cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Active Directory B2D with GRT fails with "Access denied" error

Go to solution
Netics
Level 3

‎07-13-2009 05:00 AM

Hi everyone!
Our company has Backup Exec Server 12.5 installed on Windows Server 2003 x32. Licenses for Active Directory Recovery Agent are installed.
Active directory in installed on 2 domain controllers with Windows Server 2008 x32 and working in 2008 native mode.
We are doing 2 backups of AD with GRT enabled: 1st is B2D ( Full and incremental with reset archive bit) and 2nd is backup to LTO ( daily Copy Backup with GRT). They are both worked properly till the previos week. Previous week we have removed last Exchange 2003 from organization and now there is only Exchange 2007 servers in organization.

Now 1st (B2D backup) fails with Access Denied Error:

Backup- \\dc1.domain.name\System?State V-79-57344-33928 - Access Denied. Cannot backup directory and its subdirectories.
Backup- \\dc2.domain.name\System?State V-79-57344-33928 - Access Denied. Cannot backup directory and its subdirectories.

and backup to tape is working properly without any errors.

I have created a new test B2D job with GRT disabled and it doesn't fail. But when I enable GRT it fails.
So, I have a question: how can I resolve this issue.

Best regards,
Alex.
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Nick_Perry
Level 2

‎02-04-2010 07:16 AM

I see the support doc about this issue says Hotfix 337202 solves the provlem. It's a post-SP3 hotfix.

Has anyone tried it successfully ot otherwise?

View solution in original post

0 Kudos
34 REPLIES 34

Go to solution
AshutoshTamhank
Level 4
Employee Accredited

‎07-13-2009 05:24 AM

You might want to make sure you have all the related latest upates including HF42 which fixes a couple of GRT related issues: http://support.veritas.com/docs/324011
Has the underlying storage for B2D been changed recently? Where is the b2d stored?




0 Kudos

Go to solution
Netics
Level 3

‎07-13-2009 06:32 AM

I have installed this update and it did not help me. And I don't understand, why this update has not been installed via LiveUpdate.
We have not changed underlyng storage. Our storage is drive D:\ (server's box) on the Backup Exec Media Server.
0 Kudos

Go to solution
RahulG
Level 6
Employee

‎07-13-2009 08:57 AM

Hi Alex, 

   Please make sure the account which you are using have proper rights and permission
refer the following document http://support.veritas.com/docs/288777
The account which you are using should have and active mailbox whch should not be hidden from Gal and the mailbox for the accoutn should be on exchange 2007 server .

Also make sure you install exchange management tools on the media server and MAPI CDO onthe exchange 2007 server ..

Let me know makign the changes help you resolve the issue ...
 

0 Kudos

Go to solution
Netics
Level 3

‎07-14-2009 12:19 AM

Sorry guys, if you haven't understand me.
I get this error when backing up domain controllers. And account which connects to remote agent has all permissions for doing this backup job.
Exchange backup works properly and all toools are installed and user has right permissions.
But I can't backup domain controllers' System State when using GRT for AD.
0 Kudos

Go to solution
kkate
Level 5
Accredited

‎07-14-2009 12:32 AM

HI Netics,

To backup Systemstate create a new separate job without AOFO. It will be done.
For your domain controller create a backup job selection only of Active directory. Enable GRT if requiered. Test credentials, it should be successfull, run it on Backup to Disk folder.
Create a duplicate job of the same to backup on tape as well.

Please check and let me know..

Best luck

0 Kudos

Go to solution
RahulG
Level 6
Employee

‎07-14-2009 01:15 AM

Could  you let me know if the backup to disk folder you hae is on local disk or on some removable disk ?
If the backup is targeted to removable backup to disk folder try running the backup to the local backup to disk folder.
If it is going to local backup to disk folder make sure the antivirus is not scan the backup to disk folder during the time or backup or you can just set and exclude for the backup to disk folder .
Let me know if that helps

0 Kudos

Go to solution
Netics
Level 3

‎07-14-2009 01:28 AM

kkate,
I don't use AOFO in  this backup job. This job doesn't fail on to LTO and it fails when doing B2D. When I disable GRT, job ends succesfully.
RahulG,
I am backing up to the local disk and I don't have any removable storage except of Tape Library. Antivirus doesn't scan B2D folder.

And I want to say again - the job worked well until previous week. We didn't change anything in the AD except of removing last Exchange 2003. Only domain controllers System State backup fails.
0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-14-2009 02:58 PM

Check your logs and see if this issue started after hotfix 324011 was installed.  In my case I'm having the same symptoms after that hotfix installed itself. 

I also use GRT (which is automatically skipped/disabled for certain things) and backup to a disk and this is a DC.
0 Kudos

Go to solution
Gene_Tang
Level 3

‎07-19-2009 05:39 PM

Seeing the same issue.  On my system with the exact same setup (Windows 2008 x32 with all the latest hotfixes installed in BE 12.5 and AD agent).

Is the solution to create a separate backup job for the AD with GRT disabled? Or can we uninstall hotfix 324011?  I would rather the AD backup in the same job to keep everything streamlined.

0 Kudos

Go to solution
thegoolsby
Level 6
Employee Accredited

‎07-19-2009 11:45 PM

Alex, DrinkingBird, Gene:

I have all sent you all emails, please email or PM me if you didn't get them. There are some logs that I’d like to review from your backup jobs that are not appropriate to be posted to a forum.

Before doing the steps I sent you, make sure that all pans out okay:
  • As Rahul indicated, make sure that the permissions are set correctly. Verify that you can backup system state without GRT enabled - if you haven’t tried this already please do so.
  • If you suspect that this happened after installing 302411, uninstall it and see if the backup fails or not (please gather the logs I asked for in my email first!!!). If the backups still fail with the HF uninstalled, please reinstall this HF.
  • If backing up to remote or removable B2D (or even a B2D on a SAN), try backing up to a directly attached NTFS volume with GRT and see if you get any different results.
I’ll take a look at your logs and let everyone know what I’ve found.

Also – kkate - AOFO’s selection will have no bearing on how system state is backed up. The backup is always a snapshot backup performed by VSS regardless of this setting.
0 Kudos

Go to solution
Gene_Tang
Level 3

‎07-20-2009 12:35 PM

Hi Collin,

I will try collect information for you today or tomorrow. 

Gene

0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-20-2009 06:54 PM

I'll start by uninstalling 324011 and seeing if tonights job is successful, since Gene is doing the debug, that way we kill 2 birds at once.

I'm backing up to a directly attached E-SATA drive which is NTFS.

I have GRT enabled for the backup as I back everything up using one job and I do want GRT for files and exchange.  I also have synthetic backup and TIR enabled but those are bypassed for several parts of the backup including system state.

User definitely has permissions, I was using the main admin account and then swapped it to another full admin account after this started to see if it helped, with no success.

We'll see how the backup goes tonight.  I don't want to run a one-off and mess up the schedule.
0 Kudos

Go to solution
Netics
Level 3

‎07-21-2009 12:54 AM

I see no errors after removing this update.
0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-21-2009 09:00 AM

Ha, forgot to disable liveupdate so it reinstalled itself before the backup.  Guess I'll try again tonight.
0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-22-2009 01:37 PM

Backup successful with patch uninstalled.

Problem is I also have Endpoint Protection on this box and can't seem to tell liveupdate to update that but not Backup Exec, so for now I have LU completely disabled but my virus defs won't update that way.
0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-25-2009 08:48 PM

Any updates on this?  2 of us removed the hotfix and the issue went away, so I'd assume its a problem with that fix.

Would be nice if the fix was removed from the update site so I can turn automatic updating back on.....  I'm not aware of any way to mark a hotfix as "do not install"?

0 Kudos

Go to solution
JRV
Level 4

‎07-27-2009 10:23 AM

Same issue here, including that Symantec Endpoint Protection Manager is installed on the BEWS machine and disabling LiveUpdate is not an option.

Microsoft makes it possible to prevent an update from installing automatically via Automatic Updates (& WSUS, of course). Symantec needs to give us that capability in automatic LiveUpdate.

Especially since, per http://seer.entsupport.symantec.com/docs/328487.htm, Symantec does not plan to fix 324011 unless we all call Symantec sales and beg:

"Pending the outcome of the investigation, this issue may be resolved by way of a patch or hotfix in current or future revisions of the software. However, this particular issue is not currently scheduled for any release. If you feel this issue has a direct business impact for you and your continued use of the product, please contact your Symantec Sales representative or the Symantec Sales group to discuss these concerns."

Gee, thanks, Symantec!

I suggest we tie up Symantec sales phone lines with our calls until the fix it. Please also vote up this "idea":

https://www-secure.symantec.com/connect/idea/fix-bews-125-update-324011-now
0 Kudos

Go to solution
Drinkingbird
Level 3

‎07-27-2009 01:05 PM

LOL, gotta love it, neither of those options are really supportable since you can't stop the patch from installing, and some of us put our tape drives in the dumpster years ago.

Well at least its not as bad as the update last year that blue screened everyones 2008 x64 servers!

I believe there is a way to un-register backup exec from liveupdate, that isn't an ideal solution but I may have to do it for now. This hotfix is supposedly a fairly important one fixing several issues with GRT and exchange, etc, but since stuff worked better for me before than it did after, I guess the fixes can't be all that great.

I may try running a separate system state without GRT or anything and see if that helps, but I really like just having my 1 nightly backup that takes care of everything, I'm a neat freak like that.

Voted.
0 Kudos

Go to solution
JRV
Level 4

‎07-27-2009 01:18 PM

Actually, you can stop the patch from installing. In BEWS Tools/Options/LiveUpdate, set it to alert you when there are updates instead of automatically installing them.

Then set LiveUpdate to run in Interactive mode instead of Express mode...and don't forget to uncheck 324011 every time!

It won't affect SEPM.

I hate the thought of not having GRT for AD backups...all or nothing AD restores are brutal, esp. if more than a few days old. If I use GRT for nothing else, I want it for AD. I will probably remove the patch. But I've already contacted Symantec Sales to register my concern, and my client is doing the same.

BTW, the link in the KB article for info on how to contact sales is broken. There's an extra "/" at the beginning. Guess they don't really want to hear from us that much!
0 Kudos