new installation
- Enabling and Disabling NetWorker services
- Backup Target
- Label templates
- Media pools
- Storage nodes
- Requirements
- Licensing
- Storage node configuration
- Storage Node Options
- Configuring a dedicated storage node
- Troubleshooting storage nodes
- Disk storage devices
- Example environment
- Considerations for Client Direct clients
- Differences between FTDs, AFTDs, and DD Boost devices
- Device target and max sessions default values and ranges
- Advanced file type devices
- Memory requirements for AFTD backups
- Required AFTD DFA device settings for Hyper-V environments
- Create and configure an AFTD
- Labeling and mounting an AFTD
- Insufficient AFTD disk space
- AFTD operation verification
- Deactivate and erase an AFTD
- Concurrent AFTD recovery operation limitations
- Changing the AFTD block size
- DD Boost and Cloud Tier devices
- Libraries and silos
- Overview of tape device storage
- Support for LTO-4 hardware-based encryption
- Linux device considerations
- Solaris device considerations
- HP-UX device considerations
- AIX device considerations
- SCSI and VTL libraries
- Selecting a volume for the NetWorker server
- Virtual tape library (VTL) configuration
- Pools with libraries
- Persistent binding and naming
- Whether to add or recycle volumes
- Configure libraries
- Managing the library configuration
- Adding and removing media by using the library front panel
- Volume mounting and unmounting
- Mounting or unmounting a volume in a library
- Unmounting volumes automatically (idle device timeout)
- Mounting or unmounting a volume in a stand-alone tape drive
- Labeling and mounting a volume in one operation (stand-alone tape drive)
- Labeling volumes without mounting
- Mounting uninventoried volumes
- Libraries with volume import and export capability
- Inventorying library volumes
- Library maintenance
- Troubleshooting libraries and devices
- Troubleshooting autoconfiguration failure
- Library configuration using the jbedit command
- Device ordering
- SCSI data block size issues between UNIX and Windows
- Device parameter settings
- Media handling errors
- Silo libraries
- NDMP libraries
- NetWorker hosts with shared libraries
- Dynamic drive sharing
- File type devices
- Stand-alone devices
- Autodetecting and configuring a stand-alone tape drive
- Adding a stand-alone device manually
- Auto Media Management for stand-alone devices
- Mounting or unmounting a volume in a stand-alone tape drive
- Labeling and mounting a volume in one operation (stand-alone tape drive)
- Labeling volumes without mounting
- Mounting uninventoried volumes
- Labeling volumes
- Troubleshooting devices and autochangers
- Additional attributes in the Autochanger resource
- Maintenance commands
- Autodetected SCSI jukebox option causes server to stop responding
- Autochanger inventory problems
- Destination component full messages
- Tapes do not fill to capacity
- Tapes get stuck in drive when labeling tapes on Linux Red Hat platform
- Increasing the value of Save Mount Time-out for label operations
- Server cannot access autochanger control port
- Changing the sleep times required for TZ89 drive types
- Message displayed when CDI enabled on NDMP or file type device
- Verify firmware for switches and routers
- Commands issued with nsrjb on a multi-NIC host fail
- SCSI reserve/release with dynamic drive sharing
- Recovering save sets from a VTL on a different NetWorker server
- Data Protection Policies
- Designing data protection policies
- Default data protection policies in NMC's NetWorker Administration window
- Overview of configuring a new data protection policy
- NetWorker resource considerations
- Strategies for traditional backups
- Strategies for server backup and maintenance
- Protection groups for NetWorker and NMC server backup and maintenance
- Server Protection policy and workflows
- Supported actions in a server backup workflow
- Actions supported in an NMC server backup workflow
- Actions in the server database backup and NMC server backup workflows
- Visual representation of workflows
- Strategies for cloning
- Policy Notifications
- Monitoring policy activity
- Policy log files
- Starting, stopping, and restarting policies
- Starting actions in a workflow for an individual client
- Modifying data protection Policy resources
- Configuring NSR Protection Policies from nsradmin
- Commands
- Managing NSR Data Protection Policy
- Managing Workflows
- Managing Actions
- Configuring Filters for Clone and Index Actions
- Deleting multiple actions from multiple workflows and policies
- Querying NSR protection policy workflow and NSR protection policy action resources without specifying RAP resource types
- Managing policies from the command prompt
- Identifying clients that missed the workflow schedule
- Troubleshooting policies
- Designing data protection policies
- Backup Options
- Overview of resources that support backups
- Save sets
- Backup levels
- Comparing backup levels
- Backup levels and data recovery requirements
- Backup levels for the online indexes
- Synthetic full backups
- How a synthetic full backup is created
- When to use synthetic full backups
- Requirements for synthetic full backups
- Save set requirements for synthetic full backups
- Client resource configuration requirements for synthetic full backups
- Backup storage for synthetic full backups
- Scheduling considerations for synthetic full backups
- Support for directives with synthetic full backups
- Recovery storage node selection for synthetic full backups
- Performing synthetic full backups
- Validating synthetic full backups
- Virtual synthetic full backups
- Backup scheduling
- Backup Browse and Retention
- Improved resilience of long running write operations
- NetWorker Year 2038 Readiness
- General backup considerations
- Directives
- CFI backup scheduled to start immediately after a traditional backup
- Backing Up Data
- Configuring a Client resource for backups on Windows hosts
- Windows backup considerations
- Configuring how NetWorker determines when to back up a file
- Backup Operators group
- Windows backup considerations
- Windows file system backups
- Windows Bare Metal Recovery
- Terminology
- Overview of Windows Bare Metal Recovery (BMR)
- Windows BMR Planning
- Requirements for Windows BMR backup and restore
- Save set configuration by host type
- Best Practices for Windows BMR
- Windows BMR limitations and considerations
- Disk configuration limitations
- HP ProLiant system considerations
- Optimized deduplication backup considerations
- Save set considerations
- Cloning considerations
- Security considerations
- Server role considerations
- Microsoft server application considerations
- Online recovery of Windows services considerations
- Windows Storage Pools considerations
- WinPE considerations for SAN boot devices
- VMware network interface card driver limitations
- BCD partition limitations
- Creating a Client resource with the Client Backup Configuration wizard
- Mapped drives
- Windows backup considerations
- Configuring a Client resource for backups on UNIX hosts
- Configuring a Client resource for backups on Mac OS X hosts
- Sending client data to AFTD or Data Domain devices only
- Non-ASCII files and directories
- Configuring checkpoint restart backups
- Probe-based backups
- Encryption
- Compression
- Backing up distributed file systems
- Configuring Client Direct backups
- Backup Twinning
- Backup command customization
- Client resources
- Manual backups
- Verifying backup data
- NetWorker Client FQDN compliant with RFC 1123
- Configuring a Client resource for backups on Windows hosts
- Cloning, Staging, and Archiving
- Cloning, staging, and archiving
- Benefits of cloning and staging
- Cloning save sets and volumes
- Deciding when to clone
- Clone Browse and Retention
- Cloning requirements and considerations
- Cloning example
- Cloning with tape devices
- Cloning with file type and AFTD devices
- Cloning with Avamar
- Cloning with Data Domain (DD Boost)
- Controlling storage node selection for cloning
- Recover Pipe to Save
- Cloning save sets from the command prompt
- Clone savesets in chronological order using clone action
- Updates to group, policy, workflow, and action fields in mediadb for a cloned save set
- Staging save sets
- Archiving data
- Troubleshooting NetWorker cloning, archiving, and retrieval
- Remote archive request from server fails
- Multiple save sets appear as a single archive save set
- Wrong archive pool is selected
- Second archive request does not execute
- The nsrarchive program does not start immediately
- Archive request succeeds but generates error when nsrexecd is not running
- Clone fails for few save sets
- NetWorker Orchestrated Replication
- Introduction
- Use Cases
- Setting up Data Domain mtree replication on Data Domain
- Creating NSR DD Device Replication Resource
- Configuring NetWorker dd-replication action
- NetWorker orchestrated replication export
- NetWorker orchestrated replication import
- Running utilities on NetWorker orchestrated replication imported volume and save sets
- GUI Limitations
- Backup Data Management
- Recovery
- Recovering data
- Recovery roadmap
- Planning and preparing to recovering data
- NetWorker recovery overview
- Recovery types
- Recover programs
- Recovering the data
- Determining the volume for recovering cloned data
- Recovering access control list files
- Browsable recovery
- Save set recovery
- Using the scanner program to recover data
- VSS File Level Recovery
- Recovering deduplication data
- Improving restore performance with multiple threads
- vProxy recovery in NMC
- vProxy Log Bundle collection using NMC
- Recovering file system data on Windows
- Recovering data on OS-X clients
- Recovering client files on a different NetWorker server
- Recovering as NMC User with Non-Admin Privileges
- Preparing the NMC Sever for Recovery
- Recover the NMC Server database
- Special recoveries on Windows hosts
- Special windows recoveries Restoring a Windows Domain Controller host
- Performing a Windows BMR to physical or virtual computers
- Prerequisites to performing a Windows BMR
- Gathering configuration information required by a Windows BMR
- Obtaining the Windows BMR image
- Creating a Windows BMR bootable image
- Perform the BMR
- Performing a Windows BMR to a physical computer
- Post-recovery tasks
- Using NMM for post-recovery tasks
- Using an application backup tool other than NMM
- Recovering file system data
- Performing post-recovery tasks for Active Directory services
- Performing post-recovery tasks for hosts with Windows server roles that use SQL Server
- Performing post-recovery tasks for a Microsoft Hyper-V virtual machine
- Post-recovery tasks
- Performing a BMR from a Physical Computer to a Virtual Machine (P2V)
- Performing a Windows BMR to a physical computer
- Troubleshooting Windows BMR
- NIC configuration lost post BMR restart
- Performing a manual uninstall and reconfigure of a NIC on Windows Server 2012 or Windows Server 2012 R2
- Recovering and viewing Windows BMR log files
- BMR backup fails when System Reserved Partition is offline
- Wizard cannot locate the NetWorker server or DNS server
- Multiple NICs cause errors in locating the NetWorker server
- Network configuration values might not be retained after reboot
- VSS backups fail because a critical disk is offline
- Jobquery fails to establish a connection with large scale jobs
- 8dot3name support disabled after recovery
- Additional recovery options
- Restart required after recovery operation
- Online recovery of Active Directory, DFSR, or Cluster services
- Reporting NetWorker Datazone Activities
- Enterprise data reporting
- Enabling or disabling the gathering of report data
- Data retention and expiration policies
- Restricted report views
- Report categories
- Legacy report categories
- Report modes and types
- Preconfigured reports
- Customizing and displaying report output
- Customizing and saving reports
- Sharing a report
- Command line reporting
- Save set History Database
- Reporting policy status and backup job status
- Reporting recover job status
- Checkpoint-enabled backup reporting
- SNMP traps
- Receive SNMP v2c traps on Linux
- Receive SNMP v2c traps on Windows
- Receive SNMP v3 traps on Linux
- Receive SNMP v3 traps on Windows
- Disable SNMP traps on Linux and Windows
- Configuring NetWorker SNMP notifications
- Configuring SNMP notifications in NetWorker
- Configuring SNMP notifications at the policy level
- Configuring SNMP notifications at the action level
- SNMP v2c traps for restore
- SNMP v3 traps for restore
- View SNMP traps on Linux Trap Receiver
- View SNMP v2c traps on Windows Trap Receiver
- View SNMP v3 traps on Windows Trap Receiver
- Configuring SNMP management software
- SNMP v2c trap support for NetWorker Modules
- NetWorker Notifications
- Front-end Capacity Estimation
- Enterprise data reporting
- NetWorker Server Monitoring
- Enterprise events monitoring
- Monitoring NetWorker Server activities in the Administration window
- Monitoring changes to the NetWorker and NMC Server resources
- Monitoring user access to the NMC server
- Monitoring NetWorker server activities in the log files
- NMC Server Management
- Enterprise
- Customizing the Console window and views
- Using the NMC filters
- Connecting to the NMC GUI using an ssh connection
- Backing up the NetWorker environment
- Using the NMC Configuration Wizard
- NMC server authentication
- Adding the NMC service account to the Users user group
- Moving the NMC Server
- Migrating NMC users to the authentication service database
- Changing the password for a local user
- Resetting the forgotten administrator password
- Changing the service port used by the NMC database
- Changing database connection credentials
- Updating the NMC server IP address/hostname
- Setting system options to improve NMC server performance
- Displaying international fonts in non-US locale environments
- NetWorker License Manager
- NMC error messages and corrective actions
- Console troubleshooting notes and tips
- Troubleshooting an NMC server that is not responding
- Unable to connect to host: Please check Security setting and daemon logs on the NetWorker client and Console server for more information
- Username/password validation fails when you use the NMC New Device wizard to configure an AFTD if storage node is UNIX
- Querying large numbers of save sets in the NetWorker user interface may cause a Java heap space error
- NMC user interface exits unexpectedly
- Label and Mount devices page is not displayed in NMC device configuration wizard
- Error: Unable to connect to server is displayed while browsing the savesets in the client properties using NMC GUI
- NetWorker Server Management
- Setting up the server
- Viewing the migration log file
- Hostname changes
- Managing the NSR task resource for nsrclientfix
- Parallelism and multiplexing
- Managing server access
- Resource databases
- Indexes
- Characteristics of the online indexes
- Automated index activities
- Checking online indexes
- Viewing information about the indexes
- Index save sets
- Querying the media database
- Cross-checking client file indexes
- Refreshing index information
- Client file index locations
- Managing the size of the online indexes
- Internationalization
- Creating a Server Backup action
- Creating an expire action
- NetWorker Server State
- Migrating and importing the server
- NetWorker Host Management
- Restricted Datazones
- Block Based Backup and Recovery
- Overview
- Block based backups
- Block based recoveries
- Troubleshooting block based backup and recovery issues
- Networking and Connectivity
- Name resolution and connectivity
- IPv6 support in NetWorker 19.3 and later
- Network Protocol support for Networker 19.3 and later
- Limitations of IPv6 protocol with NetWorker 19.3 and later
- Troubleshooting name resolution and connectivity errors
- Using multihomed systems
- NIC Teaming
- Using DHCP clients
- NetWorker TCP/IP keep-alive parameters
- Multi-subnet cluster configuration support for SQL AAG
- Cloud Supportability
- Troubleshooting
- Before you contact technical support
- NetWorker log files
- NetWorker Server log files
- NMC server log files
- NetWorker Client log files
- View log files
- Raw log file management
- Configuring logging levels
- Setting the troubleshoot level for NetWorker daemons
- Running individual clients in a group in troubleshoot mode
- Running client-initiated backups in troubleshoot mode from the command line
- Running Recoveries in troubleshoot mode
- NetWorker Authentication Service logs
- NetWorker functionality issues
- Backup and recovery
- Shut down NetWorker services prior to any significant changes to system date
- Clone ID timestamp does not reflect the time the clone was created
- Memory usage when browsing large save sets
- Memory usage and nsrjobd
- Media position errors encountered when auto media verify is enabled
- The scanner program marks a volume read-only
- The scanner program requests an entry for record size
- Limitations for groups containing a bootstrap
- Index recovery to a different location fails
- Illegal characters in configurations
- Inaccessible object exception error when launching NMC with Java 9
- Error backing up large number of clients
- Hostname aliases for IP only clients
- Directory pathname restrictions
- Backup of a new client defaults to level full
- Non-full backup of Solaris files with modified extended attributes
- Client file index errors
- Aborting a recovery
- xdr of win32 attributes failed for directory
- Cannot create directory directory
- The All save set and duplicate drive serial numbers
- No disk label errors
- Resolving copy violation errors
- Converting sparse files to fully allocated files
- Backing up large sparse files
- Queries using the mminfo -N command are case-sensitive
- Usage of multiple pool names in the mminfo command
- Renamed directories and incremental backups
- Resolving names for multiple network interface cards
- Libraries entering ready state
- Successful save sets listed as failed in the Group Backup Details window
- The NetWorker Server window does not appear on HP-UX
- Backup fails with Win32 error 0x2
- Error displaying workflow details
- Back up of All Save Sets takes a long time to complete
- GSS-API authentication error
- NetWorker locale and code set support
- Enabling service mode for NetWorker
- Resetting the NMC password for NetWorker 19.1 and later
- No privileges to view NetWorker server from NMC
- Network and server communication errors
- Unapproved server error
- Unapproved server error during client setup
- Server copy violation
- Remote recover access rights
- NetWorker server takes a long time to restart
- Changing the NetWorker server address
- Binding to server errors
- Identifying connection lost to device
- Device Connectivity Check Configurations
- New.Net and NetWorker software are incompatible
- NWUI HTML5 UI is not receiving monitoring data
Dell NetWorker 19.9 Administration Guide
Using nsrlogin for authentication and authorization
When you configure the NetWorker Authentication Service to use LDAP/AD authentication, you modify the External Roles attribute in the User Group resource to assign privileges to LDAP and AD users. As a result, NetWorker command line operations and NetWorker module operations might fail due to insufficient privileges. To resolve this issue, use the nsrlogin command to contact the NetWorker Authentication Service and authenticate a user. When user authentication succeeds, the NetWorker Authentication Service issues a token to the NetWorker host for the user, which provides CLI operations with token-based authentication until the token expires.
Ensure that the user that the NetWorker Authentication Service validates has the appropriate User Group privileges to run the CLI commands.
Perform the following steps on a
NetWorker Client on which you initiate the CLI commands, or the requesting host.
-
To validate a user and generate a token for the user, use the
nsrlogin command:
nsrlogin [-s NetWorker_server] [-H authentication_host] [-P port] [-t tenant] [-d domain]
[-p password] [-f] [-u user]where:
- -s NetWorker_server—Specifies the name of the NetWorker Server. Use this option when you use the nsrlogin command on a NetWorker host that is not the NetWorker Server.
- -H authentication_host—Specifies the name of the NetWorker Authentication Service host. Use this option when you use the nsrlogin command on a NetWorker host that is not the NetWorker Server. This option is only required when you do not use the -s option.
- -P port—Specifies the NetWorker Authentication Service port number. Use this option when you do not use the -s option and when the NetWorker Authentication Service does not use the default port number 9090 for communications.
- -t tenant— Specifies the tenant name that the NetWorker Authentication Service should use to verify the username and password. When you omit this option, NetWorker Authentication Service uses the Default tenant to verify the user credentials.
- -d logindomain—Specifies the domain name that the NetWorker Authentication Service should use to verify the username and password with an external authentication authority. When you omit this option, the NetWorker Authentication Service uses the local user database to verify the user credentials.
- -f— Allows nsrlogin to be run as a root user.
- -u
username—Specifies the username that the
NetWorker Authentication Service should validate to generate a token. The user string might be a username, email address, or another string, depending on configuration of the identity provider. After successful authentication, the banner is displayed on the screen with a prompt to accept or reject the banner. If the user enters yes, the user can proceed. Otherwise, the user is logged out.
NOTE: The banner content is empty by default. If banner content is empty, the confirmation prompt does not appear.
- -p "password"—Specifies the password to send to the identity provider to verify the user. If this argument is not provided, nsrlogin prompts the user to specify the password. If the password contains special characters, the password must be enclosed in double quote marks (""). After successful authentication, the banner is displayed on the screen.
For example, to generate a token for user Konstantin in the idddomain domain and the idd tenant, type the following command:
If the /nsr/authc-server/conf/banner.txt file is empty, no banner content is displayed.nsrlogin -s bu-idd-nwserver2 -d idddomain -u Konstantin -p "1.Password" Authentication succeeded
If the /nsr/authc-server/conf/banner.txt is updated with content, the banner content is displayed on successful authentication.nsrlogin -s bu-idd-nwserver2 -d idddomain -u Konstantin -p "1.Password" Authentication succeeded <Banner Content>
Log in to the NetWorker server with username Konstantin, which is defined in the local user directory with the password 1.Password. When you enter Yes at the prompt, the banner content is accepted and you can proceed. When you enter No at the prompt, the banner content is rejected and user is logged out.nsrlogin -u Konstantin Enter the password: <password> Authentication succeeded <Banner Content> Do you wish to accept and continue (Yes/No)? Yes
When the NetWorker Authentication Service successfully validates the user, the service issues an authentication token to the requesting host. -
At the command prompt, type the NetWorker command.
If the validated user does not have the appropriate privileges to run the command, an error message appears or the command does not return the expected result. For example, when you try to perform an operation with a user account that does not have the required privilege, a message similar to the following appears:
Permission denied, user must have the 'Operate NetWorker' privilege'.
The CLI command uses the authenticated token, until the token expires. By default the token expiration period is 480 minutes or 8 hours. When the token expires and the user tries to run a CLI command, the command fails with a permissions error and a message similar to the following appears to indicate that the token has expired:
Security token has expired
To resolve this issue, run the nsrlogin command again to generate a new authenticated token.
NOTE:To revoke the user token and enable the CLI commands to use the
Users attribute in the Usergroups resources to authenticate users, use the
nsrlogout command. The
nsrlogout
UNIX man page and the
NetWorker Command Reference Guide provides detailed information about the
nsrlogout command.
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\