I'm having some issues with a new Backup Exec 2010 R2 installation. I configured a NetApp FAS2020 as an NDMP device and want to backup files from the SAN to a tape drive connected to my backup server. I set up ndmpd according to this document (http://www.symantec.com/business/support/index?page=content&id=TECH48957) and created a separate backup user (http://filers.blogspot.com/2006/09/setting-veritas-netbackup-with-non.html).
Backup works perfectly, but restoring any file gives me an authentication failed error. The NDMP device has a "global" ndmp user configured in the device tab (tried this with the newly created ndmpd backup user and the netapp root) and I can also configure separate resource credentials in the BE restore job.
I have tried setting the same accounts for the "global" ndmp device and the restore credentials and have also tried setting different accounts for them.
NDMP debug level is at 5 and this is what shows up in /etc/messages. The session is closed immediately after it has been granted.
16:12:07 PST [Java_Thread:info]: ndmpdserver: ndmpd.access allowed for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000 16:12:07 PST [Java_Thread:info]: Ndmpd51: ndmpd session closed successfully for version = 4, sessionId = 51, from src ip = 192.168.11.17, dst ip = FAS2020-1/192.168.11.75, src port = 50857, dst port = 10000
Running wireshark on the backup server doesn't produce much. It shows a SYN -> SYN/ACK -> NDMP CONNECT_CLOSE Request from the backup server.
The Resource Credentials for the restore job behave very oddly. If I enter NDMP credentials and do "Test All" it fails. If I use my regular domain backup account, it is successful. There are no failed or succeeded logons in the NetApp ndmp log and tracing this check shows that it doesn't even connect to the SAN. This makes me think that this is more likely flaky BE behaviour rather than misconfiguration of the SAN.
Here is the options ndmp output:
FAS2020-1> options ndmp
ndmpd.access all
ndmpd.authtype challenge
ndmpd.connectlog.enabled on
ndmpd.enable on
ndmpd.ignore_ctime.enabled off
ndmpd.offset_map.enable on
ndmpd.password_length 16
ndmpd.preferred_interface disable
ndmpd.tcpnodelay.enable off
THis is a known bug to Symantec, and is supposedly to be fixed with the release of 2010R3 in a couple weeks.