Comprehensive data protection for all workloads
Post Reply
meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

event id 2089 domain controller

Post by meetoo » Jun 22, 2018 9:09 pm

We are backing up 3 domain controllers via Veeam 9.5 u2. 2 of the DC’s are backing up fine, but yesterday & today we got this event on the 3rd DC.

22 Jun 2018 02:51:40 PM
Computer: [DC1]
Monitor: [Event Log Monitor]
Description:
* Event Time: 22 Jun 2018 02:47:36 PM
* Source: Microsoft-Windows-ActiveDirectory_DomainService
* Event Log: Directory Service
* Type: Warning
* Event ID: 2089
* Event User: NT AUTHORITY\ANONYMOUS LOGON
* This directory partition has not been backed up since at least the following number of days.

Directory partition:
DC=DomainDnsZones,DC=domain1,DC=domain2,DC=local

'Backup latency interval' (days):
30

It is recommended that you take a backup as often as possible to recover from accidental loss of data. However if you haven't taken a backup since at least the 'backup latency interval' number of days, this message will be logged every day until a backup is taken. You can take a backup of any replica that holds this partition.

By default the 'Backup latency interval' is set to half the 'Tombstone Lifetime Interval'. If you want to change the default 'Backup latency interval', you could do so by adding the following registry key.

'Backup latency interval' (days) registry key:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days)

The DC is successfully backing up in Veeam.

Suggestions?

Thanks

nielsengelen
Veeam Software
Posts: 2587
Liked: 531 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: event id 2089 domain controller

Post by nielsengelen » Jun 24, 2018 9:19 am

Have a look at the following thread and see if this helps with the issue/information warning. It can be ignored if your backup runs without issues.

If you want to ignore this informational message you can remove the DWORD in the registry:
System\CurrentControlSet\Services\NTDS\Parameters\Backup Latency Threshold (days) (30).
VCP-DCV
Veeam Certified Architect (VMCA)
http://foonet.be

meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo » Jun 25, 2018 12:45 pm

Thanks! I saw that thread, but there are no 'Domain Controller' options under Application Aware Processing, plus no other DC's are generating this event, so I am hesitant to ignore it.

nielsengelen
Veeam Software
Posts: 2587
Liked: 531 times
Joined: Jul 15, 2013 11:09 am
Full Name: Niels Engelen
Contact:

Re: event id 2089 domain controller

Post by nielsengelen » Jun 27, 2018 9:50 pm

It is just related to a windows settings. If you enable application aware processing we’ll do the actions needed via VSS. If this is enabled for this domain controller, you might want to contact support for more insight.
VCP-DCV
Veeam Certified Architect (VMCA)
http://foonet.be

meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo » Jul 18, 2018 2:37 pm

I think the problem is related to the server being a DC & also a DNS server. I created a specific domain admin account to use for the app-aware processing, but the job still fails. My other DC's running DNS are physical & backup via the agent with no issues.

foggy
Veeam Software
Posts: 17931
Liked: 1512 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy » Jul 18, 2018 4:16 pm

What do you mean by "the job still fails"? In your original post you mentioned that the DC is successfully backed up.

meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo » Jul 18, 2018 6:19 pm

Sorry. To clarify, originally i backed it up as a non app-aware job, which was 'successful', but the event referenced above occurred. I then changed to app-aware & now the job fails.

Code: Select all

7/18/2018 3:35:48 AM :: Processing DC1 Error: Failed to connect to guest agent. Errors:
'Cannot connect to the host's administrative share. Host:  [dc1]. Account: [domain\domainadminaccount].
Win32 error:An extended error has occurred.
 Code: 1208
Cannot connect to the host's administrative share. Host:  [111.11.11.111]. Account: [domain\domainadminaccount].
Win32 error:An extended error has occurred.
 Code: 1208
'

foggy
Veeam Software
Posts: 17931
Liked: 1512 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy » Jul 19, 2018 3:07 pm

Ah, that explains the initial message. You should always backup a DC with app-aware processing enabled.

To troubleshoot the last error, are you able to open the administrative share on this VM manually using the same account you specify in the job settings?

meetoo
Influencer
Posts: 24
Liked: 2 times
Joined: Jul 21, 2016 3:44 pm
Full Name: A Stewart
Contact:

Re: event id 2089 domain controller

Post by meetoo » Jul 30, 2018 6:39 pm 1 person likes this post

At the beginning I created a user account & dropped it in Domain Admin to use as the service account for this job. As a security measure, I locked the account to only have access to the domain controller in question. This caused VSS errors, so I removed the lock, rebooted the DC & now the app-aware backup is successful.

foggy
Veeam Software
Posts: 17931
Liked: 1512 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: event id 2089 domain controller

Post by foggy » Jul 31, 2018 1:53 pm

Thanks for letting us know the solution, much appreciated.

Post Reply

Who is online

Users browsing this forum: BassTeQ, opetit and 55 guests