Below refers to Veeam case 02054866, huge thanks to Veeam support for assistance here.
Wanted to share a really interestig and weird issue with our backed up and replica Domain Controllers since upgrading to Veeam 9.5 Update 1. If you have upgraded to 9.5 and have not performed a full test restore of your backed up and replica Domain Controllers, I suggest you do.
We've been using Veeam since v6. All vm's are backed up with 'Application aware processing'. I perform a weekly DR test where I bring up all the replica vm's on an isolated network and do a full test of the environment ie, exchange mail, intranet websites, hosted custom .net and SQL applications. The DC's bootup, do the non-authorative restore, get to the login screen and the reboot, as per normal.
The 2 domain controllers primary DNS is set to each other, and the secondary is set to themselves, as per best practice.
NLA reports that the servers are on 'unidentified network' - should be on 'Domain Network' - so all servers firewall profiles change.
Unable to login to any servers - No domain
No sysvol share
No netlogon share (no global catalog)
Exch DC can ping each other by IP, hostname and FQDN, even telnet on DNS and AD ports are successful.
NSLOOKUP to hostname works but to FQDN fails - request times out
So it appears that whilst there is full name resolution, AD DNS resquests to finds resource records is failing
Directory Service Log - Event ID 2088, source: ActiveDirectory_DomainService Level: warning
Veeam support pointed me here (Thank you!!) https://kb.vmware.com/selfservice/micro ... Id=1020078
Installed hotfix on the replica VM's and rebooted. Removed and reconfigured nic as per above article
Shutdown File Replication Service on both DC's
Restored C:\windows\sysvol to DC holding the FSMO roles from a backup
Performed a authorative restore (burflags d4) of sysvol on the DC holding the FSMO roles
Performed a non-authorative restore of sysvol (burflags d2) on the other server.
Once this was completed, I rebooted the DC's, they came up perfectly, on the Domain Network. Then rebooted the other member VM's and all was ok.
Hope this helps someone else.
Some helpful Linkshttps://www.veeam.com/blog/how-to-recov ... ction.htmlhttps://groups.google.com/forum/#!msg/m ... kT394rNgEJhttp://doitfixit.com/blog/2013/04/17/re ... gon-share/http://kpytko.pl/active-directory-domai ... store-frs/http://www.extremesanity.com/blog/?p=165