Description
Use the following steps to change the group and the user account for the web server configured with NetBackup.
Note: This article applies to NetBackup 8.1.1 and earlier
Note: For NetBackup 8.1.2 and higher, wmcUtils script can be used to change the websvc user and group in NetBackup.
https://www.veritas.com/support/en_US/doc/21733320-136194743-0/v127634032-136194743
Note: This group and user must be available on each master server (or each node of a clustered master server). And the user must be member of the group.
- If you use non-clustered environments, the NetBackup web service user can be a local or a domain user.
- If your environment uses Windows domain users, use the DOMAIN\USER format.
- If you use a clustered environment on a Windows platform, the NetBackup web services user account must be a DOMAIN user. (Example: AD user)
- When a local user is used, the corresponding group must be a local group. When a domain user is used, the group must be available in the given domain. Local user and domain group or domain user and local group combination is not supported.
- In clustered environments, the following steps should be run on both the active and the inactive nodes. On inactive node, no services are started but the NBMWC is configured with permissions for a new user. In a Windows environment, the service is configured to run as this new user. Following this procedure allows a failover to happen seamlessly.
- This procedure cannot be used if the user/group name contains a space.
Note: Check PBX mode before changing the NetBackup web service account.
1. Execute the following command in a shell prompt to verify if the PBX is running in secure mode.
<INSTALL_PATH>\VxPBX\bin\pbxcfg.bat -p -m
If Secure Mode: true is displayed, then PBX is running in secure mode. Proceed to Step 2.
If Secure Mode: false is displayed, proceed to change the web service user account.
2. Add the new user in the PBX authorized users’ list.
<INSTALL_PATH>\VxPBX\bin\pbxcfg.bat -a -u <hostname\user name>
If domain users are in use, run:
<INSTALL_PATH>\VxPBX\bin\pbxcfg.bat -a -u <domain_name\user_name>
The new user needs to be added to the PBX authorized users’ list. Otherwise, the web server fails to listen on the PBX port and PBX registration from the web server fails.
3. Restart the PBX service.
net stop "Veritas Private Branch Exchange"
You are asked to stop other dependent service, press Y to continue the process.
net start "Veritas Private Branch Exchange"
4. Verify that the new user was added to the PBX authenticated user list.
<INSTALL_PATH>\VxPBX\bin\pbxcfg.bat -p -u
(Conditional) If the PBX service restart that resulted in NetBackup Services getting stopped, restart all NetBackup services.
<INSTALL_PATH>\NetBackup\bin\bpup.exe -v -f
This step is performed on the active node only if you use a clustered environment.
To change the web service user account
== Non-Cluster Aware ==
1. Stop the nbwmc service.
C:\Windows\System32\sc.exe stop "NetBackup Web Management Console"
2. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.
echo WEBSVC_USER=<NEW_USER_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
echo WEBSVC_GROUP=<NEW_GROUP_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
Please note there is no space in between WEBSVC_user and <user name> or WEBSVC_GROUP and the <group name> and also no double quotes.
If you need to switch from domain user to local user, ensure to clear the WEBSVC_DOMAIN value from registry and change WEBSVC_ACCOUNT_TYPE.
echo WEBSVC_ACCOUNT_TYPE=Local | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
Also, If you need to switch from local user to domain user, change WEBSVC_DOMAIN and WEBSVC_ACCOUNT_TYPE.
echo WEBSVC_ACCOUNT_TYPE=Domain | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
echo WEBSVC_DOMAIN=<DOMAIN_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
3. Run the configureEnv.bat script to configure NetBackup web server environment. The -nbHostName should match the first SERVER and -DNB_HOSTNAME in <INSTALL_PATH>\NetBackup\wmc\bin\nbwmcservice.xml.
<INSTALL_PATH>\NetBackup\wmc\bin\install\configureEnv.bat -platform%PROCESSOR_ARCHITECTURE% -nbInstallDir "<INSTALL_PATH>" -nbHostName <host_name> -isClustered 0/1
4. Configure the nbwmc service.
<INSTALL_PATH>\NetBackup\wmc\bin\install\setupWmc.bat
5. Delete the contents (files and subdirectories) under the directory.
<INSTALL_PATH>\NetBackup\var\global\vxss\nbgateway
6. Open Windows Services and right-click on NetBackup Web Management Console.
7. Click Properties and then click Logon.
8. Enter the new user name and the password for this account and click Apply.
This step grants the logon as service right to this new user.
9. Start the nbwmc service.
C:\Windows\System32\sc.exe start "NetBackup Web Management Console"
10. Ensure that the service functions as expected by running the nbcertcmd command.
<INSTALL_PATH>\NetBackup\bin\nbcertcmd.exe -ping
The output should show:
Fetched data = <some large number>
== Cluster Aware ==
Clustered Master Server: Active Node:
1. Use Failover Cluster Manager to stop the "NetBackup Web Management Console".
2. Open Windows Services and right-click on "NetBackup Web Management Console".
3. Click Properties and then click Logon.
4. Enter the new user name and the password for this account and click Apply.
This step grants the logon as service right to this new user.
5. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.
echo WEBSVC_USER=<NEW_USER_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
echo WEBSVC_GROUP=<NEW_GROUP_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
Note: WEBSVC_DOMAIN does not change, because do not change domain.
Note: If your master is clustered, then you must use a domain account.
6. Edit users and groups in <INSTALL_PATH>\NetBackup\wmc\bin\setenv.bat
SET "WEBSVC_USER=<NEW_USER_NAME>"
SET "WEBSVC_USER_FULL=<DOMAIN\NEW_USER_NAME>"
SET "WEBSVC_GROUP=<NEW_GROUP_NAME>"
SET "WEBSVC_GROUP_FULL=<DOMAIN\NEW_GROUP_NAME>"
Note: WEBSVC_DOMAIN does not change, because do not change domain
7. Grant permissions to the new user group.
icacls <SHARED_INSTALL_PATH>\var\global\vxss\nbgateway /T /grant:r <NEW_GORUP_NAME>:(OI)(CI)(F)
icacls <SHARED_INSTALL_PATH>\var\global\vxss\jwtkeys /T /grant:r <NEW_GORUP_NAME>:(OI)(CI)(F)
icacls <SHARED_INSTALL_PATH>\var\global\telemetry\upload_cache /T /grant:r <NEW_GORUP_NAME>:(OI)(CI)(F)
8. Delete the contents (files and sub directories) under the directory.
<SHARED_INSTALL_PATH>\var\global\vxss\nbgateway
9. Delete the directory.
<SHARED_INSTALL_PATH>\var\global\vxss\nbcertservice
<SHARED_INSTALL_PATH>\var\global\vxss\tomcatcreds
<SHARED_INSTALL_PATH>\var\global\vxss\websvccreds
10. Run the following commands, in order:
set WEBSVC_PASSWORD=<password for new nbwmc user>
<INSTALL_PATH>\NetBackup\bin\admincmd\nbcertconfig -u -i
<INSTALL_PATH>\NetBackup\bin\admincmd\nbcertconfig -m
On 8.0 and 8.1: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t
On 8.1.1: <Install_Path>\NetBackup\bin\admincmd\nbcertconfig -t -f
11. Configure the nbwmc service.
<INSTALL_PATH>\wmc\bin\install\setupWmc.bat
12. Use Failover Cluster Manager to start the NetBackup Web Management Console
13. Remove the <INSTALL_PATH>\NetBackup\var\global\vxss\nbcertservice\install_token file
14. Ensure that the service functions as expected by running the nbcertcmd command.
<INSTALL_PATH>\NetBackup\bin\nbcertcmd.exe -ping
The output should show:
Fetched data = <some large number>
Clustered Master Server: Inactive Node:
1. Open Windows Services and right-click on NetBackup Web Management Console.
2. Click Properties and then click Logon.
3. Enter the new user name and the password for this account and click Apply.
This step grants the logon as service right to this new user.
4. Use the bpsetconfig command to update the WEBSVC_GROUP and WEBSVC_USER properties.
echo WEBSVC_USER=<NEW_USER_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
echo WEBSVC_GROUP=<NEW_GROUP_NAME> | "<INSTALL_PATH>\NetBackup\bin\admincmd\bpsetconfig"
5. Edit users and groups in <INSTALL_PATH>\NetBackup\wmc\bin\setenv.bat
SET "WEBSVC_USER=<NEW_USER_NAME>"
SET "WEBSVC_USER_FULL=<DOMAIN\NEW_USER_NAME>"
SET "WEBSVC_GROUP=<NEW_GROUP_NAME>"
SET "WEBSVC_GROUP_FULL=<DOMAIN\NEW_GROUP_NAME>"
6. Configure the nbwmc service.
<INSTALL_PATH>\wmc\bin\install\setupWmc.bat
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.