01-05-2021 07:40 AM
Base of my issue is for certain period(2017 to Jan 2018) not able to browse the backed files for the selected dates to perform the restore.
When checked, for that certain period(2017 to Jan 2018) client files & .f files are missing in /openv/netbackup/db/images/ directory. So planned to perform the media import but there we had KMS issue i.e for that certain period((2017 to Jan 2018) the passpharse for the keytag used was different and also we lost it if we want to recover and activate the key group & tag. My queries here is
01-05-2021 08:06 AM
01-05-2021 01:54 PM
My suggestion would be to use a combination of 2 & 3. This assumes that the backup image information is still in the NBDB (i.e. a bpimagelist of the backupid returns information). If this is the case, then you can use the catalog backup from Jan 2018 to recover the .f files missing.
Once this is done you still have the issue of the KMS keys changing, but as you have the KMS database from that time, you can temporaily switch it over to perform the recovery. Remember to backup the current keys before you do this (as suggested by @pats_729). Also I would strongly suggest you prevent any KMS enabled backups running while you are performing the recovery operation.
One final point, you should really be retaining the KMS keys for the life of the backup data (so it is possible to perform a restore). In the past this was more difficult due to the limited number of keys available (use to be 10 I think) but the limit has increased to 30 so this should be less of an issue now.
01-29-2021 04:46 PM
We have another complication
2017 to 2018, certain backups encrypted with the key tag (ABCDE) and for this we have lost the passphrase. For testing recently recreated the same key tag(ABCDE) and given different passphrase and few recent backups are now encrypted with key tag (ABCDE) but with new passphrase we given.
01-29-2021 07:20 PM
02-01-2021 08:39 AM
You need to know passphrases for
in order to restore anything historical. If missing just one of the passphrases, data will remain encrypted for ever. Re-creating a key tag with a new passphrase will not restore the historical data.
With regards to restoring data with a current and historic key, take a look in the security and enryption guide about "Overview of key record states".
https://www.veritas.com/content/support/en_US/doc/21733320-139202231-0/v21635047-139202231
The key state of depecrated is what you want for historical key states needed to do restore, but not encryptions