08-12-2013 06:15 AM
This problem has been returning to me for a couple of months now.
I have installed the remote agent on both EV servers and SQL servers. I am able to backup from all the servers separately, but when I try to back up, say the open partitions from one vault store, I get access denied.
I am using the Enterprise Vault Service Account as logon account for this job
This is the output from SGMon
BENGINE: [08.12.13 14:37:37] [7640] 2013-08-12T14:37:29.841 [ndmp] | Found credentials for resourse: 'EV-SIT::\\EV\xxxsql90.domain.com\FKA Site'.
BENGINE: [08.12.13 14:37:37] [7640] 2013-08-12T14:37:29.841 [ndmp\ndmpclient] - connectClientAuth(): agent is on local loopback, skipping SSL connection...
BEREMOTE: [08.12.13 14:37:37] [0000] BECryptoInit: BECrypto non-FIPS mode successfully enabled.
BENGINE: [08.12.13 14:37:37] [0000] BECryptoInit: BECrypto non-FIPS mode successfully enabled.
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.936 [ndmp\ndmpsrvr] - ndmpdConnectClientAuth(): agent is on local loopback, skipping SSL connection...
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.938 [ndmp\ndmpsrvr] - Username for Logon: DOMAIN\srv_enterprisevault
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.938 + impersonator.cpp (416):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.938 | BELogonUser: beclass::IsThisMe() returned error: 87
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.938 + impersonator.cpp (478):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.938 | LogonType set = [LOGON32_LOGON_BATCH][0x4]
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.991 + impersonator.cpp (505):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.991 | LogonUser failed: Logon failure: the user has not been granted the requested logon type at this computer.
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.991 [ndmp\ndmpsrvr] - LogonuserError: 1385
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.991 [ndmp\ndmpsrvr] - LogonUser failed for user: DOMAIN\srv_enterprisevault
BENGINE: [08.12.13 14:37:37] [7640] 2013-08-12T14:37:29.991 [ndmp\ndmpcomm] - ERROR: 69 Error: Windows LogonUser API failed.
BENGINE: [08.12.13 14:37:37] [7640] 2013-08-12T14:37:29.991 [ndmp\ndmpclient] - connectClientAuth(): agent is on local loopback, skipping SSL connection...
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.992 [ndmp\ndmpsrvr] - ndmpdConnectClientAuth(): agent is on local loopback, skipping SSL connection...
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.993 [ndmp\ndmpsrvr] - Username for Logon: DOMAIN\srv_enterprisevault
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.994 + impersonator.cpp (416):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.994 | BELogonUser: beclass::IsThisMe() returned error: 87
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.994 + impersonator.cpp (478):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:29.994 | LogonType set = [LOGON32_LOGON_BATCH][0x4]
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:30.052 + impersonator.cpp (505):
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:30.052 | LogonUser failed: Logon failure: the user has not been granted the requested logon type at this computer.
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:30.053 [ndmp\ndmpsrvr] - LogonuserError: 1385
BEREMOTE: [08.12.13 14:37:37] [6884] 2013-08-12T14:37:30.053 [ndmp\ndmpsrvr] - LogonUser failed for user: DOMAIN\srv_enterprisevault
BENGINE: [08.12.13 14:37:37] [7640] 2013-08-12T14:37:30.053 [ndmp\ndmpcomm] - ERROR: 69 Error: Windows LogonUser API failed.
Does anyone of you have any idea what this could be?
08-12-2013 06:20 AM
Seems like you are using the account 'DOMAIN\srv_enterprisevault' on the backup job. Could you try to use the EV service Account for backups. That should work.
08-12-2013 06:50 AM
DOMAIN\srv_enterprisevault IS the VSA
08-12-2013 07:13 AM
Could you edit the Host file on the Media Server to include ip address and FQDN info of the remote servers. Also, is backup exec Network and security setting set to use any available network.
Edit: See if "Logon as a batch job" permission has been granted to this account http://www.symantec.com/docs/TECH66221
08-12-2013 03:19 PM
What version of EV are you on ?
Please have a look on these articles
1)
http://www.symantec.com/docs/TECH130255
"The account specified can have any one of the following credentials:
1. The Vault Service account
2. Domain Admin group membership and Admin role on the Enterprise Vault instance
3.. A Domain account with the following:
a. Administrators group membership on all participating EV servers
b. Backup Operators group membership on servers hosting EV databases
c. Admin role on Vault Store and Index locations
4. Admin role in EV should include: EVT Manage Vault Store Backup Mode and EVT Mange Index Location Backup Mode
2)
Configure Backup role
http://www.symantec.com/docs/TECH179054