Symptoms

Remote storage node is not turning into a ready state for use.From the NetWorker Management Console (NMC)--> Devices--> Devices Tab on the left column --> Right Click the device and click Mount. The Device fails to mount. An error appears, stating "Storage node not ready." Daemon logs on the NetWorker server and remote storage node show: Linux: /nsr/logs/daemon.rawWindows (Default): C:\Program Files\EMC NetWorker\nsr\logs\daemon.raw NetWorker: How to use nsr_render_log to render .raw log files nsrsnmd NSR notice 22 Shutting down snmd Unable to connect to server: Unable to authenticate with server nsrserver: Authentication error; why = Client credential too weak On NetWorker server: Run the following command from an Administrator prompt or root shell: nsradmin -p nsrexec NetWorker administration program. Use the "help" command for help. nsradmin> . type: nsrla Current query set nsradmin> show auth methods nsradmin> print auth methods: "0.0.0.0/0,nsrauth/oldauth"; On the remote storage node: nsradmin -p nsrexec NetWorker administration program. Use the "help" command for help. nsradmin> . type: nsrla Current query set nsradmin> show auth methods nsradmin> print auth methods: "0.0.0.0/0,nsrauth";

Cause

The auth method on the NetWorker server does not match the auth method on the remote storage node. NetWorker Server: auth methods: "0.0.0.0/0,nsrauth/oldauth"; Remote storage node: auth methods: "0.0.0.0/0,nsrauth"; NOTE: The NetWorker Security Administration Guide (Support for NetWorker | Manuals & Documents) states the following: From NetWorker 19.4 and later, oldauth is removed as one of the default authentication methods for all new installations. There is no change when an upgrade is performed. When a NetWorker upgrade is performed, the value oldauth in auth methods continues to exist.For compatibility with earlier NetWorker releases, NetWorker supports oldauth authentication. It is recommended that you use nsrauth authentication and only enable oldauth authentication when two hosts cannot authenticate by using nsrauth. The oldauth authentication method is not secure. All supported NetWorker releases are intended to function using nsrauth only, all versions requiring oldauth are no longer supported. As stated above, oldauth fallback was intended to allow support for older releases; however, this is no longer required. Since oldauth is considered "not secure" it should be removed if found. Clear NetWorker peer certificate information after updating auth methods.

Resolution

Ensure that both the NetWorker server and storage nodes are using nsrauth only. On each host, perform the following from an Administrator prompt or root shell: Use nsradmin to access the client service: nsradmin -p nsrexecdFrom the nsradmin prompt, run: . type: nsrlaEnter: show auth methodsEnter: printIf it shows "0.0.0.0/0,nsrauth/oldauth," enter: update auth methods: "0.0.0.0/0,nsrauth"Confirm the change by entering: yExit nsradmin: quit Example: nsradmin -p nsrexec NetWorker administration program. Use the "help" command for help. nsradmin> . type: nsrla Current query set nsradmin> show auth methods nsradmin> print auth methods: "0.0.0.0/0,nsrauth/oldauth"; nsradmin> update auth methods: "0.0.0.0/0,nsrauth" auth methods: "0.0.0.0/0,nsrauth"; Update? y Restart NetWorker service on each host: Linux: systemctl restart networkerWindows (PowerShell syntax): net stop nsrexecd /y ; net start nsrexecd On Windows NetWorker servers you must also run: net start nsrdIf the Windows NetWorker server is also the NetWorker Management Console (NMC) server, you must also run: net start gstd Clear the peer information about each host: nsradmin -C -y -p nsrexecd "nsr peer information" Review the output from the above command, in case it is unable to clear peer information, you must do so manually. See: NetWorker: Fixing inconsistent NSR peer information Once the above steps have been completed, monitor the storage node's ready state from the NMC.

Support Cases