cancel
Showing results for 
Search instead for 
Did you mean: 

Exchange Backups cross forest single master server appliance

lnbu
Level 3

We are looking for a workaround or working solution, and if it is uspported to backup Exhange in cross domain forests using a single master server appliance.

14 REPLIES 14

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi @lnbu 

I came across this article from 2010. https://vox.veritas.com/t5/Articles/How-to-Create-an-Exchange-2010-Backup-Policy-in-NetBackup-7-x/ta...
Unfortunately with the move from Symantec Connect to Veritas VOX the pictures got lost.
Hopefully the detailed explanation is good enough. 
Although Judy had a different master at the remote site which you don't have? Maybe there is still something useful... 

You will notice that a PM immediately answered with 'not supported'.

If the issue is simply with port connectivity for GRT-enabled policy, then please see this extract from NBU Ports reference guide:
The following ports must be open to use the GRT feature of NetBackup.
■ TCP port 111 (portmapper) needs to be open from the client to the media server.
■ TCP port 7394 (nbfsd) needs to be open from the client to the media server.

I'm sure Veritas expert @Lowell_Palecek will be along soon with more solid advice Smiley Wink

Lowell_Palecek
Level 6
Employee

Here I am. I'm 7 or 8 timezones behind @Marianne in US Central DST (UTC-5).

I need to understand the question.

If you mean databases are in multiple domains within a forest, sure, you can do that with NetBackup, so long as get-MailboxDatabase can see the database.

You can use GRT as long as get-Mailbox in a Powershell session with ViewEntireForest enabled can see the mailboxes you need. We had a regression regarding ViewEntireForest in the 8.x releases, for which Veritas support can supply you an EEB (replacement DLL).

If all your databases have copies in your local data center, then you should make sure NetBackup chooses local copies to back up. For database-level restore, Exchange requires that NetBackup restores to the active copy of the database. You could get around that by restoring to a local RDB. For GRT restore, NetBackup only needs EWS connectivity.

The old Vox post seems all right. I think it's not necessary with later Exchange versions. I presume that the underlying issue with Exchange 2010 was that the DAG name resolved to one specific Exchange server IP. Before NetBackup 7.7.3, NetBackup needed to execute something called bpresolver on the DNS-resolved DAG. One instance of bpresolver is the "grandparent" job in the old post.

IP-less DAGs forced NetBackup to resolve the DAG name to an Exchange mailbox without the DNS. This is available for Exchange 2013 and later, and NetBackup 7.7.3 and later. NetBackup doesn't need a particular Exchange server for bpresolver, we only need some Exchange server. So if you have separate NetBackup master servers in each domain, skip the complicated part about giving each master access to clients in the other domain, and follow the advice about setting up policies.

BTW, Larry Cadloff was a great technical PM. He helped a lot of customers and support engineers figure out practical solutions to Exchange questions. He's not with Veritas anymore.

Thanks for your feedback.

The client tried to backup a server with Exchange in one domain from the appliance ( master server ) that was in another domain. they only have one master server and the Exchange servers/ DB's are in diffrent domains.

The Engineers tried eas they may, they could not get the backup to work. They tried creating local accounts on the server as well as a domain account that had admin permissions on both domains and they still couldn’t get it to work.

I will share the above post and see if they have tried this.

Any feedback will be appricated.

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi @lnbu 

Could you please try to get the Job Details from the site engineers?
Or even better - please ask them to partcipate in this discussion.

Please ask them to mask hostnames in Job Details text - replace actual hostnames with generic names, e.g. DAG1 (if DAG) or Exch1 for Standalone Exch server, etc. 

The Job Details will hopefully point us to the logs that are required (hopefully they have created log folders on Exch servers as per the Troubleshooting section in NBU for Exch manual).

It would be interesting to know what failed and how far the attempt got.

I wonder to start with whether it's an Exchange problem or general connectivity between the master server and the clients. Some general questions:

1. Can the NetBackup admin console on the master server connect to the individual Exchange servers as clients, and edit their client host properties?

2. Can you make an MS-Windows policy for one of the clients? Can you browse the client file system in the Backup Selections tab of the policy window?

3. Does backup and restore of a folder using an MS-Windows policy work?

4. If the Exchange environment is a DAG, can you ping it from a command window? (It's ok if the answer is no.) If you can ping it, match the IP against the mailbox servers, and confirm questions 1 - 3 for that host.

5.If Exchange is a DAG, can you make an Exchange policy using the DAG name? Can you browse the databases in the Backup Selections tab of the policy window?

More questions depending on these answers and the info @Marianne asked for.

Just an update.

Backups.

1. We created the MS-Windows backups for all the nodes that forms part of the DAG anf backups werte successfull.

2. Exchange backups for DAG was created and nodes were specified in host properties. Active and Passice copy was successfull.

3. We enabled NFSA client on DAG nodes and single mailbox and item level recovery was successfull on browse.

Restore

1. We could restore data from the windows backups to alternate location

2. Excange DB restore to recovery group was successfull.

3. We could select individual mailboxes and items from DAG backup but restored failed as it tries to diffrent domain.

I will share job log.

 

job Log of failed restore

14 May 2019 7:23:47 PM - Info bpbrm (pid=325520) Restore executed on server DAG Node 1
14 May 2019 7:24:45 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database, rai error = 6
14 May 2019 7:24:46 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest], rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Calendar, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Contacts, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Deleted Items, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Drafts, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Inbox, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Journal, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\ADAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Notes, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Outbox, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Sent Items, rai error = 6
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database\Backup Test [BackupTest]\Top of Information Store\Tasks, rai error = 6
14 May 2019 7:24:47 PM - Info tar (pid=0) done. status 0
14 May 2019 7:24:47 PM - restored from image DAG IP X.X.X.X_1557780955; restore time: 0:01:13
14 May 2019 7:24:47 PM - Info tar (pid=0) done. status: 5
14 May 2019 7:24:47 PM - Info tar (pid=0) done. status: 5: the restore failed to recover the requested files
14 May 2019 7:24:47 PM - Error bpbrm (pid=325520) client restore EXIT STATUS 5: the restore failed to recover the requested files
14 May 2019 7:24:48 PM - end Restore; elapsed time 0:01:15
MS-Exchange policy restore error  (2810)

Two things.

1. GRT restore into a mailbox in a different domain from the Exchange service account you're using doesn't work in the 8.x releases. We fixed the backup side in 8.1.2, so that the backups get all the mailboxes, but the restore part of the solution isn't available in a release until 8.2. If you contact Veritas Support, we can look into making an EEB for your version.

2. The fix mentioned in #1 may not help until we figure out the cause of this:

>Error bpbrm (pid=325520) from client DAG IP X.X.X.X: ERR - unable to create object for restore: \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database

This error occurs before trying to find any mailboxes in the database such as Backup Test [BackupTest]. The cause may be the same, but it may be different.

Whenever you see "Error bpbrm (pid=xxxxxx) from client" look to the client logs for more information.

In this case, look for ncfgre and monad logs. The monad log is in the NetBackup\logs\beds folder. Make sure this folder and NetBackup\logs\ncfgre exist. The ncfgre log is a VxUL log for OID 352. Set the logging level to 5 for this OID and also 137, or just set it to 5 in client host properties. The monad log depends on the Windows client logging level = 2 in the client host properties.

When you are looking for the error in the ncfgre log, first run vxlogview -i 352, redirected into an output file.

Then look for occurrences of "RAI Object is a" in the file. The lines that follow give you the name in plain text and hex. You can use these log entries to follow as nbgre walks the hierarchy down to \\DAG Node 2\Microsoft Information Store\Dormant Mailboxes 1\Database.

When you are getting the monad log, also get the file named "DAG Node 2-EWSLog00". Both of these logs will contain many days of log entries. Go to the ends of the logs to find the relevant parts, which will be reasonably short.

Dear Lowell,

this post is old I know..

But unfortunatelly the issues is still present..

I'have exchange DAG 2016 with NetBackup 8.2, my exchange is cross-domain.. 

If I understand, the backup should be ok .? you confirm ? all mailbow were backed up ??
When I try to restore a mailbox from child domain, I don"t find it..

And it is correct, all mailbox from child domain are not listed !!!! How can I restore one ?

 

thanks for your return 

 

Much has happened on this front in 8 months.

First, we got full solution EEBs for 8.1.1 and 8.1.2 (3953626 or 3969148). The fix went into 8.2. It makes sure ViewEntireForest is applied to all PowerShell sessions.

Then we had a regression in 8.2 because the default mode for ViewEntireForest changed to "off." To overcome this, create the following Registry value on each Exchange server where backup or GRT restore jobs run.

Key: HKEY_LOCAL_MACHINE\SOFTWARE\Veritas\NetBackup\BEDS\Engine\Exchange
Value Type: DWORD
Value Name: PowerShellOptions
Value: 0

(0 means to not disable ViewEntireForest.)

After making this change, restart the NetBackup Discovery Framework service on each Exchange server. Then wait until the *exchange* files are updated on the master in NetBackup\db\discovery before making a new backup.

The 8.2 problem is fixed in the code base for the next release. The Registry value won't be required. (It won't hurt.)

Thanks, yes it is the solution.

I opened a request too, and they gave me this solution too..

 

Just I am very surprised about this non-information in the admin exchange guide..
regards !

It's not in the Exchange admin guide because it's a regression bug that customers discovered after the affected NetBackup releases. There is a TechNote on the topic. Veritas Support updated the TechNote with the information I posted here, including the following correction:

PowerShellOptions is also needed for NetBackup 8.1.2 along with the EEB.

To summarize:
8.0 Works
8.1 Regression introduced. No EEB. Upgrade to 8.1.1 or later.
8.1.1 Apply EEB.
8.1.2 Apply EEB and set PowerShellOptions = 0.
8.2 Set PowerShellOptions = 0.

All this is in the TechNote: https://www.veritas.com/support/en_US/article.100043063