Ensure that the Symantec Product Authorization Service or daemon is running.

Refer to the NetBackup Security and Encryption Guide for more information on authentication and authorization daemons.

Ensure that you are in communication with the correct master server. Within the bp.conf files on the local server, verify that the entry AUTHORIZATION_SERVICES specifies the proper host name (fully qualified) of the authorization service. For example, AUTHORIZATION_SERVICE = machine2.mycompany.com 0 specifies that the server contacts machine2 to perform authorization checks. Also ensure that this entry matches that of the master server.

Ensure that the system has sufficient swap space and the following directories are not full:

Ensure that the server that contacts the master has a valid certificate. The machine certificate can be examined as follows:

For UNIX and Linux:

# bpnbat -WhoAmI -cf 
/usr/openv/var/vxss/credentials/machine3.mycompany.com

For Windows:

Bpnbat WhoAmI -cf  "c:\Program 
Files\VERITAS\NetBackup\var\vxss\credentials\machine3.my
company.com"

Both of which would return:

Name: machine3.mycompany.com
Domain: NBU_Machines@machine2.mycompany.com
Issued by: /CN=broker/OU=root@machine2.mycompany.com/O=vx
Expiry Date: Sep  2 19:25:29 2004 GMT
Authentication method: Symantec Private Security
Operation completed successfully.

If the expiry date was exceeded, use bpnbat -LoginMachine to obtain a new credential for the machine.

See the Netbackup Commands manual for more information on bpnbat.

The server that attempts the check is not authorized to examine the authorization database. Ensure that bpnbaz -ShowAuthorizers re-tuned the machines identity. Ensure that the machine has a machine credential under the directory as follows:

Program Files\VERITAS\var\vxss\credentials (Windows) /usr/openv/var/vxss/credentials (UNIX and Linux)

This credential should have the full name of the machine as in the following example: machine1.company.com.

Check that the maximum number of open sockets to the authorization database was not exhausted. Use netstat to determine the number of sockets that are opened to port 4032 on the authorization server and that refer to the following configurations:

Windows: HKLM\SOFTWARE\VERITAS\Security\Authorization\Communication\ClientMaxConnections

UNIX and Linux: /etc/vx/vss/VRTSaz.conf entry "ClientMaxConnections"

If the maximum number of open connections was reached, you may need to increase the number of maximum open connections. An increase in the number of open connections increases the memory footprint of the authorization service or daemon. Note that extreme increases in the maximum number of connections can cause performance degradation.