08-22-2011 05:21 AM
Hi
There exist an Article from Symantec about this Problem ( http://www.symantec.com/business/support/index?page=content&id=TECH130493 ) ; but as i knew, it did not appear complete.
When i try to restore a *.vmdk-file i had to change to the root-privileges so that the operation will complete successfully. If not, the Job will Fail with (Permission) Error 5 ( Something like Creating *vmdk-file )
Did anyone had some experience or proposals for this Issue ?
Thanks for your Help
Thomas
Environment is :
Master-Server : SUN Solaris 10 NBU : 7.0.1 EE
VM-Proxy : Windows 2003 Std NBU CAL 7.0.1 / EEBInstaller.2105102.14
VMSphere ESXi : 4.1 / 260247
VM-Host : Windows 2003 Std
Solved! Go to Solution.
08-23-2011 06:05 AM
Have a look at these 2 TechNotes regarding permissions for VM backups and restores:
http://www.symantec.com/docs/TECH130493
http://www.symantec.com/docs/TECH128513
In a secure environment, the ‘minimum’ requirements will probably not be sufficient.
The following extract from the 1st TN says that :
"These are the minimum required permissions that has been found to be sufficient in the tests performed by Symantec for a basic vSphere environment. This is not a complete list. Additional privileges might be required if advanced features are in use. "
(notice the words ‘test’ and ‘basic vSphere environment’)
The second TN has the following recommendation:
"During restores, NetBackup can be instructed to provision the virtual machine anywhere in the vSphere cloud. NetBackup also provides options to handle the existing machine (whether to overwrite the original machine, reuse it UUID etc.). Hence the minimum permissions to provision the restored virtual machine anywhere in the vSphere could would be almost close to built-in Administrator role. Symantec recommends cloning the Administrator role and removing permissions related to operations that NetBackup should not perform based on business and security requirements."
IMHO, the VMware Admins should play a leading role in determining these permissions, as each environment is unique with unique security limitations.
Also have a look at the Recommendations under Option 1 and Option 2 in the 2nd TechNote and see if the VM Admins are agreeable to be closer involved when restores are needed - similar to Database Administrators (SQL, Oracle, DB2) involvement when database restores need to be done.
08-23-2011 04:18 AM
You either missed something or in your VC the account wasn't at the highest level.
08-23-2011 06:05 AM
Have a look at these 2 TechNotes regarding permissions for VM backups and restores:
http://www.symantec.com/docs/TECH130493
http://www.symantec.com/docs/TECH128513
In a secure environment, the ‘minimum’ requirements will probably not be sufficient.
The following extract from the 1st TN says that :
"These are the minimum required permissions that has been found to be sufficient in the tests performed by Symantec for a basic vSphere environment. This is not a complete list. Additional privileges might be required if advanced features are in use. "
(notice the words ‘test’ and ‘basic vSphere environment’)
The second TN has the following recommendation:
"During restores, NetBackup can be instructed to provision the virtual machine anywhere in the vSphere cloud. NetBackup also provides options to handle the existing machine (whether to overwrite the original machine, reuse it UUID etc.). Hence the minimum permissions to provision the restored virtual machine anywhere in the vSphere could would be almost close to built-in Administrator role. Symantec recommends cloning the Administrator role and removing permissions related to operations that NetBackup should not perform based on business and security requirements."
IMHO, the VMware Admins should play a leading role in determining these permissions, as each environment is unique with unique security limitations.
Also have a look at the Recommendations under Option 1 and Option 2 in the 2nd TechNote and see if the VM Admins are agreeable to be closer involved when restores are needed - similar to Database Administrators (SQL, Oracle, DB2) involvement when database restores need to be done.
08-24-2011 06:33 AM
Hi Marianne
Some time it is a little bit tricky. The switches in the german version of VMware respektive 4.1are something different to them in the englisch. With your help and some deeper look into the log, i found the missing rights.
It's very interisting, that the different language-versions have different config-files.
Great Thanks for your Help
Thomas
08-24-2011 06:37 AM
Could you take a screenshot and post them? I will create a GERMAN TN for this.
08-24-2011 07:15 AM
Hi pikachu
Here is the screenshot. If you need the whole list, please let me know.
Kind regards
Thomas
08-24-2011 07:18 AM
The entire list would be great. Not sure how much work that is going to be for you :(
08-25-2011 04:37 AM
I hope you will enjoy with this list.
Running through all parameters i will hazard a guess, that there is an logic error in TECH130493 so that the part Virtual Machine > State neither include "Network" nor "Assign network"
Kind regards
Thomas
08-25-2011 04:50 AM
Depending on verison of ESX/VC you run "network" shows up as it's own independent item.