01-10-2013 04:59 AM
Hello,
In our newly rebuilt infrastructure i wanted to use a separated backup network for all the backup traffic, but getting a "Browse Failure / Access denied" message while loading the available selection from the agent.
Example Setup:
BackupExec Server IP: 10.0.0.1 (Backup network)
Agent IP: 192.168.1.1 (LAN)
Agent IP: 10.0.0.10 (Backup network)
Agent FQDN: myhost.example.com
Test:
If i add the host with the LAN IP or FQDN, the selection list loads fine, but accesses the Agent through the firewall (which is properly configured).
If i add the host with the Backup Network IP, it works too.
But, i want to use an FQDN when adding the host. Would like to see the names of the server instead the IP address on the backp network.
So, i thought i will add a new DNS record, f.ex. "myhost.backup.example.com" which points to the IP of the backup network.
Now, if i use the new FQDN, i can add the host without problem, but, if i try to create a new backup for the host, i get this error:
Browse Failure Failure to browse 'myhost.backup.example.com'. Access is denied.
Debugging:
I compared the debug output when using the normal FQDN (through the firewall) with the output of the backup FQDN (same network) and found this difference:
- Informational: Restrict Anonymous Support is enabled - creating DLE for remote machine \\myhost.backup.example.com - legacy_MSNetCreateTempDLE() - Info: NetServerGetInfo() failed with error code: 5. Using GetVersionEx() to get the server information
The correct (i think) would be:
- Informational: Restrict Anonymous Support is enabled - creating DLE for local machine
Looks like it doesn't know the new FQDN because it doesn't matches the servers real hostname.
Any way to get this setup working with an FQDN somehow?
Thank you very much
Urs
Solved! Go to Solution.
01-10-2013 11:25 AM
Hi,
Have you tried to edit the hosts file on the media server to get around this?
Thanks!
01-10-2013 11:25 AM
Hi,
Have you tried to edit the hosts file on the media server to get around this?
Thanks!
01-10-2013 11:35 AM
can you also upload the beremote from remote server and bengine, beremote from media server
01-10-2013 04:43 PM
Upload all these .exe files to where? Please be specific.
01-10-2013 11:04 PM
Hello Craig
Haven't tried that yet, because i don't really want to manage a hosts file. This feels like back in the 1970's...
But will try that today.
Thanks
Urs
01-10-2013 11:06 PM
Hello Gurvinder,
I'm sorry, but i do not understand exactly what you mean.
Urs
01-10-2013 11:08 PM
...unless these are logs or screenshots of the versions of these files, I don't think it should be considered.
01-10-2013 11:23 PM
You should only need to do this on the media server, and add in all the remote servers on that backup VLAN.
01-10-2013 11:31 PM
Hi Urs,
Apologies, I missed on the word logs. Just wanted to check the complete beremote logs from remote server and bengine and beremote log from media server
You can use the following registry key to enable it on media server and remote server --
HKLM\Software\Symantec\Backup Exec for Windows\Backup Exec\Engine\Logging
CreateDebugLog -> 1
The logs would be created at BE Install Path\logs on media server and BE RAWS Install Path\logs on remote server
01-10-2013 11:37 PM
...would you mind posting back this time on what you find in the logs?
01-11-2013 12:17 AM
One quick way to test whether your backup network is working is to unplug the connection to your LAN. If you can backup your remote server without problems, then the backup network is o.k.
In you backup job, under Network and Security, you can also specify the NIC that you want for your backup.
01-11-2013 12:40 AM
I would suggest making the media server resolve the remote server FQDN using the backup LAN IP address for the remote, but also make the remote server resolves the media server FQDN and shortname using the Backup LAN IP address of the mediasserver. Easiest way to do this without affecting system that you want to name resoolve ovetr the main LAN is to use hosts files on the two servers.
After you have verified name resolution is returning the correct IP address restart the remote agent on the remote system, possibly recreate the trust relationship and recreate the selection list.
You should also perhaps look at any firewalls - the remote agent needs at least the NDMP Port (10,000) but also needs a configurable range of ports for the NDMP data conecction. Direction for these is Media server to remote server. Can be a good idea for 6101 (RAWS advertising) to be open from remote server to media server as well.
01-11-2013 05:50 AM
Hello,
I think the output is the same as SGMon produces it. I've attached the anonymized output of the remote agent from yesterday.
01-11-2013 06:18 AM
Hello Colin,
Now made a hosts entry for the remote server on the media server. Seems to work so far, and the selection list appears now without any error.
I will try to run a backup today or this weekend.
Thanks
Urs
01-13-2013 11:27 PM
OK, it works. Some other errors, but not related to this problem.
Adding a hosts entry for each remote backup agent does the trick:
<Backup Nerwork IP> <Hosts FQDN>
Thanks
Urs
01-14-2013 02:26 AM
Great stuff, although it would be good to get this sorted out via DNS, but this will buy you some time to do so.
Thanks!