cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

NetBackup 7.1 VSS Snapshot Exchange 2010 Role Requirements

Go to solution
Bede123
Not applicable

‎12-03-2013 06:47 AM

Our Exchange 2010 VSS snapshot backups are occasionally fail and leave the Exchange VSS writers in a failed or 'waiting for completion' state.  Failures coincide with Event Log entries regarding RBAC rights failures:

Application\MSExchange RBAC (17)

Time: 12/2/2013 9:39:57 PM. Event description: (Process w3wp.exe, PID 1648) "RBAC authorization returns Access Denied for user domain.com/Servers/OU/EXCMB05. Reason: No role assignments associated with the specified user were found on Domain Controller DC02.domain.com"

Should the client run as the backup service account instead of SYSTEM?  The documentation doesn't state anything about requiring it AFAIK.

Environment:

NetBackup 7.1

Exchange 2010 SP3 RU2

Windows 2008 R2 SP1

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
SymTerry
Level 6
Employee Accredited

‎12-03-2013 09:47 AM

Hello,

By default, this service runs as Local System. You may need to change it to another account that has the right permission to Exchange. Setup the account in AD and set the service to run as that account. 

If you receive an "Access is denied" error when you perform a restore, you may need to run the following commands:

New-ManagementRole -Name EWSImpersonationRole -Parent ApplicationImpersonation
 
New-ManagementRoleAssignment -Role EWSImpersonationRole -User Administrator   
EWSImpersonationRoleAssignment
where Administrator is the alias of the Active Directory account you want to use.
 
If needed, refer to HOWTO47408 for the steps on configuring the NetBackup service account (Exchange 2010).

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
SymTerry
Level 6
Employee Accredited

‎12-03-2013 09:47 AM

Hello,

By default, this service runs as Local System. You may need to change it to another account that has the right permission to Exchange. Setup the account in AD and set the service to run as that account. 

If you receive an "Access is denied" error when you perform a restore, you may need to run the following commands:

New-ManagementRole -Name EWSImpersonationRole -Parent ApplicationImpersonation
 
New-ManagementRoleAssignment -Role EWSImpersonationRole -User Administrator   
EWSImpersonationRoleAssignment
where Administrator is the alias of the Active Directory account you want to use.
 
If needed, refer to HOWTO47408 for the steps on configuring the NetBackup service account (Exchange 2010).
0 Kudos