cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Access denied - Backup Exec Agent backup of Enterprise Vault

bjorn_b
Level 6
Partner Accredited Certified

‎08-12-2013 06:15 AM

This problem has been returning to me for a couple of months now. 

I have installed the remote agent on both EV servers and SQL servers. I am able to backup from all the servers separately, but when I try to back up, say the open partitions from one vault store, I get access denied. 

 

I am using the Enterprise Vault Service Account as logon account for this job

This is the output from SGMon

BENGINE:  [08.12.13 14:37:37] [7640]     2013-08-12T14:37:29.841 [ndmp]               | Found credentials for resourse: 'EV-SIT::\\EV\xxxsql90.domain.com\FKA Site'.

BENGINE:  [08.12.13 14:37:37] [7640]     2013-08-12T14:37:29.841 [ndmp\ndmpclient]    - connectClientAuth(): agent is on local loopback, skipping SSL connection...

BEREMOTE: [08.12.13 14:37:37] [0000]     BECryptoInit: BECrypto non-FIPS mode successfully enabled.

BENGINE:  [08.12.13 14:37:37] [0000]     BECryptoInit: BECrypto non-FIPS mode successfully enabled.

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.936 [ndmp\ndmpsrvr]      - ndmpdConnectClientAuth(): agent is on local loopback, skipping SSL connection...

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.938 [ndmp\ndmpsrvr]      - Username for Logon: DOMAIN\srv_enterprisevault

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.938                      + impersonator.cpp (416):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.938                      | BELogonUser: beclass::IsThisMe() returned error: 87

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.938                      + impersonator.cpp (478):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.938                      | LogonType set = [LOGON32_LOGON_BATCH][0x4]

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.991                      + impersonator.cpp (505):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.991                      | LogonUser failed: Logon failure: the user has not been granted the requested logon type at this computer.

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.991 [ndmp\ndmpsrvr]      - LogonuserError: 1385

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.991 [ndmp\ndmpsrvr]      - LogonUser failed for user: DOMAIN\srv_enterprisevault

BENGINE:  [08.12.13 14:37:37] [7640]     2013-08-12T14:37:29.991 [ndmp\ndmpcomm]      - ERROR: 69 Error: Windows LogonUser API failed.

BENGINE:  [08.12.13 14:37:37] [7640]     2013-08-12T14:37:29.991 [ndmp\ndmpclient]    - connectClientAuth(): agent is on local loopback, skipping SSL connection...

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.992 [ndmp\ndmpsrvr]      - ndmpdConnectClientAuth(): agent is on local loopback, skipping SSL connection...

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.993 [ndmp\ndmpsrvr]      - Username for Logon: DOMAIN\srv_enterprisevault

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.994                      + impersonator.cpp (416):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.994                      | BELogonUser: beclass::IsThisMe() returned error: 87

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.994                      + impersonator.cpp (478):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:29.994                      | LogonType set = [LOGON32_LOGON_BATCH][0x4]

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:30.052                      + impersonator.cpp (505):

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:30.052                      | LogonUser failed: Logon failure: the user has not been granted the requested logon type at this computer.

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:30.053 [ndmp\ndmpsrvr]      - LogonuserError: 1385

BEREMOTE: [08.12.13 14:37:37] [6884]     2013-08-12T14:37:30.053 [ndmp\ndmpsrvr]      - LogonUser failed for user: DOMAIN\srv_enterprisevault

BENGINE:  [08.12.13 14:37:37] [7640]     2013-08-12T14:37:30.053 [ndmp\ndmpcomm]      - ERROR: 69 Error: Windows LogonUser API failed.

 

Does anyone of you have any idea what this could be?

4 REPLIES 4

Jaydeep_S
Level 6
Employee Accredited Certified

‎08-12-2013 06:20 AM

Seems like you are using the account 'DOMAIN\srv_enterprisevault' on the backup job. Could you try to use the EV service Account for backups. That should work.

0 Kudos

bjorn_b
Level 6
Partner Accredited Certified

‎08-12-2013 06:50 AM

DOMAIN\srv_enterprisevault IS the VSA

0 Kudos

Jaydeep_S
Level 6
Employee Accredited Certified

‎08-12-2013 07:13 AM

Could you edit the Host file on the Media Server to include ip address and FQDN info of the remote servers. Also, is backup exec Network and security setting set to use any available network.

Edit: See if "Logon as a batch job" permission has been granted to this account http://www.symantec.com/docs/TECH66221

0 Kudos

Kunal_Mudliyar1
Level 6
Employee Accredited

‎08-12-2013 03:19 PM

What version of EV are you on ?

Please have a look on these articles

1)

http://www.symantec.com/docs/TECH130255

 "The account specified can have any one of the following credentials:

1. The Vault Service account
2. Domain Admin group membership and Admin role on the Enterprise Vault instance
3.. A Domain account with the following:
   a. Administrators group membership on all participating EV servers
   b. Backup Operators group membership on servers hosting EV databases
   c. Admin role on Vault Store and Index locations
4. Admin role in EV should include: EVT Manage Vault Store Backup Mode and EVT Mange Index Location Backup Mode

2)

Configure Backup role 

http://www.symantec.com/docs/TECH179054

3)
 
The account on which backup exec services are running (BESA) should have following rights.
0 Kudos