Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
hyphen
Enthusiast
Posts: 26
Liked: 4 times
Joined: Jul 05, 2019 2:07 am
Full Name: AG
Contact:

Proper backup of Windows Server

Post by hyphen »

Hello,

I'd like to backup a Windows Server 2012 physical box which is a Domain Controller and File Server.

Do we need to purchase the paid Agent Server edition or will the Free edition properly backup the server?

Would we be able to do a bare metal restore and have active directory working using the Free edition?

Thank you very much!
HannesK
Product Manager
Posts: 14844
Liked: 3086 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Proper backup of Windows Server

Post by HannesK »

Hello,
backup is the same like for the paid version. Bare metal restore is also the same in general. If you have multiple domain controllers, please keep in mind how to restore a domain controller (https://www.veeam.com/kb2119 - adjust to agent)

Active Directory: as long as you don't need single item restore. Veeam Explorer for Active Directory is part of Backup & Replication. But it seems like you only have one single machine. correct?

Best regards,
Hannes
hyphen
Enthusiast
Posts: 26
Liked: 4 times
Joined: Jul 05, 2019 2:07 am
Full Name: AG
Contact:

Re: Proper backup of Windows Server

Post by hyphen »

Yes, it is a single physical host, not virtualized so that's why I'm planning to use Veeam Agent for Windows Freee and not Veeam Backup and Replication. There are no other domain controllers in the network. This sole server does all the roles (DC and File Server). We won't need Active Directory single item restore.

The only things we would need are:
  • file recovery in case users delete a file from a shared folder
  • bare metal recovery in case the whole server crashes and need to restore to new drives
Can the Veeam Agent for Windows Free Edition satisfy those two requirements?

Thanks again for all your help.
HannesK
Product Manager
Posts: 14844
Liked: 3086 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: Proper backup of Windows Server

Post by HannesK »

yes it can do that :-)
hyphen
Enthusiast
Posts: 26
Liked: 4 times
Joined: Jul 05, 2019 2:07 am
Full Name: AG
Contact:

Re: Proper backup of Windows Server

Post by hyphen » 1 person likes this post

You guys rock!
cantsitstill
Novice
Posts: 4
Liked: never
Joined: Aug 08, 2019 9:13 am
Full Name: Stuart Mackenzie
Contact:

Re: Proper backup of Windows Server

Post by cantsitstill »

Hello,

Strange that i came here to ask this very question and its the last question someone has asked! Excellent.

Can i just ask another for clarity. We have a situation where we have been using Veeam Agent for Windows (server edition) for some time to backup a single physical DC. Recently it was raised by someone that in order to restore a DC we must have application aware backups enabled and after the restore we need to do an non-authoritative/authoritative restore in order to get AD working again. I have seen it in tests that this is not the case.

Can you please advise if this is the case? We are using an older agent where there is not an option for application aware backups. I thought that since we only have one DC we should in theory be able to just bare metal restore the DC (without any application aware backups enabled) and AD would be unaware and continue to work as normal except obviously be taken back a week or however old the backup is.

Thanks!
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Proper backup of Windows Server

Post by wishr »

Hi Stuart,

Welcome to Veeam Community Forums and thanks for posting!

I'd recommend you to take a look at that thread in the B&R section - the same applies to Agent backups.

Please let us know if you'll have any additional questions. Thanks
cantsitstill
Novice
Posts: 4
Liked: never
Joined: Aug 08, 2019 9:13 am
Full Name: Stuart Mackenzie
Contact:

Re: Proper backup of Windows Server

Post by cantsitstill »

Hello,

Thanks! It seems most questions are around application aware backups and multiple DC's. We only have one physical DC and as far as i can tell the older agent (v 2.1.0.42) is not doing an application aware backup so my question is if we can do a full metal restore with our backups and if there are any further steps we need to restore AD.

Thanks
wishr
Veteran
Posts: 3077
Liked: 455 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Proper backup of Windows Server

Post by wishr »

Hi,

It does not really matter how many DCs you own, the backup approach remains the same.

I'd recommend updating your Agent to the latest version. AAIP ensures your AD database will not be corrupted and malfunction after restoration.

Just in general, it's always recommended to run the latest Agent and B&R versions, especially keeping in mind numbers of fixes, features, and enhancements we introduce with each new version.

Thanks
cantsitstill
Novice
Posts: 4
Liked: never
Joined: Aug 08, 2019 9:13 am
Full Name: Stuart Mackenzie
Contact:

Re: Proper backup of Windows Server

Post by cantsitstill »

Thanks for the reply.

OK understood that AAIP should be enabled for best practice and we should update to the latest agent- that will be on our list.

Sorry but i'm still not clear if its possible to do a full metal restore without AAIP with the agent we use? Will AD work correctly (provided its not corrupt) and do we need to perform an authoritative (where there is only one DC) restore as well or should it just work.

What confuses me is that we tested this procedure in the lab multiple times (without AAIP) and in each case the DC comes back up no problems without the need to restore AD.

Thanks
Dima P.
Product Manager
Posts: 14726
Liked: 1706 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Proper backup of Windows Server

Post by Dima P. »

Sorry but i'm still not clear if its possible to do a full metal restore without AAIP with the agent we use?
Yes, it is possible. Application aware processing is required to let the residing applications (i.e. Exchange / SQL / Oracle etc) in the correct state during backup as well as perform transaction log backup.
hyphen
Enthusiast
Posts: 26
Liked: 4 times
Joined: Jul 05, 2019 2:07 am
Full Name: AG
Contact:

Re: Proper backup of Windows Server

Post by hyphen »

This post may help. Check the answer by Robert

https://community.spiceworks.com/topic/ ... -old-image
YouGotServered
Service Provider
Posts: 176
Liked: 53 times
Joined: Mar 11, 2016 7:41 pm
Full Name: Cory Wallace
Contact:

Re: Proper backup of Windows Server

Post by YouGotServered » 1 person likes this post

cantsitstill wrote: Aug 08, 2019 12:27 pm Thanks for the reply.

OK understood that AAIP should be enabled for best practice and we should update to the latest agent- that will be on our list.

Sorry but i'm still not clear if its possible to do a full metal restore without AAIP with the agent we use? Will AD work correctly (provided its not corrupt) and do we need to perform an authoritative (where there is only one DC) restore as well or should it just work.

What confuses me is that we tested this procedure in the lab multiple times (without AAIP) and in each case the DC comes back up no problems without the need to restore AD.

Thanks
I struggled with the same question for a while a few years ago, but I have an answer :)

If you restore from an application-consistent backup, Veeam automatically performs a non-authoritative restore. This essentially makes the DC wait to function until it can replicate from another DC. The Netlogon and SYSVOL shares will not be shared out and will be inaccessible. This works great if you have another DC - your restored DC will start replicating from it automatically and everything is fine. But what if you don't have a second Domain Controller? Easy!

1. Once you restore your DC, go to C:\Windows\SYSVOL\domain - copy your "Policies" and "Scripts" folders to A SAFE PLACE (desktop for example). The next step will wipe these folders out.
2. Perform authoritative DC restore steps:
a. Check to see if you are using the older FRS replication method for SYSVOL (still most common these days in my experience), or the newer DFSR method.
i. Check the value of the HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DFSR\Parameters\SysVols\Migrating Sysvols\LocalState registry subkey. If this registry subkey exists and its value is set to 3 (ELIMINATED), DFSR is being used. If the subkey does not exist, or if it has a different value, FRS is being used.
b. If you're using FRS:
i. Stop the NTFRS service (File Replication Service)
ii. Set the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup\BurFlags key to the value D4
iii. Start the NTFRS service (File Replication Service)
iv. Wait about 10 minutes, copy your Policies and Scripts folder back to C:\Windows\SYSVOL\domain
v. Restart the netlogon service, wait another 5 - 10 minutes
vi. Ensure that your SYSVOL and NETLOGON shares are available on the DC
c. If you're using DFSR:
i. Unfortunately, I personally haven't done this before, but this article looks very detailed. There were several others that I found from a quick Google search: http://www.rebeladmin.com/2017/08/non-a ... plication/

Veeam also has an article on this: https://www.veeam.com/kb2119

If you forget to backup your SYSVOL folders and they get wiped, you can always File Level Restore them from Veeam, but that's an extra step :)

The most important part of this is to test and rehearse this procedure so that you can do it in an emergency with as little stress as possible. Restore your server in a sandbox environment (or your regular one without a NIC attached) and play around with this procedure.

On another note, myself and several others have long requested a feature that lets you restore in Authoritative mode by default. SureBackup already does it, so why not integrate that process into a restore? veeam-backup-replication-f2/feature-req ... 41952.html

Hopefully this helps!

Sources:
https://docs.microsoft.com/en-us/window ... vol-folder
https://support.microsoft.com/en-us/hel ... tion-servi
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 32 guests