Veeam B&R recovery of a domain controller

Availability for the Always-On Enterprise

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby foggy » Mon Jun 04, 2012 9:55 am

This is not required in the case of a single DC recovery. Though you do need to perform authoritative SYSVOL restore on the first DC in case of restoring the whole Active Directory. Here are more good topics on that: Multiple Domain Controllers - How to Backup? and Active Directory and DR Site.
foggy
Veeam Software
 
Posts: 15600
Liked: 1162 times
Joined: Mon Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby mwant » Wed Jun 06, 2012 2:45 pm

I am refering to restore of the whole domain so yes sysvol restore is required and is frankly a bit of a pain to do manually so it would be very useful to be able to mark sysvol as authoritative as you could do in BE or windows backup as stated. This would be a good funtional addition to Veeam.

I have restored a domain in a live DR situation before and didn't have to mess around with SYSVOL as I used BE so was a bit confused initially when I uncovered the need for it.

I need some backup here from other Active Directory users....
mwant
Influencer
 
Posts: 13
Liked: never
Joined: Tue Oct 04, 2011 10:33 am
Full Name: m want

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby ori » Wed Jun 27, 2012 8:02 pm 1 person likes this post

mwant, I'm with you on this one. Currently we are not using vss on our DCs in replication jobs because if we do, they become non-functional few minutes after we start them in our DR site. Adding this simple feature would be a great enhancement for us, and I'm sure that for many more.
ori
Enthusiast
 
Posts: 60
Liked: 1 time
Joined: Sat Apr 28, 2012 9:51 pm
Full Name: Ori Besser

Restore single DC from multi DC in a test environment

Veeam Logoby SoloIT » Fri Aug 17, 2012 8:10 pm

[merged]

I'm trying to restore a single DC from a multi DC environment to a test server. I've restored the VM, let Veeam do the auto-reboot to do the non-authoritative restore, but the DC and AD are not functioning correctly. The sysvol is not being shared, PC's cannot join the domain, etc. I'm running 2008 R2. What is the proper method?

Thanks,
George
SoloIT
Novice
 
Posts: 4
Liked: 1 time
Joined: Fri Aug 17, 2012 8:05 pm
Full Name: George Lasseigne

Re: Restore single DC from multi DC in a test environment

Veeam Logoby tsightler » Sat Aug 18, 2012 12:28 am

I'm assuming your test servers is isolated from the other environment? How long have you waited? It can take about 15-30 minutes for the sysvol to share out while the system attempts to communicate with other replica partners. Veeam performs some "magic" to overcome this when we boot the DC in a vLab.
tsightler
Veeam Software
 
Posts: 4927
Liked: 1854 times
Joined: Fri Jun 05, 2009 12:57 pm
Full Name: Tom Sightler

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby hannisch » Sat Aug 18, 2012 11:06 pm

I've one question regarding restoring a dc from Backup or starting a Replika. What is about USN rollback. Does Veeam sets the required registry Key in both situations, automaticly, or will I run into an USN rollback in a multi dc environment, after restore?

Sven
hannisch
Enthusiast
 
Posts: 26
Liked: 5 times
Joined: Thu Dec 15, 2011 8:14 pm
Full Name: Sven Hannisch

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby Gostev » Sun Aug 19, 2012 7:03 pm

You will not run into USN rollback, since Veeam performs DC backup and restore according to Microsoft requirements (using VSS).
Gostev
Veeam Software
 
Posts: 21734
Liked: 2459 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby SoloIT » Mon Aug 20, 2012 1:12 pm

I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.
SoloIT
Novice
 
Posts: 4
Liked: 1 time
Joined: Fri Aug 17, 2012 8:05 pm
Full Name: George Lasseigne

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby SoloIT » Tue Aug 21, 2012 5:52 pm

I've exchanged a few emails with tech support, and I'm getting nowhere. I know someone out there is smarter than me and has this figured out. I'm guessing my issue is due to coming from a multiple DC environment to the single DC test world.
SoloIT
Novice
 
Posts: 4
Liked: 1 time
Joined: Fri Aug 17, 2012 8:05 pm
Full Name: George Lasseigne

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby tsightler » Tue Aug 21, 2012 6:58 pm

SoloIT wrote:I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.


This "magic" is only performed in a vLab, it doesn't sound like you are using a vLab. Are you backing up with Application Aware Processing enabled?
tsightler
Veeam Software
 
Posts: 4927
Liked: 1854 times
Joined: Fri Jun 05, 2009 12:57 pm
Full Name: Tom Sightler

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby dellock6 » Tue Aug 21, 2012 10:30 pm

The single DC you are trying to boot has all the FSMO roles in it, or are they on another server? Maybe some missing roles are causing the restored DC to hang somewhere. Also, is this DC also an authoritative DNS server for the active directory zone?

Luca.
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5195
Liked: 1401 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby ori » Wed Aug 22, 2012 5:46 pm

SoloIT wrote:I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.


The first time you start the replica, when the SYSVOL stops to be shared, if you have in the SYSVOL\sysvol\yourdomainname folder a folder named Ntfrs_PreExisting, try this:

- net stop ntfrs
- on the SYSVOL folder, move the content of the PreExisting folder to the root of the SYSVOL\sysvol\yourdomainname folder.
- set the "BurFlags" value in 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup' key to "D4"
- net start ntfrs
- wait to see if SYSVOL is shared.
ori
Enthusiast
 
Posts: 60
Liked: 1 time
Joined: Sat Apr 28, 2012 9:51 pm
Full Name: Ori Besser

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby SoloIT » Fri Aug 24, 2012 5:23 pm 1 person likes this post

Thanks for all the info. Short version..I had some corruption in my Veeam backup. After doing a new full image, things are working better. However, I have documented my process to maybe help save others down the road. I may have a few extra or unnecessary steps.

1. Restore from Veeam.
2. Allow Veeam to auto-reboot machine. (this can take 30-45 minutes)
3. Copy %systemroot%\sysvol\domain (just in case you need them)
4. Seize all FSMO roles
run ntdsutil
roles
connections
connect to server [servername]
q
seize pdc
seize naming master
seize infrastructure master
seize rid master
seize schema master
q
q
5. Remove other DC refs
run ntdsutil
metadata cleanup
connections
connect to server [servername]
q
select operation target
list domains
select domain [domain number]
list sites
select site [site number]
list servers in site
select server [server number to remove]
q
remove selected server

repeate as necessary to remove other servers
6. Edit network setting to remove other DNS servers
7. Remove old servers from DNS server
including _msdcs
_ldap._tcp.[site].DomainDnsZones.[Domain]
_ldap._tcp.DomainDnsZones.[Domain]
_ldap._tcp.[site].ForestDnsZones.[Domain]
_ldap._tcp.ForestDnsZones.[domain]
8. Stop ntfrs server (net stop ntfrs)
9. Edit registry \HLM\SYSTEM\CurrentControlSet\services\NtFrs\Parameters\Backup/Restore\Process at Startup
BurFlags set to D4 Hex
10. Start ntfrs server (net start ntfrs)
11. Restart server and run dcdiag to ensure clean DC
SoloIT
Novice
 
Posts: 4
Liked: 1 time
Joined: Fri Aug 17, 2012 8:05 pm
Full Name: George Lasseigne

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby rawtaz » Sun Sep 09, 2012 7:43 pm

I don't know all of that stuff above, but big kudos for taking the time to jot it down for others!
rawtaz
Enthusiast
 
Posts: 85
Liked: 14 times
Joined: Fri Jan 27, 2012 4:42 pm

Re: Veeam B&R v5 recovery of a domain controller

Veeam Logoby zoltank » Tue Sep 11, 2012 6:57 pm

SoloIT wrote:Thanks for all the info. Short version..I had some corruption in my Veeam backup.

Do yo know what kind of corruption? What caused it?

What kind of backups were you doing? How long had it been since an Active Full backup?

Do you use SureBackup?
zoltank
Expert
 
Posts: 210
Liked: 30 times
Joined: Fri Feb 18, 2011 5:01 pm

PreviousNext

Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot], MrSpock and 1 guest