cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Backup of system state not choosable

Go to solution
BE-Vita
Level 3

‎09-21-2010 09:58 AM

Hi,

I have a problem with backing up system state of a domain controller.

I created a backup job for two of my domain controllers in BE 2010 R2. For one of the DCs I can choose system state in the selection, but when I want to choose it for the other DC, I am getting an error message, that the AD domain services have to run. But of course they are running.

I restarted AD services and the backup server, but it didn't help.

Are there any other ideas?

Thanks in advance!

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎09-22-2010 04:37 AM

For information Backup Opwerators doesn't usually give enough permissions to backup a Domain Controller - Backup user shodul at leats be a Domain Admin.

 

However my guess from your description is thart there is a security policy on that domain controller that is blocking somethign like RPC or Remote DCOM (could be other elements too) so we can't tell if the AD services are runnign and generate an error.

 

As you have one working DC and one non-working I would suggest you start comparing the applied security policies on the systems.

View solution in original post

0 Kudos
9 REPLIES 9

Go to solution
VJware
Level 6
Employee Accredited Certified

‎09-21-2010 10:58 AM

Give Backup Exec logon account "log on as a batch job" right in the Domain Security Policy & then restart the BE services.

 

 

 

If this solves your query, please mark this as a solution.

0 Kudos

Go to solution
BE-Vita
Level 3

‎09-22-2010 12:32 AM

Backup Operators group which contains my backup user has already "log on as a batch job" rights.

0 Kudos

Go to solution
RahulG
Level 6
Employee

‎09-22-2010 01:05 AM

Is it a Read Only Domain Controller ?

FYI

The key Active directory (win 2008) features that affect Backup exec are Read Only Domain Controller, Re-startable Active Directory Domain Services, and VSS AD and ADAM Snapshot Consistency Checks.
• Granular Active Directory backups or restores on the RODC are not supported.
• Backup Exec 12 supports Re-startable AD Domain Service and its corresponding states.
• The Volume Shadow Copy Service (VSS) is not available on the domain controller when AD Domain Services are stopped.
• If the AD Domain Services are stopped when a backup or restore job starts or is currently running, the job fails.
• Granular AD restore operations are affected if the AD Domain Services are stopped while the restore operation is in progress.
• Full System State (with AD) restore operation for a Windows Server 2008 domain controller can be performed only in the Directory Services Restore mode.
• Active Directory Recovery Agent enables the backup and restore of NIS attributes.
• Backup Exec provides a consistency check option for Active Directory and Active Directory Application Mode VSS snapshots.
• The device name for ADAM is changed to ADAM/AD LDS in the backup selections view.

0 Kudos

Go to solution
BE-Vita
Level 3

‎09-22-2010 01:26 AM

No, it's not a RODC. It is the primary domain controller of a subdomain.

I can choose everything in the selection except for system state and shadow copy components.

0 Kudos

Go to solution
RahulG
Level 6
Employee

‎09-22-2010 01:52 AM

Can you try the following se if it helps

HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec\Engine\NTFS
Add Value:
ForceBootDrive with value C:
Stopped RAWS
Started RAWS

 

0 Kudos

Go to solution
BE-Vita
Level 3

‎09-22-2010 02:24 AM

Unfortunately it didn't help.

0 Kudos

Go to solution
Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎09-22-2010 04:37 AM

For information Backup Opwerators doesn't usually give enough permissions to backup a Domain Controller - Backup user shodul at leats be a Domain Admin.

 

However my guess from your description is thart there is a security policy on that domain controller that is blocking somethign like RPC or Remote DCOM (could be other elements too) so we can't tell if the AD services are runnign and generate an error.

 

As you have one working DC and one non-working I would suggest you start comparing the applied security policies on the systems.

0 Kudos

Go to solution
Altimate1
Level 6
Partner Accredited

‎09-22-2010 06:29 AM

Hi,

Some questions I'm asking:

- couldn't it simply be a license issue (let thinking you have 2 Dc and 1 Agent for AD)?
  I'm not sure but I would suggest looking at this.

- did you install the BE agent the same way on the 2 DCs? When you install them,
  was it for a same logon session (let say domain admin session on both DCs?

- could you simply backup files on both DCs?

May be those could help tracking the root cause.

Regards

Bernard

0 Kudos

Go to solution
BE-Vita
Level 3

‎09-22-2010 08:02 AM

Problem solved, thanks a lot!

I know, that it's recommend that the backup user is domain admin. In my root domain he was already domain admin and that's the reason why backup worked on one DC (which is located there) without a problem.

The other DC is in a subdomain, where I thought I had put the user also to domain admin group, but I hadn't...

0 Kudos