cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

System State & AD Restore on Domain Controller Authentication issues

Jesse_Shumaker
Level 3

‎04-14-2006 07:41 PM

Here's my situation:

In my test lab I have brought up a domain with 2 DC's, installed veritas and done the system state backup through veritas. I then crashed the DC which I had done the system state backup on.

I then rebooted and entered into AD restore mode. I first off noticed that Veritas wouldn't load due to the services relying on the domain admin to start. I switched these over to the local system account and veritas loaded up just fine. I then click the restore tab along the top and selected the entire system state. I clicked the general tab on the left and made sure to choose restore security, preserve tree, and restore over existing files.

I clicked on run now and then submit. The error I recieve is that I haven't authenticated correctly in order to restore the system state. It makes sense. It's looking for domain admin credentials. The problem is that I'm in "safe mode" and dont have a domain active. I'm also on a DC and so there isn't any local admins which I can replace in the logon credentials area to do this restore. What am I missing and what needs to be done in order to restore the system state? I'm sure this is a common issue and haven't found any area which addresses the resolution.

Thanks for any help you can provide.
0 Kudos
3 REPLIES 3

Aleks_Maksimovi
Level 3

‎04-14-2006 08:23 PM

Try the following:


Whenever the user boots in the Active Directory Restore Mode and attempts to restore the Shadow Copy components , the job fails immediately with access denied error message

Attempting to restore any file fails with the same error message.

However the root cause of this issue is that the Active Directory is taken offline when we boot in the Active Directory Restore Mode and hence
Backup Exec is not able to use the Backup Exec service account which is a domain account to proceed with the restore.

In order to resolve this issue please do the following

1. Boot in the Active Directory Restore mode using the user name and password specified during the
installation of Active Directory.

2. Change the login account of all Backup Exec services to " Local System Account"

3. We now need to create an account which is a local account. We cannot create a domain account as the Active Directory is offline in the Active Directory Restore Mode.
However being a domain controller, we cannot create any account using the Graphical User Interface. To get rid of this problem, we create a new user using the following command at the command prompt

net user "username" "password" /add

4 The next step would be to add this user to the local administrators group
Execute the following command
net localgroup "administrators" "username" /add


5. We then need to use Backup Exec and add a new logon account
Click on Network in the menu bar and select logon accounts
In the username field specify the username without any domain name
Specify the same password that was provided while creating the user.

It is not necessary to make this account a default logon account but do not make the account restricted.

6. Run the restore job and the resource credentials for the restore job would be the logon account
created in step 5.

7. We had changed the Backup Exec service account to Local System Account in step 2.
This is done for the sole purpose of restoring Active Directory.
Once we have successfully restored the Active Directory and the server is rebooted,
we need to change the Backup Exec service account back to an Active Directory account
which is also a member of the Domain Administrators group.
If Backup Exec service account is kept to Local System , local backups will be successful
but all remote backups will fail with Access Denied errors.



Hope this helps!
0 Kudos

Steve_TYiybg
Level 4

‎04-16-2006 10:20 AM

That is all covered in the following:

http://seer.support.veritas.com/docs/236286.htm
http://seer.support.veritas.com/docs/236240.htm
0 Kudos

Shilpa_pawar_2
Level 6

‎04-17-2006 03:02 AM

Hi,

What is the exact error during restore?

Did you follow the stpes as mentioned in the following documents:

http://seer.support.veritas.com/docs/236240.htm http://seer.support.veritas.com/docs/236286.htm

NOTE : If we do not receive your reply within two business days, this post would be marked "assumed answered" and would be moved to "answered questions" pool.
0 Kudos