cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

BE2012, BE15, BE21: Catalogization of imported bkf files failed - Encryption key cannot be retrieved

johnny99
Level 3

‎04-13-2020 01:04 AM - edited ‎04-13-2020 01:14 AM

Dearest Veritas Community,

I feel really sorry to bother you at Easter. When I tried to catalog an imported BE2012 backup on a new server, a message "Encryption key (code) cannot be retrieved". Checked passphrase and created new key (same passphrase, 256, Fips 140-2 not activated, common access).

Also tried on different OS Windows 2008R2, Windows 2019 with combinations of Backup Exec: BE 2012, BE15 FP5, BE21. Same (old) Domainname. Same error.

Workaround according
https://www.veritas.com/support/en_US/article.100017836
failed.


Your help will be very appreciated.

Kindest regards
Daniel
Backup Exec Fehler 13.04.20.jpg


 

0 Kudos
8 REPLIES 8

Gurvinder
Moderator
Moderator
Employee Accredited Certified

‎04-13-2020 01:46 AM

The same pass phrase that was used at the time of the backup should be put in.
The Key name does not matter but pass phrase has to match.

0 Kudos

johnny99
Level 3
In response to Gurvinder

‎04-13-2020 03:14 AM

Thank you very much. The passphrase was documented on separated and printed excel and is the same. Must be a technical issue.

0 Kudos

Gurvinder
Moderator
Moderator
Employee Accredited Certified
In response to johnny99

‎04-13-2020 03:17 AM

by any chance, is the database BEDB.BAK ( database backup ) present from the time when the backup was taken ?

Was the passphrase same for all the backup sets  or kept changing for different jobs which appended to the same tape ?

0 Kudos

johnny99
Level 3
In response to Gurvinder

‎04-13-2020 03:40 AM - edited ‎04-13-2020 03:40 AM

Unfortunately no BEDB.bak. A ransom encrypted everything. We only have Backups and Key. There was only one key for all jobs.

0 Kudos

RogRubin
Moderator
Moderator
Employee
In response to johnny99

‎04-14-2020 02:36 AM

As you only have one key, have you tried to restore a complete different backup set from a complete different date?
Same issue or does that work?
if that does not work either:
- check the characters of the key and see if an of the characters might be misinterprated like O and 0.
However if the above works then try:
- a diff backup set from the same date
- the same backup set from a diff date.

0 Kudos

johnny99
Level 3
In response to RogRubin

‎04-14-2020 02:22 PM - edited ‎04-14-2020 02:29 PM

Dear RogRubin,

Thank you very much for your help. Regarding backup sets after a ransom virus attack we have only one weekly
total backup set made on two weekly dates left. The daily sets are encrypted and lost.

We also tried to verify the 256-bit passphrase, which was written down on an Excel spreadsheet printed on paper and has worked fine in several partial restoring processes for over 2 years. The only difference was, that during the virus desaster the Backup Exec software had to be reinstalled on a new blank serversystem. Tried to combine Win2008+BE2012, Win2008+BE15, Win2019+BE21. Same result.

Also tried to do a backup on new system with same (old) key with the result that the restore succeeded. The key
was then blocked, though it cannot be deleted.

It looks like it's the correct key because it's a long sentence according
german spelling in capital- and small letters combined with a historic year. We created logical variations with
some special character between the words. No way. The key cannot be retreived for some reason.

For me, it looks like there's no search algorithm in BE which can find the new key creation, with same types
and name, if the software installation was changed. According to Admin manual, a restore must succeed
with same pass, name, type and with NO database key saved.

0 Kudos

RogRubin
Moderator
Moderator
Employee
In response to johnny99

‎04-15-2020 12:22 AM

Could you explain that part a bit more please?

Also tried to do a backup on new system with same (old) key with the result that the restore succeeded. The key
was then blocked, though it cannot be deleted.

The first part indicates that the key you created incl pwd is working for sets created with that key as you run a new backup which you then could restore.
However I do not understand what you mean with the "key was blocked".

 

0 Kudos

johnny99
Level 3
In response to Gurvinder

‎04-22-2020 06:47 AM

Yes. The same at the time, when we created the backup job. We wrote down the passphrase on an excel table, printed it out separately and stored it in a bank safe. I tried to name it the same. I may try a different name with same passphrase.

Thanks.

 

0 Kudos