cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Restoring encrypted backups

Go to solution
RoddersB
Level 4

‎01-07-2016 02:53 AM

Hi,

Using Backup Exec 15, I am backing up to tape using encryption at one site (256 bit AES). When I come to restore it at another site (different forest and domain) despite using the same passphrase I am getting an error regarding the key, "The encryption key required by this backup set cannot be retrieved".

I am using Backup Exec 15 FP1 on Server 2012 R2, restoring on Backup Exec 15 FP1 on Server 2008 R2 if that is of any use.

This process was working perfectly fine under Backup Exec 2010 R2.

I am 99% sure that I am using the same passphrase so before I go down the step of changing the passphrase (and therefore breaking my existing backups) I wanted to check with the learned people in this group that there wasn't some known problem existing in Backup Exec 15 FP1 that is preventing me from doing this.

Thanks in advance !

Brian.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
VJware
Level 6
Employee Accredited Certified

‎01-07-2016 03:10 AM

Was the same type of key created at the other site i.e. Restricted or Non-Restricted ?

Not aware of any known issues in BE 15, though may be worthwhile applying FP3 patch.

View solution in original post

0 Kudos
3 REPLIES 3

Go to solution
VJware
Level 6
Employee Accredited Certified

‎01-07-2016 03:10 AM

Was the same type of key created at the other site i.e. Restricted or Non-Restricted ?

Not aware of any known issues in BE 15, though may be worthwhile applying FP3 patch.

0 Kudos

Go to solution
RoddersB
Level 4

‎01-07-2016 03:18 AM

Hi,

Thanks for the response (VJware), both set up as Non-Restricted.

I was afraid you might say that about FP3 !

Brian.

0 Kudos

Go to solution
Colin_Weaver
Moderator
Moderator
Employee Accredited Certified

‎01-07-2016 03:53 AM

Did you give the encryption key the same name as the original?

 

Also if not sure about the passphrase setup a new passphrase (without touching the old one)  and create a new test job against it before testing restores with that backup set, then you won't be touching the existing backups until you have to.

 

If it is an unknown passphrase issue however you will need to

a) never delete the old encryption key from the database (until all the backup sets that used it are expired/overwirtten anyway) as the only place that can do a restore is somethere running the BEDB that contaisn that key.

b) change existing jobs to use a new key with a passphrase that you know

c) Export the BEDB encyption key and keep a copy of the BEDB so that if you ever have  disater that means you need to restore from one of the earlier sets that you can use the BEDB to allow you to restore

As best pratice when maintaining records of passphrases you shoulc always keep details of the dates they were used, the servers they were used against and the sequence of which keys/passphrases followed/replaced each other.