Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- VOX
- Data Protection
- Backup Exec
- Backup target selections not available
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Backup target selections not available
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-24-2006 01:49 PM
Hi there. I'm wondering if anyone's come across this before. Sorry if the explanation is so long.
We have a network with 2 logical Windows domains and 2 physical sites. The sites are mainly the result of a very slow link between 2 firewalls (a problem we have not and probably won't figure out).
Let's call the domains A and B for simplicity. On one of the sites, we had the Backup Exec media server and all target servers for domain A. On the other site, we had the media and target servers for domain B. There is no trust between the domains.
Recent events forced us to move a domain B server to domain A's site. (I'll call the moved server 'Target B.')
The link between domains is so slow, the time for domain B's media server to backup Target B rose dramatically, from 2.5 to 13 hours. Thus, we figured we would just backup Target B with domain A's media server.
Both media servers are running Backup Exec 9.1 4691. They are Windows 2000 Servers. Target B is a Windows Server 2003 SP1. The Windows 2000 media servers in both domains are successfully backing up several Windows 2003 SP1 systems every night.
Although Target B was moved to the same site as media server A, it is still on a completely different subnet (media server A: 161.x.x.x; Target B: 172.x.x.x).
When trying to create a job for Target B on media server A, both the C: and D: drives are greyed out, and both the Microsoft SQL Server and Shadow Copy Components do not appear. However, 2 folder shares on Target B do appear and are available for backup. We need to backup all the resources not appearing, though.
As a test, when I log on to media server B and create a new job for Target B, I can still see and select everything.
I did several things to try making Target B's resources appear in media server A. First, I checked the backup service account. I tried using domain B's account, which is the same one media server B always used to backup Target B. (I specified it as Domain\Account in the User name field on media server A.)
When that didn't work, I created a local account on Target B, put it in the Admins group, and manually assigned it the 3 required rights (Logon as a Service, Act as Part of the OS, and Create a Token Object). On media server A, I specified that account as Server\Account in the User name field and tried creating the backup job that way. I still couldn't see the resources.
Considering that the Backup Exec service packs may be different between media server A and media server B (although I don't think they are), I uninstalled the Backup Exec agent from Target B, then reinstalled it, getting the files (RANT32) from media server A. It didn't fix the problem. Media server A still can't see the resources; media server B still can.
(As Target B is a Windows 2003 SP1 system, I had to install the agent manually by copying the RANT32 folder to it and running SETUPAA.CMD.)
I tried enabling Restrict Anonymous Support in the registry on BOTH media server A and Target B (per Veritas doc ID 275484). This didn't help.
Media server A CAN still access all resources, shares, the Microsoft SQL Server, Shadow Copy Components, and System State on all servers in its domain.
Does anyone have any suggestions on what I might be missing on media server A, that keeps Target B's resources from appearing?
Thanks.
Eric
We have a network with 2 logical Windows domains and 2 physical sites. The sites are mainly the result of a very slow link between 2 firewalls (a problem we have not and probably won't figure out).
Let's call the domains A and B for simplicity. On one of the sites, we had the Backup Exec media server and all target servers for domain A. On the other site, we had the media and target servers for domain B. There is no trust between the domains.
Recent events forced us to move a domain B server to domain A's site. (I'll call the moved server 'Target B.')
The link between domains is so slow, the time for domain B's media server to backup Target B rose dramatically, from 2.5 to 13 hours. Thus, we figured we would just backup Target B with domain A's media server.
Both media servers are running Backup Exec 9.1 4691. They are Windows 2000 Servers. Target B is a Windows Server 2003 SP1. The Windows 2000 media servers in both domains are successfully backing up several Windows 2003 SP1 systems every night.
Although Target B was moved to the same site as media server A, it is still on a completely different subnet (media server A: 161.x.x.x; Target B: 172.x.x.x).
When trying to create a job for Target B on media server A, both the C: and D: drives are greyed out, and both the Microsoft SQL Server and Shadow Copy Components do not appear. However, 2 folder shares on Target B do appear and are available for backup. We need to backup all the resources not appearing, though.
As a test, when I log on to media server B and create a new job for Target B, I can still see and select everything.
I did several things to try making Target B's resources appear in media server A. First, I checked the backup service account. I tried using domain B's account, which is the same one media server B always used to backup Target B. (I specified it as Domain\Account in the User name field on media server A.)
When that didn't work, I created a local account on Target B, put it in the Admins group, and manually assigned it the 3 required rights (Logon as a Service, Act as Part of the OS, and Create a Token Object). On media server A, I specified that account as Server\Account in the User name field and tried creating the backup job that way. I still couldn't see the resources.
Considering that the Backup Exec service packs may be different between media server A and media server B (although I don't think they are), I uninstalled the Backup Exec agent from Target B, then reinstalled it, getting the files (RANT32) from media server A. It didn't fix the problem. Media server A still can't see the resources; media server B still can.
(As Target B is a Windows 2003 SP1 system, I had to install the agent manually by copying the RANT32 folder to it and running SETUPAA.CMD.)
I tried enabling Restrict Anonymous Support in the registry on BOTH media server A and Target B (per Veritas doc ID 275484). This didn't help.
Media server A CAN still access all resources, shares, the Microsoft SQL Server, Shadow Copy Components, and System State on all servers in its domain.
Does anyone have any suggestions on what I might be missing on media server A, that keeps Target B's resources from appearing?
Thanks.
Eric
Labels:
14 REPLIES 14
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-27-2006 03:24 AM
Hi Eric,
Check following on Media Server A
-what you have selected under BE > Tools > Options > Network > Use any available.... ?
-check whether 50 ports on Media server are free ? and port 10000 also ? ( over Firewall )
and on Target Server B
-check whether 25 ports on Remote server are free ? and port 10000 also ? ( over Firewall )
-check beremote.exe port 10000 uses ...
Update us on the same and revert for any further Query
Hope this will help you
Thank you
Gauri
NOTE : If we do not receive your reply within two business days, this post would be marked "assumed answered" and would be moved to "answered questions" pool.
Check following on Media Server A
-what you have selected under BE > Tools > Options > Network > Use any available.... ?
-check whether 50 ports on Media server are free ? and port 10000 also ? ( over Firewall )
and on Target Server B
-check whether 25 ports on Remote server are free ? and port 10000 also ? ( over Firewall )
-check beremote.exe port 10000 uses ...
Update us on the same and revert for any further Query
Hope this will help you
Thank you
Gauri
NOTE : If we do not receive your reply within two business days, this post would be marked "assumed answered" and would be moved to "answered questions" pool.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-01-2006 04:16 PM
Say, can I have an extension of 2 or 3 more days? The firewall guy has been very busy and it's been hard to get a hold of him.
Thanks.
Eric
Thanks.
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-05-2006 02:19 PM
Gauri,
Thanks for the suggestions. Unfortunately, the firewall settings didn't seem to make a difference. In fact, we opened up everything on the firewall, so it was like there was no firewall between Media Server A and Target B.
Still, that didn't improve the situation. Media Server A still can't see the resources on Target B.
I wonder what else could be wrong. Do Backup Exec media servers have problems seeing resources on servers in other domains -- when there is no trust between the domains?
In our case, there is no trust set up between domain A and domain B. We're trying to back up a target in domain B from a media server in domain A.
Eric
Thanks for the suggestions. Unfortunately, the firewall settings didn't seem to make a difference. In fact, we opened up everything on the firewall, so it was like there was no firewall between Media Server A and Target B.
Still, that didn't improve the situation. Media Server A still can't see the resources on Target B.
I wonder what else could be wrong. Do Backup Exec media servers have problems seeing resources on servers in other domains -- when there is no trust between the domains?
In our case, there is no trust set up between domain A and domain B. We're trying to back up a target in domain B from a media server in domain A.
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2006 08:20 AM
Have you tried entering "Connect As" info in the format
"domainB\User-id" for this erver
"domainB\User-id" for this erver
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-09-2006 04:33 PM
Yes, we created a logon account with that very format, specifying an admin user from domain B. From the backup server in domain B, that admin user can successfully see ALL resources on Target B.
However, from the domain A backup server, using the SAME admin account from domain B, we cannot access most resources on Target B.
To be more specific, we can only see the SHARES on Target B, but nothing else -- no C: or D:, no Shadow Copy Components, no SQL Server components. We see a C$ and D$ (instead of C: and D:), but those are useless because they're greyed out; we cannot expand them.
Yet like I said, with that very same admin account, the domain B backup server can see all resources on Target B. That's why I'm wondering if there's a problem accessing a target server in another domain when no trust is established.
Thanks.
Eric
However, from the domain A backup server, using the SAME admin account from domain B, we cannot access most resources on Target B.
To be more specific, we can only see the SHARES on Target B, but nothing else -- no C: or D:, no Shadow Copy Components, no SQL Server components. We see a C$ and D$ (instead of C: and D:), but those are useless because they're greyed out; we cannot expand them.
Yet like I said, with that very same admin account, the domain B backup server can see all resources on Target B. That's why I'm wondering if there's a problem accessing a target server in another domain when no trust is established.
Thanks.
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2006 03:15 AM
My BUE server was an NT4 domain when the deck died. The only way I could get the new unit to work was on a "spare old W2K AD Server", different domain and no trust relationships at all. I had to install V10 so it may be a bit different, but I set the network account for each resource as the NT4domain\administrator. It connected and allowed me to use the $ shares for selections with no problems.
Did have a slight problem when the 2KAD found another and updated the local system passwords so that BUE suddenly lost local privileges, but a logon account update later back to normal. My next phase is to remove V10 and try this with V9.1 so I am hoping it will still work.
Did have a slight problem when the 2KAD found another and updated the local system passwords so that BUE suddenly lost local privileges, but a logon account update later back to normal. My next phase is to remove V10 and try this with V9.1 so I am hoping it will still work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2006 07:16 AM
Yeah, in my case, I have to get it working on 9.1 rev. 4691. Upgrading to v10 is not an option.
I shouldn't think there's a problem backing up a server in another, untrusted domain with 9.1 rev. 4691, but I don't know for sure. Maybe that version is unable to handle such a task.
Also in my case, I cannot just use the shares to backup the server. I need the Shadow Copy Components, SQL Server piece, and C: and D: accessible. Currently, I don't see any of those resources.
Both domains involved in my situation happen to be Win 2000/2003 domains. NT4 isn't even involved, so I'm surprised it isn't working.
Thanks.
Eric
I shouldn't think there's a problem backing up a server in another, untrusted domain with 9.1 rev. 4691, but I don't know for sure. Maybe that version is unable to handle such a task.
Also in my case, I cannot just use the shares to backup the server. I need the Shadow Copy Components, SQL Server piece, and C: and D: accessible. Currently, I don't see any of those resources.
Both domains involved in my situation happen to be Win 2000/2003 domains. NT4 isn't even involved, so I'm surprised it isn't working.
Thanks.
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2006 07:28 AM
Mines the opposite, it can see the shares but I can only access the $ shares. I think I found a checkbox to do with user shares in my trawling so that could be that. Meanwhile if there are SQL bits not showing up it is not because of the lack of an SQL agent on the server is it? No SQL experience to throw in but I have to enable the Exchange server bit in BUE before it can see the exchange specific info on the exchange server.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2006 08:23 AM
Hello,
Yes there can be an issue if there is no trust relationship.
Please see the technote:
http://support.veritas.com/docs/236744
Thanks,
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.
Yes there can be an issue if there is no trust relationship.
Please see the technote:
http://support.veritas.com/docs/236744
Thanks,
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-10-2006 02:32 PM
Is that article saying that a backup is simply not possible without a one-way trust established?? That will never be approved for the two domains in our organization.
Also, the Backup Exec versions to which the article applies are unclear. It says it pertains to BE 9.1, but does that also mean 9.1 rev. 4691?
Thanks.
Eric
Also, the Backup Exec versions to which the article applies are unclear. It says it pertains to BE 9.1, but does that also mean 9.1 rev. 4691?
Thanks.
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2006 10:23 AM
Just rebuilt a W2K server from scratch, new AD Domain.
Installed Backup Exec V9.1 on it.
During the installation it asked for user logon account so I set up
1 (the default) for the domain of the backup server.
2 the DOMAIN2/administratoruser for the domain with the targets.
3 the Domain2/backupmailboxuser for the exchange server mailboxes on the old domain.
Set up the selections and just picked the appropriate credentials when I clicked on the PC node (it prompts). Then the selections appeared No problems at all.
There are NO trusts or similar relationships in existance.
IF yours is not working, is it definitely seeing all the traffic, no accidental filters on the switch?
Installed Backup Exec V9.1 on it.
During the installation it asked for user logon account so I set up
1 (the default) for the domain of the backup server.
2 the DOMAIN2/administratoruser for the domain with the targets.
3 the Domain2/backupmailboxuser for the exchange server mailboxes on the old domain.
Set up the selections and just picked the appropriate credentials when I clicked on the PC node (it prompts). Then the selections appeared No problems at all.
There are NO trusts or similar relationships in existance.
IF yours is not working, is it definitely seeing all the traffic, no accidental filters on the switch?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-15-2006 03:39 PM
Thank you so much, Steve, for performing that test!
I have been told there were no filters or anything blocking the traffic between the two servers. I am very perplexed by the situation.
I'll check further on the firewalls/filters/etc. However, at this point, I'm heading out for a week and will not be able to test further until May 22nd.
Thanks again for everyone's help and suggestions.
Hope you all have a good week!
Eric
I have been told there were no filters or anything blocking the traffic between the two servers. I am very perplexed by the situation.
I'll check further on the firewalls/filters/etc. However, at this point, I'm heading out for a week and will not be able to test further until May 22nd.
Thanks again for everyone's help and suggestions.
Hope you all have a good week!
Eric
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2006 06:02 AM
Hello,
Thanks for the update please revert if the issue persists
Thanks,
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.
Thanks for the update please revert if the issue persists
Thanks,
NOTE : If we do not receive your reply within two business days, this post would be marked assumed answered and would be moved to answered questions pool.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-24-2006 06:15 PM
Well, ok, this DOES appear to be a TCP/IP port blockage issue after all.
Thanks for all of your suggestions.
Clearly, this does not have to do with being on different domains or having the wrong agent version installed on the server.
Here is what I simply did: I cabled the target server's connection so it resided on the same network segment as (and had a similar IP address to) the media server. Then I tried accessing the target server's resources from the media server. They were all available.
Then to be sure about this, I recabled the target server back to its original network segment and it acquired its original IP address. Then the media server could NOT access its resources.
Then I recabled the target back one more time to the media server's segment. Resources were accessible. Then I recabled the target back. Resources were not accessible.
BTW, all that time, I did not change the Windows domain of either server. They both remained in two separate domains with no trust established.
Thus, there is clearly some device between the media server's segment and the target server's segment that is blocking IP ports critical to Backup Exec. (It could be either a firewall or host intrusion prevention device.) This clearly appears to be a port-blocking issue.
I will have to work with our firewall/networking team to get this resolved, ultimately. However, I wanted to jump back on this thread and let everyone know that, at least, the CAUSE of the problem was determined.
It seems clear to me that by opening the TCP/IP ports mentioned earlier in this thread, the problem will finally go away.
My question definitely seems to be answered. Thanks again for everyone's help!
Eric
Thanks for all of your suggestions.
Clearly, this does not have to do with being on different domains or having the wrong agent version installed on the server.
Here is what I simply did: I cabled the target server's connection so it resided on the same network segment as (and had a similar IP address to) the media server. Then I tried accessing the target server's resources from the media server. They were all available.
Then to be sure about this, I recabled the target server back to its original network segment and it acquired its original IP address. Then the media server could NOT access its resources.
Then I recabled the target back one more time to the media server's segment. Resources were accessible. Then I recabled the target back. Resources were not accessible.
BTW, all that time, I did not change the Windows domain of either server. They both remained in two separate domains with no trust established.
Thus, there is clearly some device between the media server's segment and the target server's segment that is blocking IP ports critical to Backup Exec. (It could be either a firewall or host intrusion prevention device.) This clearly appears to be a port-blocking issue.
I will have to work with our firewall/networking team to get this resolved, ultimately. However, I wanted to jump back on this thread and let everyone know that, at least, the CAUSE of the problem was determined.
It seems clear to me that by opening the TCP/IP ports mentioned earlier in this thread, the problem will finally go away.
My question definitely seems to be answered. Thanks again for everyone's help!
Eric
Related Content
- Sooooo…How Are You Getting Your AI Back After a Disaster? in NetBackup
- NetBackup 10.4+ DNAS Multi-Mount Capability Greatly Improves Snapshot Backup Performance in NetBackup
- Google Cloud Platform S3 Object Locking and Immutability backups Now Available in NetBackup 10.4 in NetBackup
- NetBackup 10.4 Lets K8s Backups Fly Even Higher in NetBackup
- Classic Backup & Restore Luxury Comes to OpenStack with NetBackup 10.4+ in NetBackup
