Forum Discussion

AnandhaKannan_D's avatar
4 years ago

Backed file not showing in restore window/KMS passphrase issue

Base of my issue is for certain period(2017 to Jan 2018) not able to browse the backed files for the selected dates to perform the restore.

When checked, for that certain period(2017 to Jan 2018) client files & .f files are missing in /openv/netbackup/db/images/ directory. So planned to perform the media import but there we had KMS issue i.e for that certain period((2017 to Jan 2018) the passpharse for the keytag used was different and also we lost it if we want to recover and activate the key group & tag.  My queries here is

  1. If I deploy new master server by restoring the catalog which was taken before Jan 2018. Will I able to do the restore for those periods?
  2. What if I restore the client files & .f to the directory /openv/netbackup/db/images/ from my previous(i.e before Jan 2018) catalog backup to current NB master server. As its being same master server which had the record of previous KMS database, will it can be able to restore the data without any issue ?
  3. I have the backup of KMS_DATA.dat, KMS_HMKF.dat,KMS_KPKF.dat which was taken before Jan 2018 if I place this file in the respective directory of my current NB master server, will it work and can able to do the restore ?


5 Replies

  • Hi anandhakannan

    Sorry to know the situation you are going through. Here are answers to your queries

    1. Catalog backup does not backup KMS files. So it's of no use to perform catalog recovery.
    2. If you have catalog backup from the date you mentioned then you can try just restoring .f files. Hope your catalog backup isn't KMS encrypted.
    3. Can't comment on your KMS configuration. KMS is something you need to backup seperatly and frequently as you add new keys to it. If you know you were practicing it all way long then no harm replacing files (don't forget to backup current files first).
    Hoping for a speedy recovery. All the best.
    • davidmoline's avatar
      Level 6

      Hi AnandhaKannan_D 

      My suggestion would be to use a combination of 2 & 3. This assumes that the backup image information is still in the NBDB (i.e. a bpimagelist of the backupid returns information). If this is the case, then you can use the catalog backup from Jan 2018 to recover the .f files missing. 

      Once this is done you still have the issue of the KMS keys changing, but as you have the KMS database from that time, you can temporaily switch it over to perform the recovery. Remember to backup the current keys before you do this (as suggested by pats_729). Also I would strongly suggest you prevent any KMS enabled backups running while you are performing the recovery operation.

      One final point, you should really be retaining the KMS keys for the life of the backup data (so it is possible to perform a restore). In the past this was more difficult due to the limited number of keys available (use to be 10 I think) but the limit has increased to 30 so this should be less of an issue now.

    • AnandhaKannan_D's avatar
      Level 4

      We have another complication

      2017 to 2018, certain backups encrypted with the key tag (ABCDE) and for this we have lost the passphrase. For testing recently recreated the same key tag(ABCDE) and given different passphrase and few recent backups are now encrypted with key tag (ABCDE) but with new passphrase we given.

      • Let us assuming I got the lost passphrase which was used in 2017 to 2018 and now the key tag(ABCDE) created with the lost passphrase and I can able to do the restore of 2017 to 2018 backups. Now query is what if I want to restore the recent backups which got encrypted with the different passphrase but with same key tag(ABCDE).
      • As per my knowledge, I hope every time I have to create the key tag(ABCDE) with the passphrase which require for restore of 2017 to 2018 and for recent backups. Is there any other way to have both passphrase recorded  key tag (ABCDE) in the master server or is there any option to migrate or merge the key tag to which was created with two different passphrase to restore all my backups encrypted using same key tag (ABCDE) ?