cancel
Showing results for 
Search instead for 
Did you mean: 

Backup Exec 15 - How to delete/replace System Logon Account

kev2
Level 3

Hi

I have a series of jobs setup in Backup Exec and some of them randomly fail with credential errors on the target server. Without any changes these jobs sometimes work fine. Event Viewer on the target machine shows authentication failures from the Default Account and Sytem Logon Account

I'm guessing this is because of the Sytem Logon Account which was setup by a previous IT Support provider.

I've tried amending the accounts but have had the following difficulties -

  • I can't delete or edit the Sytem Logon Account because it is used by 'users' who no longer exist in BE/AD or won't accept the password for the owner account.
  • I cannot edit other logon accounts because BE does not accept the password of the 'Owner' even though it is correct in AD.
  • A Logon Account exists using an old AD account name - the AD account still exists but has been renamed.

Is there a way I can completely 'blitz' these accounts in 'Logon Account Management'? I'm left with no way of editing them as they don't accept the passwords I have.

Thanks

Kev

 

1 ACCEPTED SOLUTION

Accepted Solutions

DarthBilly
Level 5
Employee

First, check the Backup Exec service accounts. There should be 7+ services for Backup Exec. Reset those accounts if they are not right.

Ok, there's more to resetting the logon accounts. It means also resettling everything. You can set the Backup Exec Database to a default never been used state, but again you would need to recreate all the jobs. There is no simple way to reset accounts besides this that I know of.

This is the Technote for resetting Backup Exec. None of the data backed up will be lost, however, Backup Exec will not know it's there until you inventory and catalog it.

https://www.veritas.com/support/en_US/article.TECH66780

You may want to wait to see if anyone else chimes in with a better idea as well.

 

 

View solution in original post

13 REPLIES 13

pkh
Moderator
Moderator
   VIP    Certified

Create a new System Logon Account then delete the old accounts. When you are prompted to replace the credentials of deleted jobs, specify the new account.

Make sure that the new account is a domain admin

Thanks for the reply but I cannot get it to work.

I click on the 'System Account' button within Logon Account Management and I am prompted to enter the Domain Administrator password. I enter the current Administrator password and Backup Exec doesn't accept it.

As I understand it BE doesn't really talk to AD so is there a registry setting I can amend to change the Administrator password?

DarthBilly
Level 5
Employee

Right, the accounts inside of BE are not connected to AD, but it does know who the ower is.

Log in as the user depicted in the Owner field in the Logon Account Management UI. Once logged in you should be able to manage all the accounts that is owned by that user.

If you are still having problems with this, then create a new account (not the system logon account). Give it a "Account" name that is descriptive. Go to the resource you are having issues with and open the properties go that resource. Click on Credential and set it. You can accutally leave the System logon account alone and just set the credentials for the resources you need this way.

Thanks for the reply DarthBilly but I'm no further forward :(

 

I logged on to the machine as the Domain Admistrator and owner of the accounts (I wasn't before). This is one of the accounts where BE doesn't accept the current AD password.

In Logon Account Management I select the System Logon Account, click 'Replace', select the account (which is a Domain Admin) that I want to be the new SLA and get the error - 'Unable to replace old Logon Account with new. The server has received incorrect or invalid data.'

I try and delete a non-Sytem Logon Account and it says it cannot be deleted because the following users have selected it as their default logon account and one or more are currently logged on to the media server. This user account is not logged in on the Windows box and no services or jobs are running under this user account.

I have already got the different jobs running under a different account but I'm having random failures. Testing the credentials within the job's properties passes and there definitely is no reference to the accounts I'm looking to delete in the GUI.

The situation I'm facing is that I do not make any changes to credentials or configuration and randomly get errors with the failure message 'The logon account that was provided does not have valid credentials.Ensure that the user name and password are correct, and then try again.' but the next time the job will be successful with exactly the same configuration. I would expect this error to be permanent.

Without any proper evidence I am suspecting that the jobs are somehow reverting back to the Sytem Logon Account if there is any delay with the specified account credentials being returned as successful.

I do know that this BE installation was installed as an upgrade to a previous version of BE (I don't know which version) but I've already resolved issues with automated catalog jobs running that aren't supported with this version and issues with the catalogs being merged into its SQL database. I've also recreated the jons to no avail.

So, I'm left with Logon Accounts in BE with faulty credentials and would like a way of cleaning them up to see if it helps.

DarthBilly
Level 5
Employee

First, check the Backup Exec service accounts. There should be 7+ services for Backup Exec. Reset those accounts if they are not right.

Ok, there's more to resetting the logon accounts. It means also resettling everything. You can set the Backup Exec Database to a default never been used state, but again you would need to recreate all the jobs. There is no simple way to reset accounts besides this that I know of.

This is the Technote for resetting Backup Exec. None of the data backed up will be lost, however, Backup Exec will not know it's there until you inventory and catalog it.

https://www.veritas.com/support/en_US/article.TECH66780

You may want to wait to see if anyone else chimes in with a better idea as well.

 

 

Yip, backup exec services are correct, restarted lots of times, server restarted, all patches installed including updating the remote agents so I seem to have hit a dead end.

I think I'll end up using the article you sent so thanks for that. I'll also take your advice and sit on my hands for a while before wading in ;) Now thatI've read the article it makes sense that I have to create a new DB but it's a shame BE doesn't integrate nicely with AD with regards to the logon accounts.

But your input is greatly appreciated and thanks for the pointers.

Hopsnbarley
Level 4
Employee

Perhaps you could attach a screenshot of the Logon Account Management screen (don't worry, it doesn't display passwords!). This should display the "account name" as well as the "user name".

Just trying to clear up my confusion of what your seeing  :)

 

I realized that putting a screenshot of usernames out there could cause some squirming,so feel free to edit the screenshot to remove the actual user names. Although the user name for the "system logon account" might help figure out what is going on.

Yip, I'm a bit squeamish about screenshots disclosing domain names etc. I did try blanking out the necessary details but then there wasn't much info left! ;)

But it is something like this...

 Account Name                 User Name                 Default    Type           Owner
domain\administrator         domain\administrator                   Common     domain\kev-admin
domain\kevadmin              domain\kevadmin        yes           Common     domain\kev-admin
previousit                           previousit                                     Common     domain\previousit
System Logon Account     domain\previousit2                       Common     domain\administrator

So the previous IT company had 2 accounts.
The kevadmin account is the same AD account as kev-admin (it was renamed in AD after BE configured).
All backup jobs are configured with the kevadmin account except for 2 jobs running as administrator (these 2 jobs never fail).
I want to remove all accounts except for kevadmin (and it would be nice to have the BE owner match the AD account).

Whilst logged on to the windows server as domain\administrator I cannot delete/replace the System Logon Account - Unable to replace old Logon Account. The server received inccorrect data.

I cannot delete the 'previousit' account - The account 'previousit' cannot be deleted because the following users have selected it as their default logon account and one or more of them are currently logged on to the media server - domain\previousit. They aren't logged on, there are no services running under this account and no jobs use this account for credentials.

I try deleting domain\administrator in the Manage Logon Accounts, replace with domain\kevadmin first as the domain\administrator account is in use by 2 jobs - Unable to replace old Logon Account. The server received inccorrect data.

Thanks to DarthBilly, logging on the the Windows server as domain\administrator gets me past the errors when trying to edit logon accounts and prompyed me to enter the administrator (or owner) credentials before they were rejected (the AD password for this account has been changed since. However, I am now being presented with invalid data errors :(

So, something is definitely not working as it should and its a mess so a clean slate sounds like a good idea to me.

PS. I'm not actually repsonsible for this mess but I've certainly learnt that BE should have logon accounts edited before amending AD credentials.

 

Hopsnbarley
Level 4
Employee

Strange. By the way, what account are the Backup Exec Services running under ?  

I did find this tech note with the same error your getting about users being logged in. Might want to give the steps in it a try. 

https://www.veritas.com/support/en_US/article.000007286

Strange indeed. The services are running under the kevadmin account. 

And thanks for the article, I'll run through it to see if it helps but that will have to wait till tomorrow as  the backups are running now. Fingers crossed for tonight ;)

Sorry for no update but I've had a string of 10 successful backups without making any config changes which is slightly worrying in titself. Maybe something else has been interfering with the servers. I'll keep an eye on it and if I try anything else I'll let you guys know.

The backups have continued to work without issue - the only 'change' I made was to actually log on with the account used for the Sytem Logon account after the password had been changed in AD so I suspect that there may be underlying issues with the servers rather than BE.

Solution goes to DarthBilly as he answered the question I asked - removing all settings by removing the SQL database but thanks to Hopsnbarley for the input.

 

Cheers guys :)