Beserver service fails to start with error "The Backup Exec Server Service did not start. An internal error (-1) occurred in object 50. " on Managed Backup Exec Servers.

book

Article ID: 100053343

calendar_today

Updated On:

Description

Error Message

The Backup Exec Server Service did not start. An internal error (-1) occurred in object 50.
 

Event in Application Log:

The Backup Exec Server Service did not start. An internal error (-1) occurred in object 50. 


Debug Log:

VDS:  50 SecurityBO: Initialization Started. BO=50. QASecurityFlags:0, RootLifetime:525600.
VDS:  -1 SecurityBO: DoMMSServerCertificateValidation, Unable to connect to CASO or SSOPrimary:TESTCAS. rc=0x721.
VDS:  -1 SecurityBO: CalculateActiveWorkingHalfLifeInTimeTUTC: activeCertExpirDateTimeTInFile: 1653270761, 
activeCertStartDateTimeTInFile: 1626340061, shorten: 0
VDS:  -1 SecurityBO: at MMSServer halflife, ActiveSC replacing ExpiringSC certificate.
VDS:  -1 SecurityBO: GenerateNewMMSServerCertificate, Unable to connect to CASO:TESTCAS. rc=0x721.
VDS:  17 Alert General Information, Notify: No, EventLog: No, Trap: No
VDS:  -1 SecurityBO: SendAlertMMSSecurityBlock, Alert sent for hint:3.
VDS:  -1 SecurityBO: CalculateActiveWorkingHalfLifeInTimeTUTC: activeCertExpirDateTimeTInFile: 1653270761, 
activeCertStartDateTimeTInFile: 1626340061, shorten: 0
VDS:  50 SecurityBO: DoMMSServerCertificateGeneration Failed. rc:0xffffffff.
VDS:  50 SecurityBO: ERROR Initialization Failed doing DoLifeCycleManagementSession. rc:0xffffffff, unable to continue. BO=50.
VDS:  -1 Business Object 50 failed to initialize:-1
VDS: -1 RpcXfaceServiceMain: InitializeBOs() failed, BO:50, nRet:-1

 

Cause

This may occur if the servers have STIG enabled (Security Technical Implementation Guide)
 

Resolution

Workaround:

As per Recommendations from Microsoft the following below options are disabled from the Local Security Policy of the Servers if STIG is enabled on the CAS (Central Admin Server) and MBES (Managed Backup Server).

 

Disable the following:

  • Use FIPS compliant algorithms for encryption
  • Configure encryption types allowed for kerberos

 


1. In Control Panel, click Administrative Tools, and then double-click Local Security Policy.


2. Under Policy in the right pane, double-click System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing, and then click Disabled. (Figure 1)


3. Under Policy in the right pane, double-click Network seciryt. Configure encryption type allowed for Keberos. Uncheck/Disable the  types that Kerberos is allowed to use. (Figure 2)

 

Figure 1

 


 

Issue/Introduction

Backup Exec Server Service (Beserver) fails to start with error "The Backup Exec Server Service did not start. An internal error (-1) occurred in object 50. " on all Manged Backup Exec Server (MBES) servers.

Additional Information

ETrack: 4056950
Powered by Wolken Software