*UPDATE* refer to this post for LiveUpdate, it has been confirmed that there is no update package for Netbackup LiveUpdate at this time.
Netbackup 6.5 is a fairly new major release and 6.5.1 has been out for about a month now. I've been trying to use Netbackup 6.5 Liveupdate from a Windows Master Server with a LAN share (UNC) on the same box to update another Windows client to 6.5.1 that is already running 6.5. You set everything up, you run the liveupdate policy, the job quits with a status 77 and the following message in the activity monitor.
Info nbliveup(pid=somenumber) EXIT STATUS 77
execution of the specified system command returned a nonzero status(77)
According to everything I've read and everything I've tried, this method is broken. Following the install guides and the Symantec class books (Yes, I went to class, and no, it was not worth it) my Netbackup Liveupdate environment is as follows.
Windows 2003 SP1 Netbackup 6.5 Master Server
--------------------------------------------
Master server has a share with the 6.5.1 files unzipped to it. The share is a NULL Share (Windows 2000 term) or a share that allows anonymous access in Windows 2003 world. Reason for this is because of this bug report from Symantec. Now in the bug report it states you need to setup a NULL Share, but if you are running Netbackup 6.5 on Windows 2000, I'd hope you are going to upgrade to 2003. If you are like the rest of the sane system admins, you are running it on Windows 2003. In order for anonymous access to be setup on a Windows 2003 share, you need to do the following:
Go to gpedit.msc > Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options, find the following policy setting:
Network access: Let Everyone permissions apply to anonymous users, set to Enabled.
Network access: Shares that can be accessed anonymously, add your share name.
Network access: Restrict anonymous access to Named Pipes and Shares, set to Disabled.
I enabled the guest account for good measure, and then in my share, I let Everyone have read access in the share permissions and in security, I let Everyone have Read and List access. I also added the ANONYMOUS LOGON id that Symantec wanted you to add in their bug report, might as well open all doors. Keep in mind your machine's share is pretty open if not all open now, not exactly an ideal solution.
Windows 2003 SP1 Client with Netbackup 6.5GA and LiveUpdate Agent
--------------------------------------------
Client has 6.5GA and LiveUpdate Agent set to LAN with the share in the "Location of LiveUpdate Server" field.
After all this, I run the Liveupdate policy again and it still quits with a status 77. After looking at Log.LiveUpdate on the client, (not the server, as the bug report seems to indicate, you are updating the client not the server) you will see HR 0x802A0017 DECODE: E_UNABLE_TO_CONNECT_TO_NETWORK_RESOURCE before you setup the anonymous accessible share on Windows 2003 but should not after the steps above. What I'm seeing in Log.LiveUpdate after the anonymous access is HR 0x802A0033 DECODE: E_CANT_CREATE_FILE. The rest of the logs seems to indicate Netbackup Liveupdate is looking for liveupdate mini-tri files (no idea why not NB 6.5.1), then the full tri file which has the full liveupdate catalog, then fail with a connection failed with a return code of 1814, LiveUpdate could not retrieve the catalog file of available Symantec product and component updates.
There is no flg file, there is no livetri.zip, there is no minitri.flg or any other liveupdate zip file in the 6.5.1 Windows release update package. There are also nothing that says we have to generate those ourselves. So now I'm at a loss, I basically opened up the share so everyone and their mom can access it if it had a connection to the outside world just to let Netbackup LiveUpdate in, and then it can't find what it needs. I'm going to try the http method later on but it is not looking promising. Looking around STN people are either just as confused, or seems to think Netbackup LiveUpdate works the same as the Antivirus version, ie, automatically updates off the web. This is one new feature that I haven't found anyone out there say, yes I have it running and it works well. I'd recommend holding off on this feature, I'm just glad I'm trying to get it to work on a small extranet environment instead of a big intranet environment.
3 comments:
Hi, did you ever get this resolved? I'm looking at the same issue right now. I think it either has to do with upgrading the client from 6.0 or because Endpoint protection client already installed liveupdate and has some type of control over it.
Well they never put out a package to use with Liveupdate for 6.5.1 back then. I'm told there are Liveupdate packages now for 6.5.3 but I haven't tried it since Netbackup is no longer something I handle.
Thanks for the response. I did get this figured out by the way. But i was actually trying to use a web address instead of a UNC share. Still got the same errors you did though...
My master server is running RHEL4 and when i created the live update URL i made it exactly as the documentation suggests. http://servername/LiveUpdate
Well the client actually try's to connect back to /liveupdate (all lowercase). And because the host is a NIX box that URL didnt exist. So i changed the url to all lower case and it worked perfectly :)
I know you said you don't work on it anymore but i hate leaving the googler's hanging.
Post a Comment