cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup exchange 2013 restore issue after DisableLoopbackCheck

eccio
Level 4

Hi all.

After a workaround made on a vulnerability CVE-2018-8581 (https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8581)

reg delete HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v DisableLoopbackCheck /f

all the exchange restores started to fail with the following error in the job log:

11:19:28 (2974747.001) ERR - unable to create object for restore: \\server_name\Microsoft Information Store\MBX13\Database, rai error = 6

In the EWS log on the exchange server found this:

[583c] 02/20/19 11:19:27  AutoDiscover Failed in locating the url  The Autodiscover service couldn't be located.

[583c] 02/20/19 11:19:28  Could not use...... webserviceurl https://mail.name.domain/EWS/Exchange.asmxThe request failed. The remote server returned an error: (401) Unauthorized.

Exchange 2013, Netbackup 8.1 on Windows 2012, Netbackup 5330 Appliace

Anybody experienced this already and have any suggestion or solution?

thank you

Marian

1 REPLY 1

Lowell_Palecek
Level 6
Employee

When I follow your Microsoft link, it says the vulnerability has not been publicly disclosed and it has not been exploited. I had to click through acceptance of terms of service to get to it.

NetBackup uses Exchange Web Services (EWS) to restore mail items. We get a URL for EWS by calling the EWS autodiscover API provided by Microsoft. It appears that you have disabled EWS autodiscovery.

Please look for this error in the ncfgre log and share any extra information you may find relating to this error. When autodiscover fails, NetBackup then uses PowerShell to try to construct a working URL. You should find evidence of this in the ncfgre log and the monad log.