VOX

It looks like maybe they enabled GRT in 6.5.4 so maybe it is just a uncheck of the GRT box.

Il ressemble peut-être qu'ils ont permis GRT en 6.5.4 alors peut-être que c'est juste une décochez la case de GRT.

http://www.symantec.com/business/support/index?page=content&id=HOWTO32992

Hi,

Thank you for your answers.

The problem is that i haven't enable GRT.

 I don't understand why i must run the service with administrator privilege.

Thank you for your help.

What do you have set for your Backup Selection? What are you wanting backed up?

Qu'est-ce que vous avez définis pour votre sélection de sauvegarde? Qu'est-ce que vous vouloir sauvegarder?

Hi,

This is my backup selection :

I have one policy for all my machine running windows.

For my DC, i only need the ALL_LOCAL_DRIVES and System State.

What type of backup is this ?  MS Windows ?  Exchange SQL ? Sharepoint ?

Hi,

This a MS-Windows Backup.

This server only host active directory service.

Not sure about your permissions issue, but your backup selection is a bit ..... overkill.

ALL_LOCAL_DRIVES

Instructs NetBackup to back up all local drives except for
those drives that use removable media. This directive also
includes critical system-related components

- will do ALL including System_State &/or SCC

Use the ALL_LOCAL_DRIVES directive to back up all local drives except for those
drives that use removable media. If this directive is used, this directive must be
the only entry in the backup selections list for the policy. No other files or
directives can be listed.

System State:\

Instructs NetBackup to back up critical system-related
components. The exact set of system components that are
backed up depends on the operating system version and
system configuration

■ Active Directory
■ COM+ Class Database
■ Cluster Database
■ IIS Database
■ Registry
■ Boot Files and protected files
■ SYSVOL
■ Certificate Server
The files that comprise the registry can be found in the following location:
%SystemRoot%\SYSTEM32\Config
At a minimum, the following files are backed up as part of the registry:
■ DEFAULT
■ SAM
■ SOFTWARE
■ SECURITY
■ SYSTEM

Shadow Copy Components:\

Instructs NetBackup to back up all writers for the Volume
Shadow Copy component. This also implies and/or includes
System State:\ if that was not also selected.

System State writers

■ System files
■ COM+ Class Registration Database
■ SYSVOL
■ Active Directory
■ Cluster quorum
■ Certificate Services
■ Registry
■ Internet Information Services
■ Removable Storage Manager
■ Event logs
■ Windows Internet Name Service
■ Windows Management Instrumentation
■ Remote Storage
■ Dynamic Host Configuration Protocol
■ Terminal Server Licensing
■ Background Intelligent Transfer Service
 

System Service writers

■ Removable Storage Manager
■ Event logs
■ Windows Internet Name Service
■ Windows Management Instrumentation
■ Remote Storage
■ Dynamic Host Configuration Protocol
■ Terminal Server Licensing
■ Background Intelligent Transfer Service

User Data

Items that the computer does not require to operate. For example,
Active Directory Application Mode and Microsoft Distributed File
System Replication (DSFR) folders.

Active Directory Application Mode:\

ActiveDirectory ApplicationMode (ADAM) is a lightweight
directory service that runs as a user service. This directive
can be used to back up ADAM data on computers where it
is installed. However, it does not back up the Active
Directory itself.

This info taken from the NetBackup 7.5 Administrator's Guide Volume I.

When we used NB to backup our DC's (Win2003 at the time) I was told by our Windows guys that I only needed to backup SCC but ALL_LOCAL_DRIVES could be used.

Hi, thank you for your answer.

Yes, my selection is little oversized.

I delete System State:\ (include in Shadow Copy Components:\). I keep the other 3 directives, i only have one policy for all my Windows.

From my experience (it may be an error...), you need System State:\ to perform an active directory restore http://technet.microsoft.com/en-us/library/cc758435(v=ws.10).aspx.

On another platform (NB7.5@W2k8R2 + DC@2003), i try to only save ALL_LOCAL_DRIVES, i have the same issue.

In bpbkar client's log i finally found something :

09:45:42.839: [4792.2608] <2> ov_log::V_GlobalLog: ERR - BEDS_AttachToDLE():FS_AttachToDLE() DeviceName:'System?State' BackupReason:0x400 Failed! (0xE000FE7D:Access is denied.
To back up or restore System State, administrator privileges are required.
)

The NB client service run under System Local.

For NB System Local haven't administrator privilege ?

PS : sory for my english, i dont practice very often

I would still drop the backup selection to either SCC or ALL_LOCAL_DRIVES (the latter includes the former which also includes ADAM and System_State)

ADAM does not back up Active Directory by the way per my earlier post.

For GRT you need domain privileges but you say that is not in place? You could try a domain-privileged account to see if it makes a difference - if so then there must be something in the policy that's affecting this.

May be worth seeing the output of bppllist [affected policy] -U to see if there's anything untowards.

Your English is excellent by the way.

This is the result of bppllist for my policy :

I have to change some informations (hostname, etc...)

C:\Program Files\Veritas\NetBackup\bin\admincmd>bppllist.exe XXXXX-XXXXX -U
------------------------------------------------------------

Policy Name:       XXXXX-XXXXX

  Policy Type:         MS-Windows
  Active:              yes
  Effective date:      24/06/2013 15:49:12
  Backup network drvs: no
  Collect TIR info:    no
  Mult. Data Streams:  no
  Client Encrypt:      no
  Checkpoint:          no
  Policy Priority:     0
  Max Jobs/Policy:     Unlimited
  Disaster Recovery:   0
  Collect BMR info:    no
  Residence:           (specific storage unit not required)
  Volume Pool:         NetBackup
  Server Group:        *ANY*
  Keyword:             (none specified)
  Data Classification:       -
  Residence is Storage Lifecycle Policy:    no
  Application Discovery:      no
  Discovery Lifetime:      28800 seconds
ASC Application and attributes: (none defined)

  Granular Restore Info:  no
  Ignore Client Direct:  no
Enable Metadata Indexing:  no
Index server name:  NULL
  Use Accelerator:  no
  HW/OS/Client:  Windows-x64   Windows2008   x-XXX0
                 Windows-x86   Windows2003   x-XXX1
                 Windows-x86   Windows2003   x-XXX2
                 Windows-x64   Windows2008   x-XXX3
                 Windows-x64   Windows2008   x-XXX4
                 Windows-x64   Windows2008   x-XXX5
                 Windows-x64   Windows2008   x-XXX6
                 Windows-x64   Windows2008   x-XXX7

  Include:  ALL_LOCAL_DRIVES
            Shadow Copy Components:\
            Active Directory Application Mode:\

  Schedule:              Full
    Type:                Full Backup
    Frequency:           every 5 days
    Maximum MPX:         1
    Synthetic:           0
    Checksum Change Detection: 0
    PFI Recovery:        0
    Retention Level:     5 (3 months)
    Number Copies:       1
    Fail on Error:       0
    Residence:           (specific storage unit not required)
    Volume Pool:         (same as policy volume pool)
    Server Group:        (same as specified for policy)
    Residence is Storage Lifecycle Policy:         0
    Schedule indexing:     0
    Daily Windows:
          Saturday   07:00:00  -->  Monday     06:00:00

  Schedule:              Differential-Inc
    Type:                Differential Incremental Backup
    Frequency:           every 16 hours
    Maximum MPX:         1
    Synthetic:           0
    Checksum Change Detection: 0
    PFI Recovery:        0
    Retention Level:     1 (2 weeks)
    Number Copies:       1
    Fail on Error:       0
    Residence:           (specific storage unit not required)
    Volume Pool:         (same as policy volume pool)
    Server Group:        (same as specified for policy)
    Residence is Storage Lifecycle Policy:         0
    Schedule indexing:     0
    Daily Windows:
          Monday     20:00:00  -->  Tuesday    06:00:00
          Tuesday    20:00:00  -->  Wednesday  06:00:00
          Wednesday  20:00:00  -->  Thursday   06:00:00
          Thursday   20:00:00  -->  Friday     06:00:00
          Friday     20:00:00  -->  Saturday   06:00:00

I keep ADAM for one of my host.

I don't use GRT (OU level Restore is enough for me)

Running a service with no-Domain Administrator account on a DC is not easy. I give to the account :

• Log on as a service privilege to the account
• Member of BUILTIN\Backup Opertor

It's not enough to launch it. I will try again with other privilege this evening.
 

Can't see anything specific.

Which of the clients is/are causing the issue?

HW/OS/Client:  Windows-x64   Windows2008   x-XXX0
                 Windows-x86   Windows2003   x-XXX1
                 Windows-x86   Windows2003   x-XXX2
                 Windows-x64   Windows2008   x-XXX3
                 Windows-x64   Windows2008   x-XXX4
                 Windows-x64   Windows2008   x-XXX5
                 Windows-x64   Windows2008   x-XXX6
                 Windows-x64   Windows2008   x-XXX7

Just to re-iterate my previous posts ALL_LOCAL_DRIVES includes ADAM and SCC so they are not needed as a backup selection - you are essentially backing them up twice each time.

Personally don't see why a DOMAIN Admin would be required unless there's something OS specific but I'm no Windows administrator.

Which of the clients is/are causing the issue?

It's the Windows-x86   Windows2003   x-XXX1 (Migration to W2k8 is planned this fall)

Just to re-iterate my previous posts ALL_LOCAL_DRIVES includes ADAM and SCC so they are not needed as a backup selection - you are essentially backing them up twice each time.

Habits are hard to change :). Finally, i have changed the selection.

I have try again with a domain-privileged account.

To launch the service and start the backup i need this privileges :

• local administrator (via BUILTIN\Administrors)
• Backup operator (via BUILTIN\Administrors)
• Log on as a service

I don't like to have an account with privileges running on a dc. I don't think it's a Microsoft Best Practice...

On another platform, I try the same policy (i only select ALL_LOCAL_DRIVES (that include System State :-))) with a DC on W2k8R2, it works with SYSTEM LOCAL running the service.

I'm a little lost. I will see to open a case.