Solved: Hello, I think the output is

uweiss · ‎01-10-2013

Hello,

In our newly rebuilt infrastructure i wanted to use a separated backup network for all the backup traffic, but getting a "Browse Failure / Access denied" message while loading the available selection from the agent.

Example Setup:

BackupExec Server IP: 10.0.0.1 (Backup network)

Agent IP: 192.168.1.1 (LAN)
Agent IP: 10.0.0.10 (Backup network)
Agent FQDN: myhost.example.com

Test:

If i add the host with the LAN IP or FQDN, the selection list loads fine, but accesses the Agent through the firewall (which is properly configured).

If i add the host with the Backup Network IP, it works too.

But, i want to use an FQDN when adding the host. Would like to see the names of the server instead the IP address on the backp network.
So, i thought i will add a new DNS record, f.ex. "myhost.backup.example.com" which points to the IP of the backup network.

Now, if i use the new FQDN, i can add the host without problem, but, if i try to create a new backup for the host, i get this error:

Browse Failure
Failure to browse 'myhost.backup.example.com'.
Access is denied.

Debugging:

I compared the debug output when using the normal FQDN (through the firewall) with the output of the backup FQDN (same network) and found this difference:

- Informational: Restrict Anonymous Support is enabled
- creating DLE for remote machine \\myhost.backup.example.com
- legacy_MSNetCreateTempDLE() - Info: NetServerGetInfo() failed with error code: 5. Using GetVersionEx() to get the server information

The correct (i think) would be:

- Informational: Restrict Anonymous Support is enabled
- creating DLE for local machine

Looks like it doesn't know the new FQDN because it doesn't matches the servers real hostname.

Any way to get this setup working with an FQDN somehow?

Thank you very much
Urs

CraigV · ‎01-10-2013

Hi,

Have you tried to edit the hosts file on the media server to get around this?

Thanks!

View solution in original post

CraigV · ‎01-10-2013

Hi,

Have you tried to edit the hosts file on the media server to get around this?

Thanks!

Gurvinder · ‎01-10-2013

can you also upload the beremote from remote server and bengine, beremote from media server

pkh · ‎01-10-2013

Upload all these .exe files to where? Please be specific.

uweiss · ‎01-10-2013

Hello Craig

Haven't tried that yet, because i don't really want to manage a hosts file. This feels like back in the 1970's...

But will try that today.

Thanks
Urs

uweiss · ‎01-10-2013

Hello Gurvinder,

I'm sorry, but i do not understand exactly what you mean.

Urs

CraigV · ‎01-10-2013

...unless these are logs or screenshots of the versions of these files, I don't think it should be considered.

CraigV · ‎01-10-2013

You should only need to do this on the media server, and add in all the remote servers on that backup VLAN.

Gurvinder · ‎01-10-2013

Hi Urs,

Apologies, I missed on the word logs. Just wanted to check the complete beremote logs from remote server and bengine and beremote log from media server

You can use the following registry key to enable it on media server and remote server --

HKLM\Software\Symantec\Backup Exec for Windows\Backup Exec\Engine\Logging

CreateDebugLog -> 1

The logs would be created at BE Install Path\logs on media server and BE RAWS Install Path\logs on remote server

CraigV · ‎01-10-2013

...would you mind posting back this time on what you find in the logs?

pkh · ‎01-11-2013

One quick way to test whether your backup network is working is to unplug the connection to your LAN. If you can backup your remote server without problems, then the backup network is o.k.

In you backup job, under Network and Security, you can also specify the NIC that you want for your backup.

Colin_Weaver · ‎01-11-2013

I would suggest making the media server resolve the remote server FQDN using the backup LAN IP address for the remote, but also make the remote server resolves the media server FQDN and shortname using the Backup LAN IP address of the mediasserver. Easiest way to do this without affecting system that you want to name resoolve ovetr the main LAN is to use hosts files on the two servers.

After you have verified name resolution is returning the correct IP address restart the remote agent on the remote system, possibly recreate the trust relationship and recreate the selection list.

You should also perhaps look at any firewalls - the remote agent needs at least the NDMP Port (10,000) but also needs a configurable range of ports for the NDMP data conecction. Direction for these is Media server to remote server. Can be a good idea for 6101 (RAWS advertising) to be open from remote server to media server as well.

uweiss · ‎01-11-2013

Hello,

I think the output is the same as SGMon produces it. I've attached the anonymized output of the remote agent from yesterday.

uweiss · ‎01-11-2013

Hello Colin,

Now made a hosts entry for the remote server on the media server. Seems to work so far, and the selection list appears now without any error.

I will try to run a backup today or this weekend.

Thanks
Urs

uweiss · ‎01-13-2013

OK, it works. Some other errors, but not related to this problem.

Adding a hosts entry for each remote backup agent does the trick:

Thanks
Urs

CraigV · ‎01-14-2013

Great stuff, although it would be good to get this sorted out via DNS, but this will buy you some time to do so.

Thanks!

VOX

"Browse Failure" when using separate backup network