Availability for the Always-On Enterprise
Post Reply
foggy
Veeam Software
Posts: 16815
Liked: 1358 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by foggy » Jun 04, 2012 9:55 am

This is not required in the case of a single DC recovery. Though you do need to perform authoritative SYSVOL restore on the first DC in case of restoring the whole Active Directory. Here are more good topics on that: Multiple Domain Controllers - How to Backup? and Active Directory and DR Site.

mwant
Influencer
Posts: 17
Liked: never
Joined: Oct 04, 2011 10:33 am
Full Name: m want
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by mwant » Jun 06, 2012 2:45 pm

I am refering to restore of the whole domain so yes sysvol restore is required and is frankly a bit of a pain to do manually so it would be very useful to be able to mark sysvol as authoritative as you could do in BE or windows backup as stated. This would be a good funtional addition to Veeam.

I have restored a domain in a live DR situation before and didn't have to mess around with SYSVOL as I used BE so was a bit confused initially when I uncovered the need for it.

I need some backup here from other Active Directory users....

ori
Enthusiast
Posts: 65
Liked: 1 time
Joined: Apr 28, 2012 9:51 pm
Full Name: Ori Besser
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by ori » Jun 27, 2012 8:02 pm 1 person likes this post

mwant, I'm with you on this one. Currently we are not using vss on our DCs in replication jobs because if we do, they become non-functional few minutes after we start them in our DR site. Adding this simple feature would be a great enhancement for us, and I'm sure that for many more.

SoloIT
Novice
Posts: 4
Liked: 1 time
Joined: Aug 17, 2012 8:05 pm
Full Name: George Lasseigne
Contact:

Restore single DC from multi DC in a test environment

Post by SoloIT » Aug 17, 2012 8:10 pm

[merged]

I'm trying to restore a single DC from a multi DC environment to a test server. I've restored the VM, let Veeam do the auto-reboot to do the non-authoritative restore, but the DC and AD are not functioning correctly. The sysvol is not being shared, PC's cannot join the domain, etc. I'm running 2008 R2. What is the proper method?

Thanks,
George

tsightler
Veeam Software
Posts: 5191
Liked: 2070 times
Joined: Jun 05, 2009 12:57 pm
Full Name: Tom Sightler
Contact:

Re: Restore single DC from multi DC in a test environment

Post by tsightler » Aug 18, 2012 12:28 am

I'm assuming your test servers is isolated from the other environment? How long have you waited? It can take about 15-30 minutes for the sysvol to share out while the system attempts to communicate with other replica partners. Veeam performs some "magic" to overcome this when we boot the DC in a vLab.

hannisch
Enthusiast
Posts: 27
Liked: 5 times
Joined: Dec 15, 2011 8:14 pm
Full Name: Sven Hannisch
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by hannisch » Aug 18, 2012 11:06 pm

I've one question regarding restoring a dc from Backup or starting a Replika. What is about USN rollback. Does Veeam sets the required registry Key in both situations, automaticly, or will I run into an USN rollback in a multi dc environment, after restore?

Sven

Gostev
Veeam Software
Posts: 22972
Liked: 2879 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by Gostev » Aug 19, 2012 7:03 pm

You will not run into USN rollback, since Veeam performs DC backup and restore according to Microsoft requirements (using VSS).

SoloIT
Novice
Posts: 4
Liked: 1 time
Joined: Aug 17, 2012 8:05 pm
Full Name: George Lasseigne
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by SoloIT » Aug 20, 2012 1:12 pm

I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.

SoloIT
Novice
Posts: 4
Liked: 1 time
Joined: Aug 17, 2012 8:05 pm
Full Name: George Lasseigne
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by SoloIT » Aug 21, 2012 5:52 pm

I've exchanged a few emails with tech support, and I'm getting nowhere. I know someone out there is smarter than me and has this figured out. I'm guessing my issue is due to coming from a multiple DC environment to the single DC test world.

tsightler
Veeam Software
Posts: 5191
Liked: 2070 times
Joined: Jun 05, 2009 12:57 pm
Full Name: Tom Sightler
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by tsightler » Aug 21, 2012 6:58 pm

SoloIT wrote:I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.
This "magic" is only performed in a vLab, it doesn't sound like you are using a vLab. Are you backing up with Application Aware Processing enabled?

dellock6
Veeam Software
Posts: 5487
Liked: 1509 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by dellock6 » Aug 21, 2012 10:30 pm

The single DC you are trying to boot has all the FSMO roles in it, or are they on another server? Maybe some missing roles are causing the restored DC to hang somewhere. Also, is this DC also an authoritative DNS server for the active directory zone?

Luca.
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com/en/
vExpert 2011-2012-2013-2014-2015-2016-2017-2018
Veeam VMCE #1

ori
Enthusiast
Posts: 65
Liked: 1 time
Joined: Apr 28, 2012 9:51 pm
Full Name: Ori Besser
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by ori » Aug 22, 2012 5:46 pm

SoloIT wrote:I've let it sit all weekend to ensure the "magic" happened. However, it's still not sharing out the sysvol. I'm not sure if there is something wrong with the backup, or I'm doing something wrong. Guess I'll be calling support.
The first time you start the replica, when the SYSVOL stops to be shared, if you have in the SYSVOL\sysvol\yourdomainname folder a folder named Ntfrs_PreExisting, try this:

- net stop ntfrs
- on the SYSVOL folder, move the content of the PreExisting folder to the root of the SYSVOL\sysvol\yourdomainname folder.
- set the "BurFlags" value in 'HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Backup/Restore\Process at Startup' key to "D4"
- net start ntfrs
- wait to see if SYSVOL is shared.

SoloIT
Novice
Posts: 4
Liked: 1 time
Joined: Aug 17, 2012 8:05 pm
Full Name: George Lasseigne
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by SoloIT » Aug 24, 2012 5:23 pm 1 person likes this post

Thanks for all the info. Short version..I had some corruption in my Veeam backup. After doing a new full image, things are working better. However, I have documented my process to maybe help save others down the road. I may have a few extra or unnecessary steps.

1. Restore from Veeam.
2. Allow Veeam to auto-reboot machine. (this can take 30-45 minutes)
3. Copy %systemroot%\sysvol\domain (just in case you need them)
4. Seize all FSMO roles
run ntdsutil
roles
connections
connect to server [servername]
q
seize pdc
seize naming master
seize infrastructure master
seize rid master
seize schema master
q
q
5. Remove other DC refs
run ntdsutil
metadata cleanup
connections
connect to server [servername]
q
select operation target
list domains
select domain [domain number]
list sites
select site [site number]
list servers in site
select server [server number to remove]
q
remove selected server

repeate as necessary to remove other servers
6. Edit network setting to remove other DNS servers
7. Remove old servers from DNS server
including _msdcs
_ldap._tcp.[site].DomainDnsZones.[Domain]
_ldap._tcp.DomainDnsZones.[Domain]
_ldap._tcp.[site].ForestDnsZones.[Domain]
_ldap._tcp.ForestDnsZones.[domain]
8. Stop ntfrs server (net stop ntfrs)
9. Edit registry \HLM\SYSTEM\CurrentControlSet\services\NtFrs\Parameters\Backup/Restore\Process at Startup
BurFlags set to D4 Hex
10. Start ntfrs server (net start ntfrs)
11. Restart server and run dcdiag to ensure clean DC

rawtaz
Enthusiast
Posts: 85
Liked: 14 times
Joined: Jan 27, 2012 4:42 pm
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by rawtaz » Sep 09, 2012 7:43 pm

I don't know all of that stuff above, but big kudos for taking the time to jot it down for others!

zoltank
Expert
Posts: 212
Liked: 33 times
Joined: Feb 18, 2011 5:01 pm
Contact:

Re: Veeam B&R v5 recovery of a domain controller

Post by zoltank » Sep 11, 2012 6:57 pm

SoloIT wrote:Thanks for all the info. Short version..I had some corruption in my Veeam backup.
Do yo know what kind of corruption? What caused it?

What kind of backups were you doing? How long had it been since an Active Full backup?

Do you use SureBackup?

Post Reply

Who is online

Users browsing this forum: AndrewPBG, Bing [Bot], daniel.triplehorn, ManOrs and 56 guests