Host-based backup of VMware vSphere VMs.
Post Reply
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

Support Case # 03300817
Morning All,
This doesn't appear to be a new issue and I can find many references to it in the forums here but no real solution. There were suggestions that worked for some folks and some posts just end without confirmation on resolution. I reached out to support and they tell me this is a Windows problem and not Veeam so I am hoping the community can help.

Information that may help:
1. Application aware processing is enabled on the backups
2. DC is being restored in Authoritative mode (Single DC)
3. DC passes all tests including DC test script, heartbeat and ping (firewall exception in place for this one machine to allow ICMPv4 inbound on private for testing)
4. Virtual lab has "allow proxy appliance to act as internet proxy for virtual machine in this lab" is checked
5. I can ping the DC from the Veeam server on the masqueraded IP (ICMP allowed in on private)
6. OS is Server 2016
7. Domain services all appear to start and I can access Users and computers just fine

Issue:
Domain controller boots with the Surebackup run, if I log in to the VM through vSphere once it's booted and check the network it is set to private. This is expected I think as the network has technically changed (IP remains the same but the MAC would have changed right?) but I do expect SureBackup to be able to account for that. If I restart the "Network Location Awareness Service" manually before other VMs are processed (This also restarts the "Network List Service" as it's dependent) this corrects the network to "Domain" instead of "Private" with no other changes.

It seems to me SureBackup should simply account for that if it's all that's required to correct that or is there something I could potentially have misconfigured causing the issue? Failing that does anyone have a way to restart that service and dependency using the scripting within SureBackup? Doing this manually is obviously defeating the purpose of Surebackup if I have to log in manually anyway.

I am open to anything that will help, correcting the DC appears to bring all the others up on the domain network instead of Private. I am sure others are in the same boat with Private and Public networks being locked down.

Jamie
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by PTide »

Hi,

Although it's not a script at all, but I hope it will give you an idea how to build your own, please check these links:

1. PS commands to change profile.
2. How to execute a custom PS script on the guest inside a vLab

Thanks!
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

Thanks PTide, I'll take a look through those as soon as I can and try mash something together. It's more of a work around though, I was seriously hoping someone would know why this issue is occurring only on SureBackup restores in the lab.

I have the PS script that will restart a service but it's not really setup as something automated or as a bat file.

Thank you again
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

OK looks like this could be even easier though I don't know why after all these years Veeam have not simply build it into the surebackup script list. Piece I am missing is to make sure it's run elevated as it needs to stop services. Bat file simply needs to contain these lines and maybe an echo 0 for the return?

SC Stop NetProfM
SC Stop NlaSvc
SC Start NlaSvc
SC Start NetProfM
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by PTide »

I think for batch scripts ''exit 0" should be used instead of 'echo 0'.

If you're looking for the way to return the output to VBR, please check this thread.

Thanks!
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

Thanks PTide! I think I am close now, if I run this from command line from the Veeam server it works. Let me know if something stands out as incorrect it's pulled from a variety of sources on here and Matheus Rocha on another site. 172,22,16.26 is the masquerade address for the DC.

Code: Select all

net session >nul 2>&1
IF %ERRORLEVEL% NEQ 0 GOTO ELEVATE
GOTO ADMINTASKS

:ELEVATE
CD /d %~dp0
MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('%~nx0', '', '', 'runas', 1);close();"
EXIT

:ADMINTASKS
SC \\172.22.16.26 Stop NetProfM
Timeout 1
SC \\172.22.16.26 Stop NlaSvc
Exit /B 0
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

So if I add that straight in to the surebackup as a test script it never seems to complete. Running it through cmd works just fine, so there is something else the surebackup testing needs I am missing.
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware » 1 person likes this post

OK so I have the PS scripts to read dependencies, stop each service attached and restart it. Problem is these scripts appear to run from the BNR server and are not copied locally to the VM being restored so these scripts won't work. Good fun so I went basic and came up with the 2 files below.
1. Bat file to run the PS Script needed
2. PS Script itself to stop the specific services (Hard coded for this one task) on a specific target machine

Attaching these to the automated jobs at the Application group level actually stops them and the network comes back up as domain.

Bat File Veeam1.bat

Code: Select all

REM query-service.bat
@ECHO OFF
powershell.exe -noninteractive -noprofile -command "& {C:\VeeamScripts\veeam1.ps1 %1 }"
EXIT /B %errorlevel%

PS File Veeam1.ps1

Code: Select all

Param ([Parameter(Mandatory=$true)] 
[String] $IP) #IP of the remote machine

Get-Service -Name NetProfM -ComputerName $IP | Stop-Service -Force #-Verbose
Get-Service -Name NlaSvc -ComputerName $IP | Stop-Service -Force #-Verbose
Get-Service -Name NlaSvc -ComputerName $IP | Start-Service #-Verbose
Get-Service -Name NetProfM -ComputerName $IP | Start-Service #-Verbose

Exit
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by PTide »

Thank you for getting back with the findings, much appreciated! The info will be passed to our dev team so they can take a look and think how to apply it in the product in the best way.

Thanks!
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

Really do appreciate that PTide, there are better ways to do the service restarts by passing in the service('s) to restart but this was quick and simple.

I really do want to thank you though for sending me the details you did, it helped!
Mike72677
Novice
Posts: 7
Liked: never
Joined: Nov 09, 2015 7:25 pm
Full Name: Mike T
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by Mike72677 »

I realize this is an old post so I have 2 questions....

1.) Is this still the work around? I'm having the same issue with a SureBackup. NLA is failing because DNS isn't up and running yet.

2.) If the script is still the fix, do you put the machine's regular IP in the script or do you use the translated SureBackup IP?

Thanks!
ExanSoftware
Influencer
Posts: 10
Liked: 2 times
Joined: Nov 27, 2018 9:48 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by ExanSoftware »

Morning Mike72677,
This is still used today in my production environment, I have not seen any updates to this as far as I am aware. As far as passing the IP address let Veeam do that in the job. If you look it will be one of the values it passes for you.

ExanSoftware
PTide
Product Manager
Posts: 6408
Liked: 724 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: SureBackup Restoring DC's in Private network space

Post by PTide »

Hi,

Here is a small update - we're currently investigating why DC would change its profile to Private or Public (we've observed both in our lab). That is, although we could incorporate some profile-check routines in surebackup jobs, that would just cure the symptoms, not the reason. Stay tuned : )

Thanks!
Post Reply

Who is online

Users browsing this forum: Mildur and 78 guests