True, but unfortunately that - Page 2

prs246191 · ‎03-14-2013

A colleague of mine asked me to create a post for him. He is using BE 2010 and his one backup job is running at only 228 mbs/min. The job is set to medium prioity, he switched it to highest and it didn't help. He is backing up to tape, which is connected directly to the server. The server is also acting as it's media server. Is there anything that can be suggested to speed up this job?

Meindert · ‎07-04-2013

I have noticed slow backups with BE20110sp3 combined with (backups of) servers with databases (SQL, Exchange) and/or Active Directory, usually in combination with deduplication. After a long analysis, logging and such, I noticed that the BE server had rather long wait periods, in which it would wait for responses from the client. Some further googling led me to the culprit: Microsoft Forefront Endpoint Protection. You would expect them to know how to get the exclusions right on their own anti virus software, but forget it. The on-access scan engine slows backups to a crawl.

The following article finally put me on the right path:

https://kc.mcafee.com/corporate/index?page=content&id=KB66909&actp=search&viewlocale=en_US&searchid=1318380358919

Solution

Add the following exclusions to your antivirus. I found that it works for FEP, but it might well also work for Sophos, NOD32, Norman, Panda, F-Secure, Kaspersky, Symantec and others.

Add Low Risk Processes policies and exclusions for Backup Exec.

Step 1 - Add exclusions to AV on your Backup Exec Server

Open your antivirus scanner and go to the Exclusions part of the settings.
Add exclusions for the following processes:

C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\Symantec\Backup Exec\beserver.exe
C:\Program Files\Symantec\Backup Exec\bengine.exe
C:\Program Files\Symantec\Backup Exec\benetns.exe
C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
C:\Program Files\Symantec\Backup Exec\BkUpexec.exe

NOTE: Change the path as appropriate, depending on which root volume the Media Server or Remote Agent has been installed to.

Step 2 - Exclude Backup Exec paths from scanning

Open your antivirus scanner and add the following path to the Exclusions (including subfolders):

C:\Program Files\Symantec\Backup Exec\
C:\Program Files (x86)\Symantec\Backup Exec\

When configuring your settings, keep your eye open for other settings that could complement the exclusions. For example, McAfee has an option to ignore files that are opened for backup.

Step 3 - Add exclusions based on the used product

Active Directory, Exchange, SQL - they all have their own required exclusions. Configure these exclusions using the following articles:

https://kc.mcafee.com/corporate/index?page=content&id=KB66909&actp=search&viewlocale=en_US&searchid=1318380358919

Once you've set these, there's a good chance things will improve drastically.

Symantec, you would do well to make a dedicated article explaining what exclusions to add - not just for your own products, but also other products that BackupExec has to work with.

CraigV · ‎07-04-2013

...well, technically they have:

http://www.symantec.com/business/support/index?page=content&id=TECH76327

...I've had these issues with McAfee...no other AV to be honest, although I have seen this work for some other AVs.

However, how many AVs are out there? The basics would remain the same, the services remain the same. Just exclude them from your AV scan...

Meindert · ‎07-09-2013

True, but unfortunately that article has the reach of a flagellum. The McAfee article is much more detailed. Also, it touches on the fact that not doing Best Practice exclusions for other products - say, AD, SQL, and/or Exchange - can also combine to give BackupExec a bad day.

I ran into the problem with Forefront combined with AD Federation Services; and Forefront uses a combination of AV engines. I'm not sure whether or not FEP uses McAfee, but even if it doesn't, the exclusions are a good idea and the McAfee article is comfortably specific.

VOX

Low transfer rate/slow backup