Quantcast
Channel: Veeam Support Knowledge Base
Viewing all 4485 articles
Browse latest View live

Not All Privileges are Assigned to Caller error during upgrade/install

March 26, 2018, 2:09 am
$
0
0

Challenge

During upgrade/install, the following error occurs, preventing the installer from advancing: 
 “Not all privileges or groups referenced are assigned to the caller”

Cause

This is caused by permission/assignment issues within the Global Policy settings. Specifically, the Debug Programs policy is not applied to the credentials being used to execute the installer.

Solution

  1. Open Run and type in secpol.msc to bring up the Local Security Policies
  2. Navigate to Security Settings > Local Policies > User Rights Assignment and locate the policy for “Debug programs”User-added image
  3. Right Click the policy and select Properties
  4. The credentials being used to run the install should be listed here, or be included in one of the groups listed. 

More Information

Should you have any questions, contact Veeam Support.
Search

Update Veeam ONE Website Ports Post-Installation

March 26, 2018, 4:50 am
$
0
0

Challenge

The ports for Veeam ONE Websites cannot be changed in Veeam ONE UI.

Cause

Sometimes it is necessary to update the ports being used by Veeam ONE Reporter and BusinessView Websites after the product is already installed.

Solution

1. Edit the bindings within Internet Information Services (IIS)

a. Open IIS Manager
b. Expand the tree on the left to expose the VeeamReporter and VeeamBusinessView sites
c. Right click the site and select Edit Bindings.
d. Click the binding entry (there should only be one) and select Edit
e. Change the port number to the desired value
f. Click Ok to save the changes.
g. Restart Veeam ONE Website to apply the changes. Perform the same operations for the other site if needed.
 

2. Update site information within the VeeamONE Settings Utility

a. Open the VeeamONE Settings utility (In Veeam One Monitor console navigate to Options > Server Settings > Other Settings > Launch Support Utility or browse to or run C:\Program Files\Common Files\Veeam\Veeam ONE Settings\VeeamOneSettings.exe)
b. On the General tab, select Shortcuts at the top
c. Update the link to the appropriate port number
d. Navigate to the Reporter tab on the left side of the utility and select the Website Settings option at the top
e. Update the port number on this link as well
f. Click ‘Save’ in the bottom right corner to commit the changes to the database.
g. Click yes when prompted to allow the services to restart
 

3. Test the site by launching the site via the desktop icon or typing the link into a browser manually. The site should now open under the new port number.

More Information

Should you have any questions, contact Veeam Support.

Restoring domain controller from an application-aware backup

March 28, 2018, 3:19 pm
$
0
0

Challenge

Application Aware Image Processing is required to be enabled and working as per Microsoft in order to functionally restore from a DC.

Please refer to this Microsoft Page for more information:
https://technet.microsoft.com/en-us/library/d2cae85b-41ac-497f-8cd1-5fbaa6740ffe(v=ws.10)#backup_and_restore_considerations_for_virtualized_domain_controllers


Since Active Directory implements multi-master replication, where multiple domain controllers sync changes with each other, one of the key challenges is the DC recovery process. This article outlines different DC restore scenarios and goes into some specifics of when and why this or that type of restore is required as well as gives instructions on the manual steps to perform proper DC recovery from backup created with Veeam B&R.

Before going into details, it is worth stressing that by default Veeam B&R performs automated non-authoritative restore of domain controller and in most cases when you need to recover failed DC, authoritative restore is not required.

The following situations are possible:
  • Restoring single lost DC in a multi-DC environment
  • Restoring entire AD infrastructure (AKA “all DC’s are lost”)
  • Restoring from Active Directory corruption

Depending on the scenario, different steps (or no steps at all) are required to perform DC restore. All of the scenarios assume application-aware image processing was enabled in the backup job that backed up the DC being restored.

Solution

Restoring single lost DC in a multi-DC environment or in environment with only a single DC

This scenario, actually the most common one, incurs restoring just one of the multiple DC’s when there are still other functional DC’s in the environment that the restored DC can replicate changes from.
DC recovery with Veeam B&R in this case is fully automated and does not require any user interaction. If your backup was done with application-aware image processing enabled in the backup job settings, Veeam B&R performs a non-authoritative restore of the DC, where the restored VM should first boot in Directory Services Restore Mode (DSRM) mode and then reboot automatically immediately to boot up next time normally.
The domain controller itself will understand that it has been recovered from backup and will allow normal replication to update everything that has been changed since the backup took place.
The automatic recovery should also work for environments with only a single DC.



Restoring entire AD infrastructure (AKA “all DC’s are lost”)

As mentioned above, the automatic recovery process performs a non-authoritative restore, where the DC reboots and starts looking for other DC’s to sync up. However, in a scenario where all DC’s are gone, there are no other partners available and replication may take quite long (15-30 minutes) to start. To avoid wasting the time attempting to contact replication partners, it is recommended to restore two of the domain controllers at once, power them on, wait for their reboot and force one of them to become authoritative for SYSVOL, so that they can start replicating. Then restoring other DC’s will be similar to the first scenario, i.e. will be 100% automatic.

Note: During the restore procedure, make sure the restored DC’s DNS records point to available DNS servers (e.g. to itself).

The procedure for designating DC as authoritative for SYSVOL varies based on whether FRS or DFS-R is used for SYSVOL replication. To determine if you are using FRS or DFSR for SYSVOL in the production environment check the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFS-R is being used. If the subkey does not exist, or if it has a different value, FRS is being used.

Notes:
• If you’re restoring DC without FSMO roles, you might want to transfer them to it manually after the restore, using the ntdsutil seize command.
• This type of restore is similar to what Veeam B&R performs automatically when restoring DC within SureBackup isolated virtual lab.
 

Restoring from Active Directory corruption

Scenario where no DC’s are actually lost, however, AD itself is damaged in some way (corrupt objects or schema) and you need to restore from the backup created before corruption occurred. In this case you need to restore one of the multiple DC’s when other DC’s are still operating a damaged copy of AD and force all of them to accept replication changes from the restored DC. This is where authoritative restore of the DC is required.

Note: It is recommended to perform restore with network disabled to prevent DC from accepting changes from other controllers after the default non-authoritative restore.

To perform an authoritative restore:
1. Restore the DC and let it complete the default non-authoritative restore (wait until it reboots second time).
2. During this second boot, press F8 to get to DSRM mode.
3. Log in with DSRM account and password.
4. Open a command prompt and run ntdsutil command.
5. At the "ntdsutil:" prompt, type "authoritative restore" and press Enter.
6. At the "ntdsutil authoritative restore:" prompt, type "restore database" and press Enter.
7. At the Authoritative Restore Confirmation dialog box, click Yes.
8. Upon restore completion, type "quit" and press Enter to exit the ntdsutil utility.
9. Reboot server.
10. Perform an authoritative restore of the SYSVOL, as was already discussed above.

Note: For an easier item-level recovery of Active Directory objects (without the need to restore the domain controller itself), consider using Veeam Explorer for Active Directory.

For VM’s that use DFRS (Server 2008 Domain functionality level and higher) you'll want to follow the following MS KB:
http://technet.microsoft.com/en-us/library/cc816897(WS.10).aspx


For VM's that use File Replication service (Server 2003 Domain functionality level), this is done by setting the burflags through the registry:
http://support.microsoft.com/kb/290762
 

More Information

Veeam recovery of a domain controller
Active Directory backup and recovery with Veeam
Recovering Your Active Directory Forest
Windows Server - How to Perform an Authoritative Restore of Active Directory Object
Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 1)
Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 2)
Restoring The SYSVOL (Non-)Authoritatively When Either Using NTFRS Or DFS-R (Part 3)

How to Backup a Windows Failover Cluster with Veeam Agent for Microsoft Windows

March 29, 2018, 9:15 am
$
0
0

Challenge

Starting from version 9.5 Update 3, Veeam Backup & Replication lets you deploy and manage Veeam Agent for Microsoft Windows on computers in your infrastructure. Veeam Agent for Microsoft Windows 2.1 adds full support for mission-critical Microsoft Failover Clusters, SQL Server-based Microsoft Failover Clusters, SQL Always On Availability Groups, and Exchange Database Availability Groups.

This is a “how to” step-by-step guide on backing up your Windows Failover Cluster.

Cause

Before you begin

Сonsider the following:
  • Backup of failover clusters is supported in Veeam Agent for Microsoft Windows managed by Veeam Backup & Replication only. You cannot process a failover cluster by Veeam Agent for Microsoft Windows operating in the standalone mode.
  • Agent license with a server counter must be installed in Veeam Backup & Replication to enable Agent Management features including failover cluster support.
  • Veeam Agent for Microsoft Windows supports Windows Server Failover Clusters running Microsoft Windows Server 2008 R2 and later.
  • Workgroup clusters, multi-domain clusters, Windows Server 1709 core edition clusters, and mixed OS version clusters are not supported.
  • Cluster Shared Volumes (CSV) are skipped automatically during the backup.
  • The following Microsoft Failover Cluster applications are supported: Microsoft SQL Server Failover Cluster Instances (Microsoft SQL Server 2008 SP4 or newer), Microsoft SQL AlwaysOn Availability Groups, Microsoft Exchange Database Availability Groups (Microsoft Exchange Server 2010 or newer).
  • Microsoft Exchange Database Availability Groups should be protected by independent managed by backup server jobs with server type.
  • When using Basic Availability Groups on Microsoft SQL Server 2016 Standard Edition, consider that secondary replica node cannot be backed up because the secondary node is not readable. See the following article for more information.
  •  AlwaysOn Availability Groups based on multiple Failover Cluster Instances are not supported.
  • AlwaysOn Clusterless Availability Groups are not supported.
  • Managed by backup server job with failover cluster type does not support the file-level backup mode.
  • Recovery must be performed via Veeam Backup & Replication console.

Solution

Microsoft Windows Server Failover Clusters, Microsoft SQL Server Failover Cluster Instances, SQL Always On Availability Groups


1. Create an Active Directory protection group

Protection Group is a container or folder to organize hosts you are willing to protect 

User-added image

To create a protection group navigate to Inventory, select Physical & Cloud Infrastructure node and hit Add Group button at the ribbon. Select Microsoft Active Directly objects as a type for this Protection Group.

User-added image

At the Active Directory step specify the domain name and account (if required) and select the Active Directory cluster name object.


User-added image

The AD cluster name account can be found in Active Directory Users and Computers or Failover Cluster Manager.

User-added image
User-added image

Make sure that you didn’t exclude any required host at the Exclusion step of the wizard.

User-added image

Specify the common master account and set custom credentials for particular hosts if needed.

User-added image

Check the box to Install backup agent at the Options step of the wizard to install backup agents automatically during еру rescan (installation can be performed manually if required).

User-added image

Rescan the protection group to discover the newly added cluster account, all its nodes and install backup agent to every node. Once the rescan is completed you should see the cluster and all child nodes under the protection group

NOTE To avoid installation issues, make sure that all required network and DNS requirements are fulfilled.


User-added image

2. Configure the backup job

Once you install the backup agent on every node, you can create a cluster job. Navigate to Home node, click the Backup Job button at the ribbon and select Backup > Windows computer.

User-added image

Failover Clusters must be processed by backup server jobs with the Failover cluster type. 

User-added image

At the Computers step of the wizard hit Add and select cluster account or the parent protection group for this cluster.

User-added image

NOTE: each cluster node will consume a Server License host counter:

User-added image

Select the backup mode. Only volume-level backup and entire system backup modes are available for the failover cluster job.

User-added image

Define the appropriate application-aware processing options at the Guest Processing step of the wizard. For example, SQL log backup/truncation settings would be applicable to a SQL cluster.

User-added image

Start the job. The cluster job will track node changes and perform log backup respectively.

User-added image

User-added image


Microsoft Exchange Database Availability Group

Microsoft Exchange Data Availability Group does not support concurrent VSS snapshots at multiple DAG nodes. As a result, cluster-aware backup job logic is not applicable for this application. This is why Microsoft Exchange Database Availability Groups should managed by backup server jobs with the server type regardless of the DAG configuration (AD-detached IP-less DAG or a regular DAG with a cluster administrative access point).

1. Create a protection group

Exchange protection group should not contain an Active Directory cluster name object but it should contain individual Exchange Active Directory computer accounts.

User-added image

You are welcome to use other protection group types to add Exchange nodes as individual computers or as computers from a CSV file.

User-added image

Further discovery and installation steps are similar to the configuration steps described above for the standard Windows Server Failover Cluster. 

2. Job configuration

In contrast to a standard Windows Server Failover Cluster, Exchange Database Availability Groups should be processed node by node via separate server jobs managed by server.

User-added image

User-added image

User-added image

NOTE If you have an Exchange node which contains only passive database copies, then it’s sufficient to perform the backup of this node only:

User-added image

User-added image

Application-aware processing should be enabled for a consistent backup, log truncation and application-item restore possibility.

User-added image

Specify the backup schedule in a way that these backup jobs start at different times and do not overlap, e.g. you may schedule the jobs one by one.

User-added image

HCL - Neverfail HS-SMB-24

March 30, 2018, 6:24 am
$
0
0

Challenge

Product Information

Product Family: HybriStor 
Status: Veeam Ready – Repository 
Classification Description: Verified backup storage that supports all Veeam backup and restore features. 

Solution

Product Details

Model number: HS-SMB-24 
Number of Drives: 8 
Drive type: 4TB SAS 
Firmware version: 2.3.108 and newer. Note the HybriStor HS-SMB-24 maximum file size is 16TB with this firmware version. VMs larger than 16TB (or ~28TB if compression is enabled) may exceed this limit. 
Connection protocol and speed: 10 GbE 
General product family overview:  
HS-SMB-24 
24TB up to 64TB 
8 x 4TB (RAID 6) 
2 x 10GbE ports 
2 x 1GbE ports 
1 x IPMI ports 

 

Veeam Details

Veeam Build Number: 9.5.0.1536 
Veeam Settings:  

  • Repository Type: Shared Folder 
  • Deduplication: No 
  • Compression: No 
  • Storage Optimization: Local target 
  • Per-VM Backup Files: Yes 
  • Decompress before storing: No 
  • Align backup file blocks: No 

More Information

Company Information

Company name: Neverfail 
Company overview: Neverfail is at the forefront of business continuity and disaster recovery solutions that protect businesses from the devastating effects of downtime and data loss. With a unique approach to BC/DR, we enable IT to meet SLAs for every application tier and recovery profile - ensuring that organizations never under-protect or over-pay for data protection again. 

Veeam Backup for Office 365 Timeout Errors

March 30, 2018, 6:36 am
$
0
0

Challenge

A Veeam Backup for Office 365 job fails with a timeout error.  

These commonly are reported as one of the the following errors:
  • Unexpected End of File
  • Exchange Web Services error code: ErrorExceededConnectionCount
  • Error: Failed to get folder properties
  • Error: You have exceeded the available concurrent connections for your account.  Try again once your other requests have completed.
  • Error: Unexpected end of file has occurred. The following elements are not closed: m:Data, m:ExportItemsResponseMessage, m:ResponseMessages, m:ExportItemsResponse, s:Body, s:Envelope. Line 1, position 21397505.
But are not limited to these errors.

 

Cause

There are multiple causes for these timeout errors.  The most common being a bad connection to the Exchange Web Service (EWS) from the Veeam Backup for Office 365 server or proxy.  This can be caused by a flooding of open worker threads to the Exchange Web Services server, network traffic saturating the throughput of the connection, a slow internet connection to the Office 365 EWS server amongst other issues.

Solution

In 1.5, performance settings to help with timeout errors can be adjusted through the proxy performance settings (Concurrent Threads, and limit network bandwidth).  If you are still unable to get a Veeam Backup for Office 365 due to these timeout errors after adjusting the Proxy Settings, you can contact Veeam Support to further fine tune the settings.

All Aliases Have Failed

March 30, 2018, 6:43 am
$
0
0

Challenge

Tenant jobs may fail with the following message:

Target gate has rejected connection. Unable to establish target connection. All aliases have failed.

Cause

New cloud infrastructure components have been added, and all gateways are unable to communicate with tenant repositories; or the SP Veeam Server.

Solution

It’s important to note that the verbiage of the error may differ, however the root error will be the same. All Aliases Have Failed is the root error message.

To resolve, ensure that all gateway servers available in the service provider infrastructure can communicate with the tenant(s) repository, as well as the SP Veeam Server.

For communication route reference:

User-added image

As a note, private gateways are not recommended, and is one of the more common scenarios to encounter ‘All Aliases Have Failed’. Veeam will attempt to load balance across any available gateway, based on current tenant connections, and a gateway usable by a specific tenant can get selected, resulting in this error. In addition, a private gateway can introduce a 4 minute and 15 second delay on every task (disk) processed by a tenant.

More Information

https://www.veeam.com/wp-cloud-connect-reference-architecture-v9.html Page 45 (Source for above image)
https://helpcenter.veeam.com/docs/backup/cloud/cloud_connect_gateway_settings.html?ver=95 Regarding Private Gateways
https://helpcenter.veeam.com/docs/backup/cloud/ports.html?ver=95 Default port listing

 

Quantum storage devices may have a known Linux bug

March 30, 2018, 6:46 am
$
0
0

Challenge

To identify if a known linux bug is the cause for errors on a backup repository.

Cause

You will see a job fail with  “unable to mkdir /var/log/sudo-io : File exists”, this is caused by a bug in some versions of the sudo application.

Solution

Some quantum storage device’s operating systems are based on RHEL 6.8 and may have the bug referenced here:  https://bugzilla.redhat.com/show_bug.cgi?id=1365156

1st check the version of the sudo application by logging in to the storage device os by ssh, and run “sudo -V”
If the version returns sudo-1.8.6p3-24.el6.x86_64 or older then it is affected by the bug. The issue is fixed in sudo sudo-1.8.6p3-26.el6

Quantum will need to update this as their os is a custom version of RHEL.

End users should refer their Quantum engineer to Quantum case 410352.



 
Search

HCL - iXsystems X20

March 30, 2018, 9:08 am
$
0
0

Challenge

Product Information:

Product Family: iXsystems X-Series
Status: Veeam Ready - Repository
Classification Description: Verified backup storage that supports all Veeam backup and restore features.

Solution

Product Details:

Model number: X20
Number of Drives: 18
Drive type: 2TB 7200 SAS
Firmware version: 11.1
Connection protocol and speed: 10 GbE iSCSI
Additional support: All models and configurations of iXsystems X-Series with specifications equivalent or greater than the above
General product family overview: TrueNAS X20 Modular 2U Rack Mount with Hot-Swappable Storage Controllers and Global Fault Notification LED

Vendor Veeam testing configuration:

Veeam Build Number: 9.5.0.1038
Veeam Settings:

  • Repository Type: Windows
  • Deduplication: Yes
  • Compression: Optimal
  • Storage Optimization: Local target
  • Per-VM Backup Files: Yes
  • Decompress before storing: No
  • Align backup file blocks: No

More Information

Company Information:

Company name: iXsystems
Company overview: Champions of Open Source - iXsystems believes that Open Source technology has the power to change the world throughits process of open and collaborative innovation. This principle fuels all product design at iXsystems. By leveraging decades of expertise in hardware design, its contributions to many Open Source software communities, and corporate stewardship of leading Open Source projects (including FreeNAS® and TrueOS®), iXsystems has become an industry leader in building innovative storage solutions and superior enterprise servers for a global marketplace that relies on open technology.

HCL - Tegile IntelliFlash

March 30, 2018, 9:15 am
$
0
0

Challenge

Product Information:

Product Family: IntelliFlash T-Series, HD-Series
Status: Veeam Ready - Repository 
Classification Description: Verified backup storage that supports all Veeam backup and restore features.

Solution

Product Details:

Model number: T4100 
Number of Drives: 3, 13
Drive type: 500GB SSD, 2TB HDD
Firmware version: 3.7
Connection protocol and speed: 10 GbE iSCSI
Additional support: All models and configurations of Tegile T or HD-Series with specifications equivalent or greater than the above 
General product family overview: Tegile enterprise storage arrays accommodate different grades of storage media—from hard disks to high-performance flash memory. Using patented IntelliFlash™ software architecture, data is organized and placed on the most appropriate media to deliver optimal performance with the best possible economics. Native SAN and NAS protocols enable you to simplify data management by storing application data, virtual machines, and unstructured data—all on a single array.

Vendor Veeam testing configuration:

Veeam Build Number: 9.5.0.1038
Veeam Settings:

  • Repository Type: Windows
  • Deduplication: Yes
  • Compression: Optimal
  • Storage Optimization: Local target
  • Per-VM Backup Files: Yes
  • Decompress before storing: Yes
  • Align backup file blocks: Yes

More Information

Company Information:

Company name:Tegile – A Western Digital Brand
Company overview: Founded in 2010, Tegile Systems - A Western Digital Brand, is an enterprise storage vendor headquartered in Silicon Valley, California. Tegile makes all-flash and hybrid storage arrays that help organizations eliminate storage silos and simplify storage management by consolidating all of their workloads onto a single flash platform.

Unable to change credentials for a shared folder set in a File to Tape job.

March 30, 2018, 12:32 pm
$
0
0

Challenge

To change incorrect credentials for shares after they are entered. You may not be able to remove old credentials despite them not being in use.

Cause

Credentials have changed/no longer exist or they were entered in incorrectly when setting up a File to Tape job.

Solution

You will need to run a query against the Veeam database to clear the share entry (If you are not experienced with SQL database edits or you don’t understand why this edit is being done, please contact Veeam support).  Then when cycling through the properties of an existing job or creating a new job you will be prompted for the credentials.

For information on how to apply SQL scripts please review https://www.veeam.com/kb1443.
  1. Backup the Veeam database. (http://www.veeam.com/kb1471)
  2. Run the following query against the VeeamBackup database
delete from [backup.model.mrulist] where url = ‘<share path>’


You may also run a SQL script from SQL Server Management Studio, right click on your database and choose the “New query” option, insert the text from the file, and click Execute.

 

Root element is missing

March 30, 2018, 12:36 pm
$
0
0

Challenge

Task fails with the error "root element is missing."
You can find such entries in the log file:
 

[timestamp] <01> Error    Read summary xml error   at Veeam.Backup.Core.CRawSummary.CreateOibSummary()

[timestamp] <01> Error       at Veeam.Backup.Core.CSynOibAlg.CreateOib(CPoint fullPoint, CPoint rollPoint, CStorage fullStorage, CStorage rollStorage, COib rollOib)

[timestamp] <01> Error       at Veeam.Backup.Core.CBackupJobPerformer.ExecuteTask(IBackupTask task, ITarget target)

[timestamp] <01> Error    Root element is missing.   at System.Xml.XmlTextReaderImpl.Throw(Exception e)

Cause

This usually occurs when part of Veeam data could not be written to the summary.xml file (due to space, connectivity issue or some other specific issue). After that failure, cleaning up space on a target or fixing other problems that caused this behavior initially will not let you proceed with the incremental because the summary.xml is missing critical information on the previous backup.

Solution

There are two methods to potentially resolve this:

The first option is to run a full backup on the corresponding job by right-clicking on a job and selecting "perform full backup". This is the method that leaves the least possibility of later issues.

The second option is more involved, has some caveats, and is not guaranteed to work but may save some time. Verify the job itself is not currently running. Once verified go into the backup repository and locate the backup files for the job having the issue. Move the VBM file to another location without deleting it. After the VBM file has been moved, return to Veeam B&R and run a normal backup operation.

Note: When moving the VBM, do so to a path outside the backup repository path. For instance, if the repository path is C:\Backups, move the VBM to either the root of the drive or another path from the drive. If it is placed in another subfolder of C:\Backups, and the repository is re-scanned, Veeam will attempt to import the VBM as a backup.

This will attempt to create a new VBM file for the chain itself using metadata mirrored in the full backup storages, without the need to create another active full backup, avoiding larger amounts of data being sent to the repository. If this fails, the first option will likely be necessary.

If the chain contains multiple full backups, only the latest full and increments following it will be used to recreate the VBM file. Retention may need to be performed manually by deleting older backup files when they are no longer needed.
 

Service Provider has Cloud Bin enabled, resulting in all tenant cloud-based jobs ending with a ‘Warning’ result, regardless of actual job results.

April 5, 2018, 8:51 am
$
0
0

Challenge

Service Provider has Cloud Bin enabled, resulting in all tenant cloud-based jobs ending with a ‘Warning’ result, regardless of actual job results.

Solution

Apply the following registry key on the tenant OR provider server:
Value Name: CloudConnectBinGfsNotificationSeverity
Path: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\ 
Type: REG_DWORD
Veeam version: 9.5U3
Default value: 2
Description: regulates the warning message about enabling GFS when CloudBin is turned on the SP side. 0 - disable message; 1 - informational; 2 - warning; 3 - error; 4 - job fail. Can be also enabled on the tenant side, in which case it overrides a value on the SP side.

Veeam ONE v9.5 Required Ports and Permissions

April 6, 2018, 12:29 am
$
0
0

Challenge

Ports and permissions must be configured for Veeam ONE to function properly.

Cause

The list of required ports and permissions can be found below.

Solution

Required Permissions

Connection to Virtual Servers

The account used to connect virtual servers must have at least the following permissions:

VI Object

Required Permissions

vCenter, ESX(i) host
  • Read-only
  • Host.CIM.CIM Interaction1
  • Host.Configuration.Connection1
  • Virtual machine.Interaction .Answer question2
  • vSphere Tagging.Assign or Unassign vSphere Tag3
  • vSphere Tagging.Create vSphere Tag3
  • vSphere Tagging.Create vSphere Tag Category3
  • Global.Global tag3 (not required for VMware vSphere 6.5)
  • Virtual machine.Interaction.Console interaction4
  • Datastore.Browse datastore5
  • Global.Licenses6

Note: Names of privileges are provided for the latest supported version of VMware vSphere, and may vary for different platform versions.

Hyper-V host, Hyper-V cluster
  • Administrator7

SCVMM
  • Delegated Administrator or Administrator

1 Required for gathering of ESX(i) host hardware data.
2 Required for using VM Console and viewing snapshot information.
3 Required for collecting and updating tags on the vCenter Server side. The privileges must be assigned at the vCenter Server level.
4 Required for accessing VM console from Veeam ONE Monitor.
5 Required for collecting datastore details.
6 Required for collecting license information.
7 A domain account with local Administrator privileges on a host is required. If you connect a cluster, the account must have local Administrator privileges on all hosts in a cluster.

NOTE: If Windows-based virtual servers run on non-domain machines, or machines with an unelevated local Administrator account, you must complete additional configuration steps to allow Veeam ONE perform data collection. For details, see Connection Under UAC.

Connection to Veeam Backup & Replication Servers

The account used for connecting to a Veeam backup server must have local Administrator permissions on the machines running:

  • Veeam Backup Enterprise Manager
  • Veeam Backup & Replication
  • Backup proxy, backup repository, WAN Accelerator, tape server and cloud gateway components (required to collect performance data from these servers)

NOTE: If Veeam backup infrastructure components run on non-domain machines, or machines with an unelevated local Administrator account, you must complete additional configuration steps to allow Veeam ONE perform data collection. For details, see Connection Under UAC.

Veeam ONE Service Account

The service account must have Local Administrator permissions on the machine where Veeam ONE is installed.

Authorizing with Veeam ONE

To authorize with Veeam ONE software components (Veeam ONE Monitor, Reporter and Business View), a user must have the Allow log on locally privilege assigned.

By default, this privilege is assigned to users included in the local Administrators group. For users not included in the local Administrators group, you must assign this privilege manually. For details, see this Microsoft TechNet article.

NOTE: In the advanced deployment scenario, you must assign the Allow log on locally privilege on the machines that host the Veeam ONE Server and Veeam ONE Web UI architectural components.

Connection to Microsoft SQL Server

The account used to connect to the Microsoft SQL Server hosting the Veeam ONE database must have the following permissions:

  • Public role (default permissions)
  • CREATE ANY DATABASE permissions
  • db_owner role on the Veeam ONE database
  • db_datareader permissions on the master database
  • public, db_datareader, SQLAgentUserRole permissions on the msdb database
  • [For Always-On Availability Groups] VIEW SERVER STATE permissions 

Connection to Microsoft Hyper-V VM Guest OS

The account used to collect data from guest OSes of Microsoft Hyper-V Windows VMs, must have local Administrator permissions on the guest OS.

NOTE: To collect data from non-domain Windows VMs, or VMs with an unelevated local Administrator account, you must complete additional configuration steps to allow Veeam ONE perform data collection. For details, see Connection Under UAC.

Connection Under UAC

Veeam ONE collects data from Microsoft Windows servers using WMI. For some configurations, UAC access token filtering can prevent running WMI commands on connected machines, which in turn will cause data collection failures.

The affected configurations are:

  • Non-domain machines (machines in a workgroup)
  • Machines with an unelevated local Administrator account (the account that is not Built-in Administrator)

To allow Veeam ONE collect data from these machines, perform the following steps on target virtual servers:

  1. Set the network location to private:
  1. Log on to a machine as Administrator.
  2. Open the Network and Sharing Center.
  3. In the list of active networks, click the necessary network and change its location to Private.

In some Windows OS versions, this location is called Home or Work.

  1. Configure Windows Remote Management.

To do so, in the command prompt, type winrm quickconfig and press [Enter].

For more details on UAC access token filtering, see User Account Control and WMI.

Authorizing with Veeam ONE

To authorize with Veeam ONE software components (Veeam ONE Monitor, Reporter and Business View), a user must have the Allow log on locally privilege assigned.

By default, this privilege is assigned to users included in the local Administrators group. For users not included in the local Administrators group, you must assign this privilege manually. For details, see this Microsoft TechNet article.

NOTE: In the advanced deployment scenario, you must assign the Allow log on locally privilege on the machines that host the Veeam ONE Server and Veeam ONE Web UI architectural components.

Remote Access

To be able to access Veeam ONE software components installed on a remote machine, you can use one of the following options.

Remote Access to Veeam ONE Reporter and Business View through Web Browser

Veeam ONE Reporter and Business View consoles can be accessed using a web browser on a remote machine. To learn more on how to access Veeam ONE software components, see Accessing Veeam ONE Monitor, Reporter and Business View.

Veeam ONE Reporter and Business View consoles remotely, a user must be a member of the Veeam ONE Administrators or Veeam ONE Read-Only Users group on the machine where Veeam ONE Web UI component is installed. For details on Veeam ONEsecurity groups, see Security Groups.

Remote Access for Multi-Tenant Monitoring and Reporting

Veeam ONE supports multi-tenant access to its monitoring and reporting capabilities. Authorized users can remotely monitor a subset of the vCenter Server or vCloud Director infrastructure and create reports.

To monitor and report on a restricted scope of the virtual infrastructure, a user must have permissions assigned on objects of the vCenter Server or vCloud Director inventory hierarchy. For details, see Veeam ONE Multi-Tenant Monitoring and Reporting.


Required Ports

From

To

Protocol

Port

Notes

Veeam ONE

vCenter
ESX(i)

SSL

4431

Required to collect data from vCenter Server/ ESX(i) hosts. 
To learn how to check the current state of the vSphere API port, see the VMware vSphere documentation.

TCP

5989

Required to collect ESX(i) host hardware details via CIM XML.

TCP

10080
10443

Default port used to access vCenter Inventory Service (HTTP or HTTPS) and collect vCenter Server tags.

Required for vCenter Server 5.x only.

Platform Services Controller (PSC)

HTTPS

443

Default port used to collect and assign VMware Tags data.

Required for vCenter Server starting from version 6.5.

vCloud Director

SSL

4431

Required to collect data from vCloud Director.

SCVMM

TCP

8100

Default SCVMM Administrator Console to SCVMM server port (required by the Veeam ONE Service).

Hyper-V host

TCP

135,
dynamically assigned ports2

Required to collect data from Microsoft Hyper-V hosts through WMI.

TCP

135
445

Required to gather CPU and memory performance data from Microsoft Hyper-V hosts.4

TCP

445

Required to access remote registry.

Veeam Backup & Replication

TCP

135,
dynamically assigned ports2

Required to collect data from Veeam backup servers through WMI.

TCP

135
445

Required to gather CPU and memory performance data from Veeam Backup & Replication infrastructure servers.4

TCP

445

Required to access remote registry.

Veeam Backup Enterprise Manager

TCP

135,
dynamically assigned ports2

Required to collect data from Veeam Backup Enterprise Manager through WMI.

Veeam backup proxy

TCP

135
445

Required to gather CPU and memory performance data from backup infrastructure servers.4

Veeam backup repository (Windows)

TCP

135
445

Required to gather CPU and memory performance data from backup infrastructure servers.4

Veeam backup repository (Linux)

TCP

22

Default SSH port used to communicate with a Linux-based repository.

Veeam WAN accelerator

TCP

135
445

Required to gather CPU and memory performance data from backup infrastructure servers.4

Veeam License Update Server (autolk.veeam.com)

TCP

443

Default port used for license auto-update.

Veeam ONE Server and Web UI

Microsoft SQL Server

TCP

1433

Port used for communication with the Microsoft SQL Server on which the Veeam ONE database is deployed.
Additional ports may need to be open depending on your configuration. For details, see https://msdn.microsoft.com/en-us/library/cc646023(v=sql.120).aspx#BKMK_ssde.

Veeam ONE
Monitor Client

Veeam ONE Server

TCP

1393
4453

Used by Veeam ONE Monitor Client to communicate with the Veeam ONE Server.

UDP

1373

Workstation 
Web Browser

Veeam ONE Reporter

HTTPS

1239

Required to access Veeam ONE Reporter console from a user workstation (a different port number can be chosen during setup).

Veeam ONE
Business View

HTTPS

1340

Required to access Veeam ONE Business View console from a user workstation (a different port number can be chosen during setup).

 

1 You must open these ports manually
2 To learn about enabling and disabling WMI traffic, see http://msdn.microsoft.com/en-us/library/aa389286(v=vs.85).aspx and http://msdn.microsoft.com/en-us/library/aa822854(v=vs.85).aspx 
3 Associated with the File and Printer Sharing service
4 To gather performance data from Windows Server 2012 and 2012R2, you must additionally enable network discovery.

Veeam Agent for Microsoft Windows deploy fails with “Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid"

April 6, 2018, 1:54 am
$
0
0

Challenge

When a computer is being added to protection group, Veeam Agent for Microsoft Windows deployment starts and  fails with the following:
  
Warning Failed to create agent manager {IEpAgentManagementProtocol} (Agent: image-01, SessionName: PackageInstall): No connection could be made because the target machine actively refused it IPAddress:6185 Info [UploadManager] Checking windows package 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' signature on host 'HOSTNAME'Error Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid.. InParams: '<InputArguments><ModulePath value="C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi" /></InputArguments>'. Error Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid Error --tr:Failed to call DoRpc. CmdName: [PckgCheckSignature]. (System.Runtime.InteropServices.COMException)

Cause

The certificate which is used to sign the Veeam Agent installation package is not installed in the Trusted Root Certification Authority store on the client computer.

Solution

  1. Download DigiCert Assured ID Root CA here (right click on Download button - save as)
  2. Double click the downloaded .srt file
  3. Click Install Certificate
  4. Choose Local Machine and click on Next
  5. Place the certificate into Trusted Root Certification Authorities by clicking the Browse button.

 
Search

Using V8 U-AIR wizards to restore Exchange 2003 and 2007

March 21, 2018, 5:33 am
$
0
0

Challenge

This KB article documents the procedure for restoring Application Items for Exchange 2003 and Exchange 2007. The Veeam Explorer for Microsoft Exchange does not support these versions of Exchange. In order to restore items for Exchange 2003/2007 you must use the SureBackup + U-AIR restore method.

Solution

Please Note:
• WebDAV must have been enabled on the Exchange 2003/2007 server when the restore point being restored from was created in order to restore using U-AIR.
• If WebDAV was not enabled, or you need a .pst, you can start the SureBackup job and use Outlook installed on the Veeam server to connect the Exchange server in the isolated network to export the data to PST.
• Veeam Backup & Replication must have an Enterprise or Enterprise Plus license to perform this restore.
• You will need the U-AIR wizard for Microsoft Exchange, this package does not come with Veeam Backup & Replication v8. You must contact Veeam Support (support.veeam.com) in order to acquire this package.
• As of April 2017, Microsoft no longer supports Exchange 2007. Therefore, Veeam Support can no longer assist with steps 7 and 8 of the below process.
 
Once you’ve downloaded the U-AIR Wizard, perform the following to process the restore:
This KB contains the SureBackup Configuration Guide for 8.x https://www.veeam.com/kb2047
 
1. Create a Virtual Lab.
     http://helpcenter.veeam.com/backup/80/vsphere/index.html?create_vlab.html
     https://www.veeam.com/videos/5-easy-sessions-for-modernizing-your-data-protection-configuring-your-first-virtual-lab-2110.html
 
2. Create an application group.
     http://helpcenter.veeam.com/backup/80/vsphere/appgroup_create.html
 
     Add to it the following servers in the order listed here:
     • Domain Controller w/ Global Catalog role
     • Exchange Mailbox server
     • Exchange CAS server (if separate).
 
     Note: In the application group settings, enable the "Domain Controller" role for the DC and remove all test scripts.
     For the Exchange server, leave all roles unchecked. Disable the IP boot verification tests on all servers in the application group, and set the application initialization timeout for all servers other than the DC to 0 seconds.
 
3. Create a Surebackup job.
     http://helpcenter.veeam.com/backup/80/vsphere/create_surebackup_job.html
 
     Configure it to use the Virtual Lab and Application Group configured in the previous steps.
     Note:
     • On the Application Group tab, enable the “Keep the application group running once the job completes” option.
     • Do not configure any Linked Jobs
 
4. Run the Surebackup job.
     Note: If you need to restore to a specific restore point choose the “Restore to…” option.
 
5. Wait for the job to report that all VMs in the SureBackup job are “Started”
 
6. Start the Exchange AIR Wizard.
     From an administrative command line, run the following command:
 
  "C:\Program Files\Veeam\Application Restore\Exchange Restore\Veeam.AIR.Exchange.exe" /admin
 
7. Specify the DC and Account to be used for the restore.
     Use the Production DC IP address, and an account that has impersonation rights.
 
8. Specify the account to restore emails from.
 
9. Specify the Backup CAS.
     Use the masquerade address displayed within the SureBackup statistics window.

User-added image

User-added image

10. Specify the Production CAS
 
11. Specify the CAS server version:
 
12. Complete the U-AIR Wizard
      The next steps are documented here:
      http://helpcenter.veeam.com/backup/70/uair/uair_exch_restore_mailbox.htm
 
13. Restore Complete and Cleanup
     After the restore is complete you will need to stop the SureBackup job manually.
 

More Information

Although Veeam v9 is no longer shipped with U-AIR wizards, this method can still be used with v9 and the Exchange AIR wizard from the previous version. To obtain the Exchange AIR v8, please contact Veeam Support.

Veeam Agent for Microsoft Windows deploy fails with “Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid"

April 6, 2018, 2:08 am
$
0
0

Challenge

When a computer is being added to protection group, Veeam Agent for Microsoft Windows deployment starts and  fails with the following:
  
Info [UploadManager] Checking windows package 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' signature on host 'HOSTNAME'
Error Failed to call RPC function 'PckgCheckSignature': Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid..
Error Signature of module 'C:\ProgramData\Veeam\Agents\VAW\Veeam_B&R_Endpoint_x64.msi' is invalid Error --tr:Failed to call DoRpc. CmdName: [PckgCheckSignature].

Cause

The certificate which is used to sign the Veeam Agent installation package is not installed in the Trusted Root Certification Authority store on the client computer.

Solution

  1. Download DigiCert Assured ID Root CA here (right click on Download button - save as)
  2. Double click the downloaded .srt file
  3. Click Install Certificate
  4. Choose Local Machine and click on Next
  5. Place the certificate into Trusted Root Certification Authorities by clicking the Browse button.

 

Veeam Backup for Microsoft Office 365 - Steps to Compile and Upload Logs

April 6, 2018, 2:43 am
$
0
0

Challenge

This article covers how to properly compile log files in Veeam Backup for Microsoft Office 365, as well as what to include when submitting a Support case for technical assistance.

Solution

 

Backup issues:

  1. Navigate to C:\ProgramData\Veeam\Backup365\Logs with Windows Explorer or use “Open Log path” button in the main menu of Veeam Backup for Microsoft Office 365.

User-added image

  1. Zip contents of the directory and save the archive to a temporary location.

  2. If there is more than one proxy in your environment,  zip C:\ProgramData\Veeam\Backup365\Logs of the proxy used by the affected job and save the archive to a temporary location.

  3. Please attach these to your case. If the total attachment size is under 3.5MB, you may attach via email reply. If none of these upload options are working, please notify Veeam Support and an engineer will provide FTP credentials for the case.

Restore issues:

  1. Navigate to C:\ProgramData\Veeam\Backup\ExchangeExplorer\Logs on the machine where restore session was started, zip contents of the directory and save archive to a temporary location.

  2. (Optional) Sometimes default logging level is not enough to find the root cause of an issue and extended logging is required. To enable extended logging please create a file named “Config.xml” under C:\ProgramData\Veeam\Backup\ExchangeExplorer and add the following line there:

<Veeam>
               <Core>
                               <Log Level="Extended" />
               </Core>
</Veeam>
 

Close all instances of Veeam Explorer for Exchange, retry the restore and collect extended logs.

  1. Please attach these to your case, or in the event that the total attachment size is under 3.5MB, you may attach via email reply. If none of these options for upload are working, please notify Veeam Support and an engineer will provide FTP credentials for the case. 

Below is an animation demonstrating how to upload logs to the Veeam Support FTP.​


Note: Please use the FTP account provided to you by the engineer for your case. When submitting logging data for analysis by request of an engineer, ensure that the case is replied to when the log submission has completed. In this reply, please include the names of any tasks and associated VMs with issues.


User-added image

Note: SFTP is now supported when uploading to supportftp2, please place files in the \upload\ folder.

SQL Log Truncation and Log Backup Silently Fails After Installing Veeam 9.5 Update 3

April 9, 2018, 3:57 am
$
0
0

Challenge

After installing Veeam 9.5 Update 3, SQL logs are not truncated during backup, but the truncation task is still marked as a success in the job statistics. SQL Log Backup sessions complete with 0 KB transferred.

You can confirm if any SQL VMs are affected by this change by checking the Guest Helper log located on the Guest VM.

GuestHelper log location:  \\GuestVM\c$\ProgramData\Veeam\Backup\VeeamGuestHelper_%date%.log

The specific error you will find in the GuestHelper log if affected is the following:

Description = The UPDATE permission was denied on the object 'backupset', database 'msdb', schema 'dbo'.

 

Cause

This is due to a change in required SQL Permissions in 9.5 Update 3. These permissions requirements were changed to resolve a previous issue with how Veeam sends requests to SQL to finalize database backup and log truncation. The specific change in permissions is that the msdb system database now requires db_datawriter role, whereas before this was not needed.

Required SQL Permissions for SQL log backup and truncation can be found here:
https://helpcenter.veeam.com/docs/backup/explorers/vesql_permissions.html?ver=95

 

Solution

To resolve this issue, please give the following SQL permissions to the account credentials specified to use for Guest Processing:
  • Sysadmin role, or the following can be used if you need to provide only minimal permissions:
    • SQL Server instance-level roles: dbcreator and public
    • Database-level roles: db_backupoperator, db_denydatareader, public
    • For System Databases:
      • master - db_backupoperator, db_datareader, public;
      • msdb - db_backupoperator, db_datawriter, db_datareader, public
    • Securables: view any definition, view server state
    • For truncation of SQL Server 2012 or SQL Server 2014 database transaction logs, this account should have the db_backupoperator database role (minimal required) or the sysadmin server role.



 

Forward Incremental – Animation of Method and Retention

April 10, 2018, 4:07 am
$
0
0

Challenge

This article is intended to document how Forward Incremental works, and how its retention is enforced.

Solution

──────────────────────────────────────────────────────────
Forward Incremental Forever Backup Method New in V8
──────────────────────────────────────────────────────────
Forward incremental-forever backup method is a default method for backup chain creation. To use this backup method, you must specify the following options in the backup job settings:
  1. Select the Incremental backup mode.
  2. Do not enable synthetic full backups and/or active full backups. If you enable synthetic and/or active full backups, Veeam Backup & Replication will produce a forward incremental backup chain (documented below).
The forward incremental-forever backup method produces a backup chain that consists of the first full backup and a set of forward incremental backups following it.

Veeam Backup & Replication creates a forward incremental-forever backup chain in the following way:
  1. During the first run of a backup job, Veeam Backup & Replication creates a full backup file (VBK) on the backup repository.
  2. During subsequent backup job sessions, Veeam Backup & Replication copies only VM data blocks that have changed since the last performed backup (full or incremental) and saves these blocks as an incremental backup file (VIB) in the backup chain.

User-added image
Within this animation the lettered squares represent blocks on a disk.
 
Information regarding how retention works for this backup method can be found here:
https://helpcenter.veeam.com/docs/backup/vsphere/retention_forever_incremental.html?ver=95

──────────────────────────────────────────────────────────
Forward Incremental Backup Method
──────────────────────────────────────────────────────────
During the first run of a forward incremental backup, or simply incremental backup, Veeam Backup & Replication creates a full backup file (.vbk). During subsequent runs of the backup job, it will only retrieve changes that have taken place since the last run of the job (whether full or incremental) and saves this information as an incremental backup file (.vib). Each full backup files (.vbk) and its incremental files (.vib) that depend upon it are treated as a chain. Meaning that each incremental restore point depends on the one that came before it, the full restore point has no dependencies.
 
User-added image
 

Within this animation the lettered squares represent blocks on a disk.
 
Incremental backup is the best choice if company regulation and policies require you to regularly move a created backup file to tape or a remote site. With incremental backup, you move only incremental changes, not the full backup file, which takes less time and requires less tape. You can initiate writing backups to tape or a remote site in Veeam Backup & Replication itself, by configuring Backup to Tape jobs.
 
If you decide to use the forward incremental backup method, it is necessary to schedule the creation of periodic active full or synthetic full backups. This will help you avoid long chains of increments, ensure safety of backup data, and allow you to meet the requirements of your retention policy. Below are animated examples of these things.
 
User-added image
 

User-added image
 

User-added image

 
Within this animation the lettered squares represent blocks on a disk.
 
For more information please review the follow portions of the Help Center:
https://helpcenter.veeam.com/docs/backup/vsphere/incremental_forever_backup.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/retention_forever_incremental.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/forward_incremental_backup.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/retention_incremental.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/active_full_backup.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/synthetic_full_backup.html?ver=95
https://helpcenter.veeam.com/docs/backup/vsphere/backup_copy_remove_missing_point.html?ver=95
 
Viewing all 4485 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>