Comprehensive data protection for all workloads
Post Reply
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

event id 2089 domain controller

Post by meetoo »

We are backing up 3 domain controllers via Veeam 9.5 u2. 2 of the DC’s are backing up fine, but yesterday & today we got this event on the 3rd DC.

22 Jun 2018 02:51:40 PM
Computer: [DC1]
Monitor: [Event Log Monitor]
Description:
* Event Time: 22 Jun 2018 02:47:36 PM
* Source: Microsoft-Windows-ActiveDirectory_DomainService
* Event Log: Directory Service
* Type: Warning
* Event ID: 2089
* Event User: NT AUTHORITY\ANONYMOUS LOGON
* This directory partition has not been backed up since at least the following number of days.

Directory partition:
DC=DomainDnsZones,DC=domain1,DC=domain2,DC=local

'Backup latency interval' (days):
30

It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.

'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)

The DC is successfully backing up in Veeam.

Suggestions?

Thanks
nielsengelen
Product Manager
Posts: 5619
Liked: 1177 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: event id 2089 domain controller

Post by nielsengelen »

Have a look at the following thread and see if this helps with the issue/information warning. It can be ignored if your backup runs without issues.

If you want to ignore this informational message you can remove the DWORD in the registry:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days) (30).
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo »

Thanks! I saw that thread, but there are no 'Domain Controller' options under Application Aware Processing, plus no other DC's are generating this event, so I am hesitant to ignore it.
nielsengelen
Product Manager
Posts: 5619
Liked: 1177 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: event id 2089 domain controller

Post by nielsengelen »

It is just related to a windows settings. If you enable application aware processing we’ll do the actions needed via VSS. If this is enabled for this domain controller, you might want to contact support for more insight.
Personal blog: https://foonet.be
GitHub: https://github.com/nielsengelen
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo »

I think the problem is related to the server being a DC & also a DNS server. I created a specific domain admin account to use for the app-aware processing, but the job still fails. My other DC's running DNS are physical & backup via the agent with no issues.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy »

What do you mean by "the job still fails"? In your original post you mentioned that the DC is successfully backed up.
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo »

Sorry. To clarify, originally i backed it up as a non app-aware job, which was 'successful', but the event referenced above occurred. I then changed to app-aware & now the job fails.

Code: Select all

7/18/2018 3:35:48 AM :: Processing DC1 Error: Failed to connect to guest agent. Errors:
'Cannot connect to the host's administrative share. Host:  [dc1]. Account: [domain\domainadminaccount].
Win32 error:An extended error has occurred.
 Code: 1208
Cannot connect to the host's administrative share. Host:  [111.11.11.111]. Account: [domain\domainadminaccount].
Win32 error:An extended error has occurred.
 Code: 1208
'
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy »

Ah, that explains the initial message. You should always backup a DC with app-aware processing enabled.

To troubleshoot the last error, are you able to open the administrative share on this VM manually using the same account you specify in the job settings?
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo » 1 person likes this post

At the beginning I created a user account & dropped it in Domain Admin to use as the service account for this job. As a security measure, I locked the account to only have access to the domain controller in question. This caused VSS errors, so I removed the lock, rebooted the DC & now the app-aware backup is successful.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy »

Thanks for letting us know the solution, much appreciated.
Post Reply

Who is online

Users browsing this forum: Google [Bot], ybarrap2003 and 295 guests