Backup / Restore a Juniper NSM

This article will show you how to backup and restore your Juniper NSM. This article was written using NSM version 2008.2r1.
Within NSM the HighAvailSvr contains processes that run in both HA and non-HA mode and handles database backups and a watchdog daemon to restart NSM processes in case of failure.


Even though you will have your NSM configured to run automated backups. You may need to run a manual backup before making any major changes (such as upgrades etc).

To create a manual backup run the following,

[root@localhost /]# sudo -u nsm /usr/netscreen/HaSvr/utils/replicateDb backup

This should run through and create a manual backup. If not you may get the following error,

[root@localhost utils]# sudo -u nsm /usr/netscreen/HaSvr/utils/replicateDb backup
 Got arguments: backup.  This might take a while to process …
Ha/Backup: FAIL

This will most likey be down to permission issues. The following should help you resolve the issue,

  • Error Log – /usr/netscreen/HaSvr/bin/.backupDoLocal.result
  • Locate the problem files – find /usr/netscreen /var/netscreen ! -group nsm ! -user nsm
  • Run the setperm/rync scripts. Steps can be found in the Juniper Knowledge base KB12188

Its worth noting that you may find no files using the find command which are not owned by nsm and also you may receive little or no errors in the logs to help you troubleshoot the issue.

In this instance you will need to stop all servers and run the set permissions scripts, this will require you running the following commands,

[root@localhost ~]# cd /usr/netscreen/HaSvr/utils
[root@localhost ~]# ./ /var/netscreen/dbbackup/[backup]

Useful Files

/usr/netscreen/HaSvr/bin/.haDoLocal.result Logfile – Contains the syntax used to perform the local daily backup.
/usr/netscreen/HaSvr/bin/.backupDoLocal.resultLogfile – Contains Rsync errors. 
/usr/netscreen/HaSvr/var/errorLog/backup.logLogfile – Contains the replicateDb script log.  
/usr/netscreen/HaSvr/utils/setRsyncUserScript – Set rsync user script 
/usr/netscreen/GuiSvr/utils/setperms.shScript – Set permissions script 
/var/netscreen/dbbackup/exclude.rsyncConfiguration file – Exclude folders from local backup. 
/usr/netscreen/HaSvr/var/haSvr.cfgConfiguration file – Backup configuration file.
/var/netscreen/dbbackup/Directory – Default backup directory.  


Rick Donato

Want to become an IT Security expert?

Here is our hand-picked selection of the best courses you can find online:
Internet Security Deep Dive course
Complete Cyber Security Course – Hackers Exposed
CompTIA Security+ (SY0-601) Certification Complete course
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial