Forum Discussion

massimiliano_2's avatar
13 years ago

Cannot go ahead during upgrade to Backup Exec 2012 after providing the Backup Exec Services credentials

Hello,

we are trying to upgrade a fully updated Backup Exec 2010 R3 SP1 installation on a physical Windows server running Windows Server 2008 R2 Standard x64 SP2 to Backup Exec 2012.

When it's time to provide a user name, password, and domain for an Administrator account that the Backup Exec system services will use on the Service Account panel, we enter the user name, password, and domain account we had previously provided when installing Backup Exec 2010 R3 SP1 and used up until now (we called it "beadmin").

After clicking Next on the Service Account panel the installation program nothing happens so we are unable to go ahead with the upgrade to Backup Exec 2012 after providing the Backup Exec Services credentials.

It's interesting that:

1) if we intentionally provide a wrong or blank password for the existing "beadmin" account the installation program complains about this.

2) if we intentionally provide a new user name and password that the Backup Exec system services will use, the installation program does create the new user Active Directory user object and grants it the required rights, however after clicking Next on the Service Account panel nothing happens so we are unable to go ahead with the upgrade to Backup Exec 2012 after providing the Backup Exec Services credentials.

Any response will be highly appreciated.

Thanks and Regards,

Massimiliano

  • Hi Massimiliano,

    I have occasionally witnessed this behavior when the rights on the beadmin account have been restricted since the last install. I have not been able to identify the cause enough to reproduce it in house to understand why it fails to return a failure, or continue successfully. If you can help me identify the difference in rights, I'm interested in finding the cause.

    Try going into Add/Remove Programs and clicking "Change" for Backup Exec. This will launch the 2010 R3 install. Choose Repair and continue until you are presented with the service dialog, see if it will continue from there. Depending on your install configuration, it may or may not allow you to change the account/password, so its not exactly the same test, but hopefully it will provide useful feedback. If it hangs there, which I'm guessing it will, then it will confirm that something with the rights on the account have changed since you originally installed 2010.

    A recent customer I worked with on this had a similar problem after an AD policy was pushed out to all of the DC's(where BE was installed), and after uninstalling 2010, he could no longer reinstall it. We never did identify what exactly was changed in the AD Policy that caused this issue. If you can help me identify what changed in your environment, I will attempt to repro it in house and let you know my outcome.

    Thanks,
    Nick

  • Hi Nick,

    thank you very much for your reply.

    I confirm that something with the rights on the account have changed since we originally installed 2010. Additional details:

    1) when we originally installed BE 2010 we intentionally provided on the Service Account panel a user name and password for a non-existent account that the Backup Exec system services would have used and the installation program did create the new Active Directory user object and granted it some required rights.

    2) before going into production with BE 2010 we downloaded and run the Symantec Backup Exec Support Tool to determine if our BE Service Account had all required/appropriate group memberships and privileges and we discovered our newly created BE Service Account was missing some of the required/appropriate group memberships and privileges.

    3) since our newly created BE Service Account was missing some of the required/appropriate privileges we edited the Default Domain Policy to meet all requirements as per TECH136148 Article (from the left pane, we expanded Computer Configuration, went to Policies | Windows Settings | Security Settings | Local Policies | User Rights Assignments and finally defined the required user rights) and pushed out the updated AD policy to all of the Member servers and Client Computers (BE is installed on a Member server).

    4) since our newly created BE Service Account was also missing some of the required/appropriate privileges we also manually added it to the Administrators AD security group.

    5) since we also have to backup the Exchange Mailbox and Public Folder Stores from an Exchange 2007 virtual machine we also manually added our newly created BE Service Account to the required/appropriate AD security groups for Exchange 2007.

    6) after performing the above steps, we run the Symantec Backup Exec Support Tool again to determine if our BE Service Account had all required/appropriate group memberships and privileges and we discovered our newly created BE Service Account had been granted all of the required/appropriate group memberships and privileges.

    7) we went into production with BE 2010

    I hope the above steps could help you identify what changed in our environment and to reproduce it in house.

    Rights on the beadmin account have been changed since the last install, however they have not been restricted in my opinion.

    Thank you again for your support.

    Regards,

    Massimiliano

  • Hi Massimiliano,

    I will give your steps a try and see if I can make this happen internally.

    Thanks
    Nick

  • Hi Nick,

    thank you for writing further.

    When I went back to work this morning I decided to give your thoughts outlined in your first reply a try.

    Basically I rolled back the rights on the account we manually changed since we originally installed 2010 as follows:

    1) I manually removed our BE Service Account from the required/appropriate AD security groups needed to perform Exchange 2007 backups.

    2) I manually removed our BE Service Account from the Domain Admins AD security group.

    3) I rolled back changes from the Default Domain Policy originally configured to meet all requirements as per TECH136148 Article (from the left pane, I expanded Computer Configuration, went to Policies | Windows Settings | Security Settings | Local Policies | User Rights Assignments and finally rolled back the required user rights as "Not Defined").

    4) I pushed out the updated AD policy to all of the Member servers and Client Computers. 

    After performing the above steps, I have finally been able to go ahead and successfully complete the upgrade to 2012 !

    After successfully completing the upgrade to 2012 I granted our BE Service Account the required/appropriate group memberships and privileges again and run the Symantec Backup Exec Support Tool again to determine if our BE Service Account had all required/appropriate group memberships and privileges and I discovered our BE Service Account had been granted all of the required/appropriate group memberships and privileges.

    Your thoughts outlined in your first reply were definitely helpful.

    Thank you and have a great day.

    Regards,

    Massimiliano