We run two systems we need to back up with backup exec 2010 R3 which delibrately have incorrect hardware clocks which are not synchronised with our backup server due to the two systems being test environments for bespoke software. We get the normal 'Backup exec cannot creater a trust relationship with the remote agent' error due to this, and I need to get around the clock check to backup these systems. How would I do this?
Yeah, I am sure. We have 3 other servers with exactly the same configuration with correct clocks and we have no issue connecting to those. The system specifically complains that it can't set up a trust relationship to this one machine due to it having an unsychronised clock. Symantecs resolution to the issue is 'Synchronise the clocks and try again' but this isn't a viable solution due to the server requirements.
As long as these are physical servers, you can setup TimeSrv or connect to NIST using their app,
Preferably it would be the same time source that your media server is getting it's time hacks from
Hmm kind of unusual requirment. If it is the certificates then you can see what happens if you disable them, however
a) this coudl open you up to a man-in-the-middle security breach
b) if it works you will have to disable certificates on all servers
c) it may not work as the skwed clocks might affects other communication requirments, not just the communciation security
Info on security certificates:
These certificates were introduced in Backup Exec 2010 R3 after 3rd party specialists in IT security analysis notifed Symantec of a potential for a type of security breach between a media server and a remote agent that is known as a "Man in the Middle" attack.
You can disable this functionality with a registry change, however if you do this you will open up a potential security flaw so will need to take other steps to ensure that your security is not compromised. As such it becomes a "use at your own risk" option and should really only be used as a short term workaround for an issue that Symantec are already investigating. If you use it for an issue we are unaware of then obviously we will never fix the issue. We are aware of current problems with the TLS Handshaking that is affecting publishing and other functionality with Backup Exec, as part of
As such if any customer uses the details provided below as a workaround, the changes should be undone once notification of a full solution of the issue has been made public.
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes
Create a DWORD value in
HKLM\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Engine\Agents
Set the value to 1
This must be done on media server and remote server and the Backup Exec services on the servers will need restarting after the change