cancel
Showing results for 
Search instead for 
Did you mean: 

Active Directory Granular restore and a NetBackup appliance

cmorrall
Level 4

I've recently been tasked with implementing granual recovery capabilites in NetBackup.So far I admit I've only skimmed the bits in the documentation, but I've gathered I need to install the Microsoft provided NFS client on the AD Domain Controllers. Fine, although I had a bit of a "wait, what?" moment.

I've not really seen much detail on how to provide the actual NFS export from the media server. I saw something in passing about this is a regular feature in most operating systems. Lucky me I'm using the appliance, version 3.0.1 so I should be all set since it's RHEL under the hood.

How do I actually configure this on the appliance? There are some predefined NFS exports available for exporting log dumps and install files, but I guess I can't use these.

Can I just willy-nilly go into the shell and run native Linux commands? I assume Veritas Support would drop any case from this point forward.

Just need to be pointed in the right direction for documentaiton, so far I've not been able to find an end-to-end guide with my combination of an appliance, NFS exports and AD granular recovery.

5 REPLIES 5

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
Since its appliance you don't need to do anything on it. Focus on the client, enable nfs, start the cleint services with ad account and tick granular in your policy. Simple as that

Systems_Team
Moderator
Moderator
   VIP   

Hi Cmorrall,

There is actually nothing required to be done on the appliance side at all.  All the work is getting the NFS client setup on your DC's, and ensuring you are running the Netbackup Client services under a domain account that has access to backup and restore AD.

Other than that, it is just having the correct network ports open for you NetBackup client between Master and Media servers as per normal.  There are a couple of extra ports that NBFSD (NetBackup implementation of NFS used for GRT) uses between the client and the appliance.  If you have restrictive firewall rules you may need to look at that.

If you had say a Windows Media server, rather than an appliance, you would need to configure NFS there - but as you have the appliance you're all set on that side.  All the details you need are in the Veritas NetBackup Administrator's Guide Volume I (Release 8.0 in your case), starting on page 862.

Here are a couple of extra links that you may find useful.  The first is how to manually test GRT NFS connectivity between media server and client, and the second is a writeup of the Veritas implementation of NFS, which may allay any security worries you have:

https://www.veritas.com/support/en_US/article.TECH124810

https://www.veritas.com/support/en_US/article.TECH76684

Probably the only other item to add is you may have to increase your Client Read Timeout (Host Properties->Media Servers->Your Appliance->Timeouts).  GRT needs extra time while traversing the data as you do a browse of your GRT backups, so we've set ours at 3600 seconds.

Hope this helps.  If you get stuck, check back in and we'll help you out.

Steve

Resurrecting this thread, not until now did I get around to configure this.

Still facing some issues. I think I've followed all steps outlined in the manual, but I get this error:

2017-dec-11 11:38:15 - Info bptm (pid=243912) start backup
2017-dec-11 11:38:18 - Info bptm (pid=243912) backup child process is pid 243939
2017-dec-11 11:38:18 - begin writing
2017-dec-11 11:39:01 - Error bpbrm (pid=243904) from client myDC.local : ERR - Unable to NFS mount the required file system.

 

I've temporarily disabled the Windows firewall on the Domain Controller, still the same problem. I've done the manual check to see if I can mount the NFS export from the media server, and this works.

If I uncheck the granular backup recovery, the backup goes through without issue. Seems my configuration is stuck on the NFS mount part, but I've not been able to troubleshoot where this issue lies.

There are no external firewalls between the client and the media server and I only have a single appliance working as both the master and the media server.

If it's a timeout issue, I've not been able to find it. The error occurs less than 60 seconds from the start of the backup, and all timeout values I've seen are way larger than that.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Can you please go through this KB article and double-check ?

https://www.veritas.com/content/support/en_US/doc/18716246-126559472-0/v81667210-126559472

Next, please go through the steps in the article that @Systems_Team posted:  
https://www.veritas.com/support/en_US/article.TECH124810

You need to test NFS mount on the Client (not media server) after executing the nbfsd commands on the media server (Aplliance). Please see the examples. 
You should be able to run NBU commands (nbfsd) from Main_Menu > Manage > NetBackupCLI > Shell
or else  Support >Maintenance
/opt/Symantec/scspagent/IPS/sisipsoverride.sh 
Elevate

Extract from TN: 
On NetBackup client: 
2. Open command prompt and execute the command: 
<install_path>\Veritas\netbackup\bin\nbfs mount -server <Media_server_name> -cred <CRED1> * 

## Specify the name of the NetBackup media server where the nbfsd process is started in the above process. 
## Do not forget to add * (asterisk symbol) at the end of the command line. 

Please post output of commands listed in the doc.

I turned on verbose logging on the client and was able to track down the issue.

Apparently, NetBackup uses the short hostname, not the FQDN for the NFS mount operation. When I earlier verified connectivity using the manual method, I used the FQDN.

Not sure why NetBackup uses the short hostname, the client was added with the FQDN.

Anyway, I finally resorted to a hack where I added the short name as an alias to the FQDN in hosts file of the client. The granular backup and restore now works.