Recovery Manager for Active Directory (8.6) - Questsupport-public.cfm.quest.com/34b190d5-8567-4145-9c... · •Recovery Manager for Active Directory improves the availability of network

Recovery Manager for Active Directory (8.6)

2Confidential Technical Support Training/ Support Partner Program

• Learning Objectives- Slide 4

• Recovery Manager for Active Directory Functional Overview- Slide 5

• Architecture - Slide 6

• Console Overview – Slide 7

• Debug Logging Overview – Slide 8

• Backups – Slides 9 - 11

• AD LDS-Slides 12 and 13

• Restores – Slides 14 – 16

• Repair Wizard – Slides 17 and 18

Slide Index


• Group Policy Wizard – Slides 19 and 20

• Recovery Manager Portal – Slides 21 and 22

• Common Solutions – Slide 23

• Prerequisites for contacting support – Slide 24

Slide Index Continued


Learning Objectives

• Upon completion of this lesson, the student should be able to– Troubleshoot common issues with Recovery Manager for Active Directory

– Diagnose common issues with components such as the Repair Wizard, Online Restore Wizard, GPO Restore Wizard, Web Portal and AD LDS (ADAM)

How To Diagnose & Troubleshoot


Recovery Manager for AD Functional Overview

• Recovery Manager for Active Directory improves the availability of network environments by providing remote, automated backup management and data restoration for the recovery of Active Directory, AD LDS (ADAM), and Group Policy Objects

• Recovery Manager for AD consists of two main components:– Recovery Manager for AD console – All backup and restore administration is

managed within one console

– Database – Used to store temporary information for comparison reports during restores


Architecture

Recovery Manager Databases

on SQL Server

Recovery Manager

Console and Web PortalDomain Controller

AD LDS (ADAM) Host

External Backup Storage

(optional)


Overview of the Recovery Manager for AD Console


Debug Logging Overview

• Debug logging can be enabled within the Settings of the product– Right click on the “Recovery Manager for AD” node and then select “Settings…”. Go to the

Logging tab and put a check mark in for “Use diagnostic logging”

• If possible, clear existing logs and recreate the issue with enhanced diagnostic logging enabled. For detailed instructions see SOL123269

• Location of log files on the Recovery Manager server:– Windows 2003: C:\Documents and Settings\All Users\Application Data\Dell\Recovery

Manager for Active Directory\Logs

– Windows 2008 (hidden folder): C:\ProgramData\Dell\Recovery Manager for Active Directory\Logs

• Location of log files on the domain controller:– C:\Windows\RecoveryManagerAD

https://support.software.dell.com/recovery-manager-for-ad/kb/123269


Active Directory - Backups• By default Recovery Manager will back up the entire system state of a domain controller. This can be

configured within the Collection properties and under the “System State” tab

• All backups are compressed on average at a 7:1 ratio and are stored as .bkf files

• Recovery Manager supports registering third party backup files as long as they are a Microsoft Tape Format (MTF) compliant backup file (.bkf)

• If the backup format is not supported, extract the backup file and register the Active Directory database file (.dit) as an offline AD database

• Backups are extracted by default providing the administrator fast access to backups in the case of a restore. The default value for the amount of unpacked backups retained can be modified within the settings of the product

• Backups that are scheduled use the credentials of the scheduled account, unless an account is specified within the “Agent Settings” tab of the collection properties

• For more information on the results of backups, navigate to the session and then right click on the domain controller and go to Properties


Backup Agent• Backups can be completed using an agent that is installed (automatically removed when the backup is

completed) during the time of backup or using a preinstalled backup agent

• Using the preinstalled backup agent has two advantages:– One port is needed for communication. By default the port is 3843. If the default port needs to be changed

see SOL22319

– Can maintain connection longer over a slow WAN link

• Preinstalled backup agent runs as a service named “Dell Backup Agent” and as a process named BackupAgent.exe or BackupAgent64 .exe (depending on OS architecture)

• If deploying the backup agent automatically, the files will be sent to C:\Windows\RecoveryManagerAD and a process named ErdAgent.exe or ErdAgent64.exe (depending on OS architecture) will be running during the backup process. Once the backup has been completed, the files will be removed and the process will end.

• Backup agent log files on the domain controller:– Preinstalled Backup Agent: C:\Windows\RecoveryManagerAD\BackupAgent.log (or BackupAgent64.log)

– Backup agent deployed during each backup: C:\Windows\RecoveryManagerAD\ErdAgent.log (or ErdAgent64.log)



Common Backup Issues• Error “Unable to execute request” usually indicates an issue with the backup process on the DC. If a

preinstalled backup is being used, restart the service. If a backup was recently run prior to this error, give the agent time to remove itself and try again - SOL78464

• Any VSS (Volume Shadow Copy Service) error is generally a native issue with the domain controller. It is possible to prove this by taking a system state backup using native tools. The VSS error is likely documented by Microsoft and will include their own troubleshooting steps

• “All Operations Failed” is a generic failure message. Review the sessions details, and the properties of the failed DC within the session to find the root cause

• “Failed to get members of local groups of domain ‘mydomain.com’” is due to the fact that if there are multiple domains, the backup agent will need to contact the other domains to obtain cross domain group membership and that domain will need to be reachable - SOL22909

• Error “cannot establish the connection to the backup agent” can occur for various reasons. See list located in SOL60209





AD LDS (ADAM) Overview


Common AD LDS (ADAM) Issues• Error “Unable to connect to LDAP server” may occur if the AD LDS instance is not on the

default port 389. This requires modifying the registry on the Recovery Manager sever -SOL60134

• The entire instance needs to be restored but it is only possible to restore objects. Follow the procedure outlined in SOL56620 to restore the entire instance

• Error “Invalid API parameter” may occur when extracting the AD LDS backup. Resolve this by copying the correct esent.dll file to the Recovery Manager folder - SOL13444





Online Restore Wizard Overview


Online Restore Wizard: Agent vs Agentless• Restores through the Online Restore Wizard can be completed using Agentless or Agent based

• There are several differences between agent and agentless restores. Mainly, the agent based restore requires more permissions than agentless, however it is able to restore password and SID history for Users and Computer objects. For more information regarding the differences between the two methods, please review the video located in SOL73236

• Unlike the backup agent, the online restore agent cannot be preinstalled

• To configure the Windows Firewall on the domain controller to allow the restore agent to be transferred follow the steps outlined in SOL51897

• Online Restore log files on the domain controller:– C:\Windows\RecoveryManagerAD\OnlineRestoreAdapter.log

– C:\Windows\RecoveryManagerAD\EriAgent.log




Online Restore Wizard Common Issues• Error “failed to initialize reporter. Login Failed” may occur if the account logged in does not have access to

the SQL database used to generate a report. Grant the account access to the database or remove the option to generate a report if only the restore is required – SOL87587

• After restore operation is complete, the restored user cannot login or if a computer object was restore the computer has to be rejoined to the domain. The restore was likely done with the agentless method. Restore the object again with the Agent based restore method.

• Error “Failed to create a remote object” or “RPC Server is unavailable “ may occur if the restore agent cannot be copied to the DC. Try opening up ports using SOL51897 or use the agentless method

• Error during backup extraction in Online Restore Wizard: “Version of log files is not compatible with Jet Version”. This can occur due to a version mismatch between the OS that RMAD is installed on and the OS of the DC – SOL11601

• Unable to find and select DNS zones to restore. When adding an object using the Browse menu, check the box “Show Advanced Objects” - SOL56999

• Errors such as “Directory object not found” is due to the object no longer existing as a tombstone. Recovery Manager cannot restore objects past the tombstone lifetime. This is due to the design of Active Directory -SOL64028, SOL47772








Repair Wizard Overview


Repair Wizard Common Issues• “Mark the entire directory as authoritatively restore” option appears grayed out. The

product does not support marking the entire directory as authoritative for Windows 2008 domain controllers - SOL50348

• Entering an incorrect DSRM password during the wizard will cause the process to fail. If in doubt, reset the password during the wizard



Group Policy Restore Wizard Overview


Group Policy Restore Wizard Common Issues• Error “The specified directory service attribute or value does not exist” may occur if the

account running the wizard does not have access to the GPO’s folder on the Domain Controller (C:\Windows\SYSVOL\domain\policies\{GUID})

• Comparison reports may not contain information on some GPO settings. Disregard this, Recovery Manager will be able to restore the settings without issue. For a full list of settings see SOL12024

• Error “Unable to extract the backup: Compression is disabled for this volume” may be due to folders within the SYSVOL being compressed. Verify target folder is not compressed.



Recovery Manager Portal Overview


Recovery Manager Portal Common Issues• Error when launching the Web Portal: "HTTP Error 500.19“. Follow steps outlined in

SOL120590

• Error "Cannot create database RecoveryMgrPortal because it already exists on SQL Server instance“. Delete existing database as outlined in SOL121341

• An account that does not have domain admin access will not be able to restore objects unless they are configured to do so in the list of delegates

• IIS must be installed and running prior to the installation of the Portal

• The Recovery Manager Portal Access service must be installed and running prior to the installation of the Portal




Common Solutions• SOL11601 - Error during backup extraction in Online Restore Wizard: “Version of log files

is not compatible with Jet Version”. This can occur due to a version mismatch between the OS that RMAD is installed on and the OS of the DC

• SOL116317– Error during backup: "Failed to connect to backup agent“

• SOL124386 - How to upgrade to version 8.6

• SOL119172 – How to enable extended logging

• SOL118738 - How to move RMAD to another server







Prerequisites for Contacting Support


• Problem Description

• Diagnostic logs, screenshots, etc.

• Environmental details (system versions, physical/virtual hardware, federation, High Availability, architecture, etc.)

• Issue severity and customer business impact, timeframes, etc.

• If a performance issue, provide specific details as specified in the Notes section of this slide.

When opening a support case submit the following:


Feedback on the Documentation

We are interested in receiving feedback from you about our Support Technical Training. When submitting feedback please include:

Product / Version

Indicate if you are providing Feedback on:

– Support Training Documentation

– Support Training Exam

– Practical Exam

Comments

All comments are welcome. Please submit your feedback to the following email address:

[email protected]

Please do not submit Technical Support requests to this email address.

mailto:[email protected]


DELL CONFIDENTIAL AND PROPRIETARY

This document (the “Document”) contains confidential information of Dell and embodies trade secret and proprietary intellectual property of Dell. It is legally protected and shall not be copied, modified, reverse engineered, published, disclosed, disseminated outside of Dell or otherwise used, in whole or in part, without Dell’s written consent, provided, however, that you have the right to use the Document solely for your internal use and solely as necessary for you to enjoy the benefit of Services under the applicable SOW (or other agreement) you have entered into with Dell. Copyright 2012 by Dell Inc. The copyright notice does not imply publication of this document or its contents.

DELL, the E (Stylized in a sphere) logo, Dell Compellent, OpenManage, EqualLogic, PowerEdge, PowerVault and other Dell trademarks are the trademarks or registered trademarks of Dell Inc. in the U.S. and certain other countries.