Syed Jahanzaib – Personal Blog to Share Knowledge !

June 19, 2014

SAN attached windows 2008 hangs on boot

Filed under: IBM Related, Microsoft Related — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 9:37 AM

Just for reference purpose:

Recently I was testing some disaster recovery scenario of restoring Server A to Server B with identical hardware usingΒ Symantec Backup EXEC 2014 Simplified Disaster Recovery [SDR]CD. The hardware specs were as follows …

IBM Xseries 3650 M4, with RAID1
Dual Q.Logic Fiber Channel cards Mode: QLE2560 connected with two FC switches for multi path and failover
32 GB RAM,
IBM v3700 storewize SAN Storage

The restore went fine , system boot fine for the first time with everything intact, but when I rebooted it again , it failed to boot and shows only cursor blinking,Β  As showed in the image below …

123

I tried to boot it several times but with no results. I then removed the FC cables from the server’s Qlogic FC cards, and this time windows booted fine.

Solution:

I started the server without FC cables attached, then I removed the Windows MPIO features from ADD REMOVE FEATURES, and rebooted again with FC cables attached, and this time it works fine but showed duplicate SAN partitions. Then I applied IBM’s SSDM MPIO driver (MPIO_Win2008_x64_SDDDSM_64_2434-4_130816 for v3700 storewize)Β  and everything went fine πŸ™‚

You may also want to read the IBM’s article.
http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=migr-5081613

 

.

Regard’s
Syed Jahanzaib

June 12, 2014

Mikrotik WAN monitoring script with multiple host check

Filed under: Mikrotik Related — Tags: , — Syed Jahanzaib / Pinochio~:) @ 2:31 PM

eagle_map

Following is an Mikrotik RouterOS script designed to test internet connectivity by checking connectivity (by Ping method) for two different internet hosts, (like google dns and root dns server in this example). Main benefits of using script is that you can perform customized actions, like sending SMS or Email Alerts / acquire almost accurate results, avoiding false alarms etc etc.

In this script we are doing ping check on two internet hosts if it fails to receive single reply from both hosts, then it will consider the link DOWN. If one host is working and second is down, it will consider the link UP. It is done for cross verification. All sections in the script is customizable to meet your requirements , so make yourself home Β πŸ˜‰

Multiple HOST check is recommended, Because if you are using single host check script or net-watch,then it can sometimes give you false alarm for any reason like maintenance or firewall blockage .

ROS SCRIPT CODE: (Script name= wan1monΒ )

 

# Mikrotik WAN/Intenret Link monitoring SCRIPT with optional Email and SMS Alert,
# We are using local KANNEL as SMS gateway and GMAIL as email sender
# Make sure to change email settings, because without backup link, email will not be send using gmail
# by Syed Jahanzaib
# https://aacable.wordpress.com
# Email : aacable at hotmail dot com
# Script Last Modified : 16th-AUG-2017

# Setting Variables
:local i 0;
:local F 0;
:local date;
:local time;
:local sub1 ([/system identity get name])
:local sub2 ([/system clock get time])
:local sub3 ([/system clock get date])
:local company "GALAXY Pvt Ltd"
:local ISP1 "ZAIB Primary Link"
:local ISP1NICK "JZ"

# Number of Ping Count, how many times mikrotik should ping the target device
:local PINGCOUNT "5"
# Ping threshold
:local PINGTS "10"

# GMAIL SMTP DYNAMIC Config Section, Make sure to change these values to match your's / Jz
# Gmail SMTP Address / you can use resolve command too, but i prefere to use manual smtp for some reasons

# Additional Check for GMAIL SMTP Resolving.
# If gmail SMTP failed to resolve, then it should set manual IP for gmail smtp
# So that email should go even if there is a dns failure.
# By ZAIB - 18-Aug-2017

:local GMAILSMTPDNSNAME "smtp.gmail.com"
:global GMAILSMTP ""
:local RESOLVELIST {"$GMAILSMTPDNSNAME"}
:foreach addr in $RESOLVELIST do={
:do {:resolve server=8.8.8.8 $addr} on-error={:set GMAILSMTP "0";}}
:if ($GMAILSMTP = 0) do={
:set GMAILSMTP "64.233.167.108";
} else={
:set GMAILSMTP [:resolve "$GMAILSMTPDNSNAME"];
}
:local adminmail1 ADMIN_MAIL_1@hotmail.com
#below Gmail ID will be used to send alerts / email
:local gmailid "YOUR_GMAIL_ID@gmail.com"
:local gmailuser "YOUR_GMAIL_ID"
:local gmailpass "YOUR_GMAIL_PASS"
:local gmailport 587

:local SUBJECTDOWN "$[/system clock get date] $[/system clock get time] -- GALAXY_ALERT: $ISP1NICK is DOWN."
:local BODYDOWN "$ISP1 Internet Link at GALAXY DATA CENTER not responding, Please check Linkconectivity. \n\n\n\n Auto Failover Script for Mikrotik Designed by \n *** Syed_Jahanzaib ****"

:local SUBJECTUP "$[/system clock get date] $[/system clock get time] -- GALAXY_INFO: $ISP1NICK have restored."
:local BODYUP "$ISP1 Internet Link have been Restored ... \n\n\n\n Auto Failover Script for Mikrotik Designed by \n *** Syed_Jahanzaib ****"

:global ISP1STATUS;
:global ISP1LASTCHANGESTATUS;

# Setting KANNEL INFO and SMS Number for admin
:local KID "KANNEL_ID"
:local KPASS "KANNEL_PASSWORD"
:local KHOST "192.168.0.1:13013"
:local CELL1 "03002767701"

# Setting UP SMS message
:local MSGDOWN "ISP+ALERT:+$ISP1NICK+Fiber+is+now+DOWN"
:local MSGUP "ISP+INFO:+$ISP1NICK+Fiber+is+now+UP"

# Check 2 hosts via ISP1 GATEWAY for monitoring
# Just make sure you ahve static routes for these routes and additionaly blackhole route as well
:global ISP1HOST1 "193.183.98.154"
:global ISP1HOST2 "84.200.70.40"

# FAKE HOST to test script
#:global ISP1HOST1 1.2.3.4
#:global ISP1HOST2 1.2.3.4

:global WAN1STATUS;
:if ([:len $WAN1STATUS] = 0) do={
:set WAN1STATUS UP;
}

# PING each host $PINGCOUNT times
:for i from=1 to=$PINGCOUNT do={
if ([/ping $ISP1HOST1 count=1]=0) do={:set F ($F + 1)}
if ([/ping $ISP1HOST2 count=1]=0) do={:set F ($F + 1)}
:delay 2;
};

:if (($F=$PINGTS)) do={
:if (($ISP1STATUS="UP")) do={
:set ISP1STATUS "DOWN";

# Also add status in global variables to be used as tracking
:set date [/system clock get date];
:set time [/system clock get time];
:set ISP1LASTCHANGESTATUS ($time . " " . $date);

##################################################
####### FOR DOWN STATUS, CHANGE THE RULES ########
##################################################
# If the link is down, then LOG info and warning in Mikrotik LOG window [Zaib]

:log info "$ISP1NICK Gateway Not Responding. Please Check Link Connectivity..."
#:log warning "Switching to Backup Link ($ISP2) ..."
#/ip firewall connection remove [find]
# OR change routes as per your requirements
#/ip firewall nat disable [find comment="Route_SOME_traffic_To_WAN1"]
#/ip firewall nat enable [find comment="Route_SOME_traffic_To_WAN2"]
#/ip route set [find comment="PRIMARY_GATEWAY"] distance=3
:delay 2;

# "Emailing the DOWN status. . . "
/tool e-mail send to="$adminmail1" password=$gmailpass subject="$SUBJECTDOWN" from=$gmailid server=$GMAILSMTP start-tls=yes body="$BODYDOWN"

# SENDING SMS for action DOWN
/tool fetch url="http://$KHOST/cgi-bin/sendsms\?username=$KID&password=$KPASS&to=$CELL1&text=$MSGDOWN"

##################################################
####### FOR UP STATUS, CHANGE THE RULES ########
##################################################

} else={:set ISP1STATUS "DOWN";}
} else={
:if (($ISP1STATUS="DOWN")) do={
:set ISP1STATUS "UP";

# If link is UP, then LOG info and warning in Mikrotik LOG window [Zaib]
:log info "$ISP1NICK Gateway RESTORED ..."
log warning "$ISP1 Restored..."
# OR change routes as per your requirements
#/ip firewall nat disable [find comment="Route_SOME_traffic_To_WAN1"]
#/ip firewall nat enable [find comment="Route_SOME_traffic_To_WAN2"]
#/ip route set [find comment="PRIMARY_GATEWAY"] distance=3
:delay 2;

# Emailing the UP status. . .
/tool e-mail send to="$adminmail1" password=$gmailpass subject="$SUBJECTUP" from=$gmailid server=$GMAILSMTP start-tls=yes body="$BODYUP"

# SENDING SMS for action UP
/tool fetch url="http://$KHOST/cgi-bin/sendsms\?username=$KID&password=$KPASS&to=$CELL1&text=$MSGUP"

:set date [/system clock get date];
:set time [/system clock get time];
:set ISP1LASTCHANGESTATUS ($time . " " . $date);

} else={:set ISP1STATUS "UP";}
}

Scheduler to run script auto

To add scheduler to run script after every 5 minutes (or as required), use following code

/system scheduler
add disabled=no interval=5m name="Monitor WAN connectivity Scheduler / JZ" on-event=wan1mon policy=ftp,reboot,read,write,policy,test,winbox,password,sniff,sensitive,api start-date=jun/12/2014 start-time=\
00:00:00

Don’t forget to change the script name wan1monΒ in above scheduler to match the name you set for the script.

Example: on-event=wan1mon

Define Static Routes for Monitoring Host – for Route Changing

IfΒ  you are using this script to change internet route to backup link, then you must define static routes for the host you are monitoring. So that your monitored hosts should always (forcefully) go via Primary Link.

# Adding routes for the 2 monitoring host to go via primary lin
/ip route
add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=193.183.98.154/32 gateway=192.168.1.1 scope=30 target-scope=10
add comment="Force this HOST via Primary Link" disabled=no distance=1 dst-address=84.200.70.40/32 gateway=192.168.1.1 scope=30 target-scope=10

# FORCEFULLY - Adding routes for the 2 monitoring host to go in black hole if primary is not reachable (failsafe) to avoid going pkts vai wan2 for these hosts
add comment="Force this HOST via Primary Link - Black-Hole" distance=2 dst-address=193.183.98.154/32 type=blackhole
add comment="Force this HOST via Primary Link - Black-Hole" distance=2 dst-address=84.200.70.40/32 type=blackhole

Note: Make sure to change gateway 192.168.1.1 to primary internet link gateway.

BE VERY SURE TO READ FOLLOWING

https://aacable.wordpress.com/2015/09/17/monitoring-multiple-wan-links-in-pcc-using-black-hole-route-approach/

Mail Alert Notification Example: (reference purpose)

TIPS: [Internet hosts list for monitoring]

Following is list for some internet hosts that I usually monitor via the script, usefull if you want to monitor multiple wan links.

4.2.2.1
4.2.2.2
84.200.70.40
193.183.98.154
202.12.27.33
202.142.160.2
209.244.0.4
192.5.5.241
199.7.83.42

Regard’s
Syed Jahanzaib

June 5, 2014

IBM Storewize v3700 SAN Duplicate partitions showing in Windows 2008

Filed under: Uncategorized — Tags: , , , — Syed Jahanzaib / Pinochio~:) @ 10:13 AM

v3700

Recently one of our IBM Xseries 3650 M4 server faced hardware failure related to local storage. Two partitions from IBM Storwize v3700 were assigned to this system, connected with 2 QLogic FC cards connected with 2 BROCADE fiber switches for fail over.

After doing re installation of Windows 2008 R2, SAN partitions were appearing duplicate. Windows MPIO feature was enabled but still partitions were twice appearing. After applying IBM base SDDDSM MPIO updated driver, problem got solved.

Subsystem Device Driver Device Specific Module (SDDDSM) is IBM’s multipath IO solution based on Microsoft MPIO technology, it’s a device specific module specifically designed to support IBM storage devices. Together with MPIO, it’s designed to support the multipath configuration environments in the IBM Storage.

Download link is as follosw. Just a small patch , apply and restart πŸ™‚

http://www-01.ibm.com/support/docview.wss?uid=ssg1S4000350#Storwize3700

 

DESCRIPTION
DOWNLOAD
RELEASE DATE
CERTIFIED
Platform Windows Server 2008/2008
(R2 / 32bit /64bit)
SDDDSM v2.4.3.4-4		 SDDDSM 2.4.3.4-4 for Windows Server 2008
English
Byte Size 577711
8/16/13
Yes

 

Regard’s
Syed Jahanzaib

June 4, 2014

Radius Manager Dealer Panel

Filed under: Radius Manager — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:38 PM

In Radius Manager, we have an option to add MANAGER (Dealer/Reseller) so that the Dealer/Reseller can have access to his own management panel (similar to ACP but with some limitations). The Dealer/Reseller can create new users, disable , add deposit/credit in user account, invoice access and stuff like this.

You can assign various permissions to the dealer as per requirements. Following is an example of creating NEW MANAGER with minimum rights.

Goto Managers , and select NEW Manager

As showed in the image below …

d3.

Assign necessary permissions, this is important πŸ™‚

d2.

Permission Explanation:

Permissions:
β€’ List users – Can list users.
β€’ Register users – Can register new users.
β€’ Edit users – Can edit basic user data (name, address etc.).
β€’ Edit privileged user data – Allows editing privileged fields (credits, static IP).
β€’ Delete users – Can delete users.
β€’ List managers – Can list managers.
β€’ Register managers – Can register new managers.
β€’ Edit managers – Can edit managers.
β€’ Delete managers – Can delete managers.
β€’ List services – Can list services.
β€’ Register services – Can register new services.
β€’ Edit services – Can edit services.
β€’ Delete services – Can delete services.
β€’ Billing functions –
Can generate invoices.
β€’ Allow negative balance – Can refill prepaid accounts even if the reseller account is in negative balance.
β€’ Allow discount prices – Can form the service price freely (discount).
β€’ Enable canceling invoices – Enable canceling invoices (enter negative amount in Add credits form to cancel an invoice).
β€’ Access invoices – Can access invoicing functions.
β€’ Access all invoices – Can access all invoices not only the own ones.
β€’ Shown invoice totals – Display the totals in List invoices view.
β€’ Edit invoices – Can enter the payment date for postpaid invoices.
β€’ Access all users – Can access all users in the system.
β€’ List online users – Can list online users.
β€’ Disconnect users – Can disconnect users.

Card system and IAS

β€’ Card system and IAS – Can access prepaid card and IAS system.
β€’ Connection report – Can access CTS functions.
β€’ Overall traffic report – Can access traffic report.
β€’ Maintain APs – Can access AP functions.
Click the Update manager button to store the manager data.

 

Now by default this Dealer/Reseller will have zero balance, so he wont be able to add credits in users account (although he can create new accounts but these accounts are by by default EXPIRED, so in order to renew user account, the Dealer/Reseller MUST have deposit in his account)

Now add some AMOUNT in his account. Open Manager and edit that dealer.
As showed in the image below …

d1

.

Now test it via login with dealer ID and add new user. by default the new user added will be expired, and the dealer must add credit in user account. (He can also add DEPOSIT, but then user have to himself login with his user id and password to user management panel and refresh his account (with the deposited amount added by dealer).

As showed in the image below …

d4.

d5.

d6.

.

.

Binding Dealer/Reseller to Use Only Specific Services

You can also bind specific Service with specific Dealer/Reseller too. for example You dont want Dealer A to use all services, instead you want to show him specific services only. Login to ACP using ADMIN, goto Services, Open your desired services that you do or dont want to to be displayed at Dealer/Reseller A panel,

As showed in the image below …

d7

.

result can be seen here…

d8

I will write more in some free time.

.

Regard’s
Syed Jahanzaib

Non Payment Reminder for Expired Users in RADIUS MANAGER 4.x.x

Filed under: Radius Manager — Tags: , — Syed Jahanzaib / Pinochio~:) @ 12:31 PM

8-user-seeing-non-payment-page

As per requested by many friends, Following is an short guide on howto configure payment reminder for Expired users in DMASOFTLAB RADIUS MANAGER 4.x.x. I wrote this guide because its better to explain in details with snapshots here, rather then explaining to every individual.

This guide will demonstrate that if the user account is expired, he still can login to your Mikrotik / NAS, but when he will try to browse, he will be redirected to Non Payment page showing why his access is blocked. Please note that only HTTP request will be redirected, HTTPS is not supported. Example if some one tries to open HTTPS://WWW.GOOGLE.COM, he will see default browser error, but if some try to open HTTP://WWW.BBC.COM he will be properly redirected.

Scenario #1 :

[Simple one]

Mikrotik is used as NAS/pppoe server, all clients are connected to it via pppoe dialer/wifi routers.

  • LAN IP + Default DHCP Pool for customers = 192.168.1.0/24
  • Local Web Server IP which is hosting our web site + reminder page = 192.168.1.10
  • PPPoE IP Pool = 172.16.0.0/24
  • EXPIRED IP Pool to be created at Mikrotik = 172.16.100.0/24
  • WAN IP = 1.1.1.1 [irrelevant]

 

1# RADIUS MANAGER CONFIGURATION

In short, perform following steps …

  • Create a new / normal service according to your requirements, like1mb / 1 month limitation 
  • in Β Next expired service option, Select EXPIRED as Next Master Service, So when primary service expires, user service will be switched to this one.

[Note: EXPIRED service is already available in RM by default, but if you are unable to find it, then you can create it manually, just add new service with EXPIRED name and set ip pool accordingly, no expiration no speed limit, simple)

As showed in the image below …

 

11

Now Create a user in users section and assign it with the new service you just created in Β above example Β > Β 1mb / 1 month limitation

2# MIKROTIK CONFIGURATION

 

  • Add IP POOL for Expired Users

Add new IP Pool for EXPIRED pppoe users, when the user will expire, he will be assigned EXPIRED service, which will use this pool for these users

/ip pool
add name=expired ranges=172.16.100.1-172.16.100.255

 

As showed in the image below …

pool

  • Enable WEB PROXY and add rules

Now enable WEB PROXY and add deny/redirect rule so that we can redirect the EXPIRED users pool to any web server showing the non payment reminder page. You can also use EXTERNAL proxy to do the redirection like squid proxy. but in this guide i am showing only the mikrotik level things.


# First Enable Mikrotik Web-Proxy (You can use external proxy server also like SQUID)
/ip proxy
set always-from-cache=no cache-administrator=webmaster cache-hit-dscp=4 cache-on-disk=no enabled=yes max-cache-size=unlimited max-client-connections=600 max-fresh-time=3d max-server-connections=600 \
parent-proxy=0.0.0.0 parent-proxy-port=0 port=8080 serialize-connections=no src-address=0.0.0.0

# Add rule to allow access to web server, otherwise user wont be able to access the reminder page. this rule must be on top.
/ip proxy access
add action=allow comment="Allow acess to web server so expired users can view the payment reminder page. it can be locally hosted or external (on internet) as well." disabled=no dst-address=192.168.0.10 \
dst-port=""

# Now add rule to redirect expired ip pool users too local or external web server payment reminder page.
/ip proxy
add action=deny disabled=no dst-port="" redirect-to=192.168.0.10/nonpayment/nonpayment.htm

As showed in the image below …

access

 

 

Add FIREWALL REDIRECT rule in NAT SECTION

Now add REDIRECT rule in FIREWALL/NAT section, and add only pppoe users pool in default NAT rule.
This is to make sure that users with expired users are redirected to web proxy which will be deny there request and redirect to web server reminder page.
and also add pppoe valid users pool in default NAT rule src-address, so that only valid pppoe users can browse the internet.

As showed in the image below …

3

RESULT

Now when the client primary profile expires, it will switch to NEXT MASTER SERVICE which we configured to EXPIRED, thus he will get ip from EXPIRED pool, and then mikrotik will redirect to proxy which will deny its request and redirect to local payment reminder page.

As showed in the image below …

result

Additional Tip for those who uses Squid Proxy as well.

SQUID PROXY RULE TO BLOCK EXPIRED POOL RANGE

in squid.conf add these on before other ACL. (or on top)

acl expired-clients src 172.16.100.0/24
http_access deny expired-clients
deny_info http://web_server_ip/nonpayment/nonpayment.htm expired-clients

Note: Ideally web server should be on same subnet. Also make sure you allow access to web server it self otherwise page will not be display.

Another Example of code: web server ip address is 192.168.10.2 , and expired pool is 10.0.0.0/24

#first allow access to web server

acl allowed_sites dst 192.168.10.2
http_access allow allowed_sites

# then block further access for expired usersΒ  and redirect them to expired clients
acl expired-clients src 10.0.0.0/24
http_access deny expired-clients
deny_info http://192.168.10.2/nonpayment.htm expired-clients

Another working code example

/ip firewall nat
add action=masquerade chain=srcnat comment="ALLOW 8.8.8.8 DNS REQUESTS for EXPIRED USERS...." dst-address=8.8.8.8 src-address-list=expired
add action=redirect chain=dstnat comment="Redirect EXPIRED users to web proxy for non payment page redirection" dst-port=80 protocol=tcp src-address-list=expired-pool \
to-ports=50009
add action=masquerade chain=srcnat dst-address=192.168.100.1 src-address-list=expired-pool

/ip firewall filter
add action=accept chain=input comment="ALLOW DNS PORT FOR EXPIRED USERS" dst-port=53 protocol=udp src-address-list=expired-pool
add action=accept chain=input comment="ALLOW WEB PROXY PORT FOR EXPIRED USERS" dst-port=50009 protocol=tcp src-address-list=expired-pool
add action=accept chain=forward dst-address=8.8.8.8 src-address-list=expired-pool
add action=accept chain=forward dst-address=192.168.100.1 src-address-list=expired-pool
add action=accept chain=input dst-address=192.168.100.1 src-address-list=expired-pool
add action=drop chain=forward comment="BLOCK EXPIRED USERS" src-address-list=expired-pool

/ip firewall mangle
add action=accept chain=prerouting comment="allow expired users for routing to radius account expired page" src-address-list=expired-pool

/ip proxy
set cache-administrator="Syed Jahanzaib - aacable@hotmail.com" enabled=yes max-cache-object-size=1KiB max-cache-size=none port=50009
/ip proxy access
add dst-address=192.168.100.1 src-address=192.168.255.1-192.168.255.255
add action=deny redirect-to=192.168.100.1/expired.html

Regard’s
Syed Jahanzaib

Symantec Backup Exec Reference Notes

Filed under: Symentec Related — Tags: , , , , , , , , , — Syed Jahanzaib / Pinochio~:) @ 10:05 AM

13132031-1874 

First version: Year 2014
Last Updates @ 12 Sep, 2021

Recently we upgraded our SAP infrastructure with new IBM xSeries server and also replace the old IBM tape library TS3200 with TS100. In previous Windows 2003, we were using classic NTBACKUP solution to take backup on TAPE library system, but with the new windows 2008 R2 upgrade, we found that that the tape drive support have been removed from the new Server Backup tool. Therefore we were looking for some reliable backup solution which can facilitate our tape library. Finally after searching a lot, we selected SYMANTEC BACKUP EXEC 2012 (with SP4 and latest patches) as our backup solution. Last year We tested its demo and it was fulfilling our requirements and fitting under our budget. I did it’s installation and it went smooth without any errors, but it took me few days to understand how it actually works. Its GUI interface looks pretty much simple and easy to navigate, but I found it very typical to configure Tape Library for auto loading function according to job/day.

Following is a short reference notes I am posting. I will keep updating with day to day tasks and issues I face and how I manage to solve them. Symantec have great number of guides, postings at there site too, but sometimes its hard to find the correct solution when its kinda urgent.

πŸ™‚

LIST OF TOPICS

1- The VSS Writer timed out (0x800423f2), State: Failed during freeze operation (9) [4th June, 2014]

2-Β  Simplified Disaster Recovery: Howto exclude some Folders with SDR ONΒ  [5th June, 2014]

3- Backup Exec (2012 SP4) Services Credentials Lost on every Reboot [6th June, 2014]

4- V-79-57344-42009 – Failed to load the configuration xml file,Β  [6th June, 2014]

5- Barcode LabelingΒ Β  [10th June, 2014]

6- Exclude a sub-folder name “xyz” or end with .ft , from every where in specific folder/drive. [15thth July, 2014]

7- Remote Agent Service not starting at Client PC/Server / NDMP Port already in use error

8-Β error=V-79-57344-33967 /Β Final error: 0xe00084af – The directory or file was not found, or could not be accessed.

9- Account privilege Error when installing Backup Exec

10-Β Stuck on ‘Discovering Resources’

11- Using SDR (Disaster recovery) restore to other hardware using Tape (31-Aug-2022)

12- A communications failure has occurred with a System State resource

1- The VSS Writer timed out (0x800423f2), State: Failed during freeze operation (9)

If backup failed with following error:

———————————————————————-
V-79-57344-6523314.0.1798.1364eng-systemstate-backupV-79-57344-65233ENRetailWindows_V-6.1.7601_SP-1.0_PL-0x2_SU-0x112_PT-0x3 – Snapshot Technology: Initialization failure on: “\\YOURSERVER\System?State”. Snapshot technology used: Microsoft Volume Shadow Copy Service (VSS).
Snapshot technology error (0xE000FED1): A failure occurred querying the Writer status. See the job log for details about the error.

Check the Windows Event Viewer for details.

Writer Name: COM+ Class Registration Database, Writer ID: {542DA469-D3E1-473C-9F4F-7847F01FC64F}, Last error: The VSS Writer timed out (0x800423f2), State: Failed during freeze operation (9).

Writer Name: Windows Management Instrumentation, Writer ID: {A6AD56C2-B509-4E6C-BB19-49D8F43532F0}, Last error: The VSS Writer timed out (0x800423f2), State: Failed during freeze operation (9).

The following volumes are dependent on resource: “C:” “E:” .
The snapshot technology used by VSS for volume C: – Microsoft Software Shadow Copy provider 1.0 (Version 1.0.0.7).
The snapshot technology used by VSS for volume E: – Microsoft Software Shadow Copy provider 1.0 (Version 1.0.0.7).
14.0.1798.1364eng-systemstate-backupENRetailWindows_V-6.1.7601_SP-1.0_PL-0x2_SU-0x112_PT-0x3

Β Β  Β Β Β Β  Job ended: Wednesday, June 04, 2014 at 2:49:03 AM
Completed status: Failed
Final error: 0xe000fed1 – A failure occurred querying the Writer status. See the job log for details about the error.

———————————————————————-

issue this command and see if any writer is failing

vssadmin list writers

vss-writer-error.

if System Writer is TIMED OUT, then simply a system restart would fix the error auto. In my case , windows applied some updates, and when I rebooted the server, it fixed the above issue.

Writers Non-retryable error

In backup exec report, I was seeing following error

The job failed with the following error: A communications failure has occurred with a System State resource.

upon running, following cmd,

vssadmin list writers

I was seeing following error,

vssadmin 1.1 – Volume Shadow Copy Service administrative command-line tool(C) Copyright 2001-2005 Microsoft Corp.

Waiting for responses.These may be delayed if a shadow copy is being prepared.

Writer name: ‘Oracle VSS Writer – R3D’Writer Id: {26d02976-b909-43ad-af7e-62a4f625e372}Writer Instance Id: {590dbfff-51b9-478b-a83f-5345014ebc3b}State: [1] Stable Last error: Non-retryable error

To settle this, Goto Services, and restart “OracleVssWriterR3D” service. and re-run the “vssadmin list writers” command. Hopefully the error will not appear. (your db instance name may differ, adjust accordingly)

2-Β  Simplified Disaster Recovery: Howto exclude some Folders with SDR ON

Symantec provide Simplified Disaster Recovery option which you can use to restore the whole backup to bare metal system (from scratch) using SDR boot CD. However SDR forces you to backup every critical components including boot drive, system state, or any folder that SDR thinks its critical. But sometimes even excluding a non-critical component can turn off the SDR (for example in my case I was excluding a ‘backup folder’ from G: drive and SDR was turning off , possibly it was thinking that the whole G: drive was critical component for SDR.

For Example:

B1

So in order to forcefully exclude it, I had to use the following WORKAROUND by adding the drive entry in the REGISTRY manually. IMO, So pathetic that SYMANTEC have not added this option in its Backup Exec GUI, because playing with the windows registry can be very dangerous for normal administrators.

Here is an Example of the registry key. If folders from G: were to be excluded, create a new key called “User-Defined Exclusion Resources“.
Under this key create another empty key called “G:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Backup Exec For Windows\Backup Exec\Engine\Simplified System Protection\User-Defined Exclusion Resources\G:
As showed in the image below …
b2 b2-2.
.
Now if you try to exclude any folder from the particular drive (in my example it was G:) , SDR will remain ONΒ as showed in the image below ..
b3

3- Backup Exec (2012 SP4) Services Credentials Lost on every Reboot

This was very annoying that on every reboot I had to enter my domain admin credentials in the Backup Exec Services Section Otherwise I receive “Failed to start service dueto Logon Failure”. It seems BE keeps forgetting the credentials or not storing them.

Solution#1

Make sure the account you are using to manage Backup Exec, must have Rights to logon as service (and few others, read the Symantec rights assignment article) add the account in your Domain controller group policy / local security policy / users right assignment. After addition, force update using gpupdate on both ends, first server then client,

Solution#2

To sort this issue, I used BEUTILITY provided with backup exec installation.

For Windows 2008 64bit, Goto C:\Program Files\Symantec\Backup Exec and Open BEUTILITY.EXE

Add your backup exec server in the list (known computers group ,

After adding, Right click on the Server and click con CHANGE SERVICE ACCOUNT

Enter your domain admin account or any account with equivalent rights and click OK,
As showed in the images below …

b1

b2

Now restart and check if the services are starting properly πŸ™‚

At least this tricked worked for me

.

4- V-79-57344-42009 – Failed to load the configuration xml file [6th June, 2014]

Using Symantec backup Exec 2012 Sp4 , When I take full backup (SDR ON) , it completes successfully but with following error:

Job ended: Thursday, June 05, 2014 at 9:31:29 AM Completed status: Completed with exceptions

Backup- MYSERVER-79-57344-42009 – Failed to load the configuration xml file.
C:\Program Files\Symantec\Backup Exec\Catalogs\AGPSAPDEV\CatalogProcessTemporaryFolder\{6BCA5C76-6547-430D-A0D5-37251330D96D}\p2v.xml

To solve this, I applied Backup Exec 2012 Revision 1798 Hotfix 216746 and problem got solved. Download it and apply , Also dont forget to update the remote agents as well (via using BE GUI). I had to reboot the BE server also after applying this fix.

http://www.symantec.com/business/support/index?page=content&id=TECH216746

.

Β 5- BARCODE LABELINGΒ  [10th June, 2014]

In our company we have IBM TS3100 Library (which ahve 24 Cartridges slots). Using BE, I wanted to Auto Label every cartridge after the backup. I also used INVENTORY option, but it took much time. During the BE inventory process, the tape is taken from its slot, put into the tape drive to have their internal labels read and then returned to their slots.Β  This process is repeated for each tape and hence the inventory process for a TS3100 can take a long time. For my IBM TS3100 tape library with 24 tapes (only 5 Used) , an inventory of the 5 slots will take around 15-20 minutes. The tape library can identify a tape from its barcode label without having to read the internal label in the tape drive or doing other action.
When there is a need to update the status of the slots in the library in BE, you can use scan instead of inventory if you have barcode labels.Β  What scan will do is to read the barcode labels and it is done within a couple of seconds.Β  Otherwise, you would have to do an inventory

https://www-secure.symantec.com/connect/articles/using-barcode-labels-why-and-how
Some Snapshots.

1

2.

You can download the BARCODE GENERATOR from following link.

https://www-secure.symantec.com/connect/articles/using-barcode-labels-why-and-how

Just make sure that you use only 8 Digits code, and the code must be end with L5 letter. (FOR IBM LTO5 drives)

Example:

MONDAYL5

3.

For LTO5 cartridge sticker, I used following size for printing the above label.

0.56
2.75

Put your tapes with the new barcode labels and do a scan of the entire library.Make sure you don’t have a mix of tapes with and without barcode labels.

6- Exclude a sub-folder name “xyz” from every where in specific folder/drive. [25th June, 2014]

Recently I upgraded my file server from Windows 2003 NT.Backup to Windows 2008 R2 Backup Exec 2014. I have a following directory structure …

Β Β Β  MAIN_FOLDER

–Β  User1
–Β  Daily_Data
–Β  Junk_Data

–Β  User2
–Β  Daily_Data
–Β  Junk_Data

–Β  User3
–Β  Daily_Data
–Β  Junk_Data

and so on , users numbers are around 300. I want to exclude “Junk_Data” from every folder, Exclude them one by one is a lengthy task. I exclude Junk_Data from every sub folder by defining following criteria.

MAIN_FOLDER\*\Junk_data
(which means for every user folder Exclude junk_data)

Exclude all sub-folders name end with .ft from every where in specific folder/drive. [15th July, 2014]

Lotus domino have every users folder design data which are not necessary to backup. to exclude every folder which have .ft in end, use following.

123

7- Remote Agent Service not starting at Client PC/Server / NDMP Port already in use errorΒ  [27/8/2014]

Today , when I tried to backup one of our server (Lotus Sametime), Backup exec could not browse the server, When I checked at client server, backup remote agent service was not starting giving following error.

123

.

.

because of conflict with NDMP port.

SOLUTIONΒ  . At client server goto C:\WINDOWS\system32\drivers\etc and open file name SERVICES

ADD this line.

ndmpΒ Β Β Β Β Β Β Β Β  12000/tcp # Backup Exec Remote agent ndmp port changed / zaib

save and exit,

now start remote agent utility server and it will work :D, at least it did for me.

8-Β Error=V-79-57344-33967 /Β Final error: 0xe00084af – The directory or file was not found, or could not be accessed.

From past 2 days, I was getting above error, After some search on Veritas forums, it came to my knowledge Β that its a bug in 2014 version. To sort it, use following.

  1. Stop All Backup Exec Services
  2. Open comamnd prompt, navigate to Backup Exec installation folder (C:\Program Files\Symantec\Backup Exec)
  3. & run the following command
Catrebuildindex.exe -r

Now start the services or preferable restart the server ( in my case services failed to start , so i simply rebooted the server & all went fine.

9- Account privilege Error when installing Backup Exec

accnt prevelerror

IF you get above error during installation of Backup Exec, then do the following…

If you are part of domain, then open group policy editor on your domain controller, and add your user in following

  1. Backup files and directories
  2. Debug Programs
  3. Manage auditing and security log

10-Β Stuck on ‘Discovering Resources’

If your backup exec job stucks on ‘Discovering Resources’ , try following

BackupExec Solution for Job stuck on Discovering Resources – LINK

In short. Goto

11- Using SDR (Disaster recovery) restore to other hardware using Tape (31-Aug-2022)

We have SAP production server running physical on windows server 2008. Using BackupExec we take its complete (including OS/etc) using remote agent to LTO-8 TAPE library. For audit requirements, we occasionally restore it in vmware LAB. First we created SDR boot image using the BackupExec console , selected all adapters drivers for a safe side, incase if its required to be booted from the original physical server which have RAID/NIC . Then on esxi server, we create new vm , assigned it same size storage. Then booted the vm guest using SDR ISO image. With network support, we pointed towards BackupExec server, domain credentials, & it picked the last backup sets, afterwards at storage selection we were seeing following error

At physical server, we have GPT based partitions, Using Advanced Disk configuration, first I deleted all existing partition it were showing, then I right click on the disk & converted the disk type to GPT, & get back to main window (click on SAVE when it ask). This time it showed NEXT button available (MS reserved partition was still showing mismatched, but its ok to Ignore & move forward. Later it auto mounted the TAPE from the selected backup set, & every thing went smoothly till end. For a data size about 1.3 TB, it around 2 Hours to complete the restoration job.

Once the OS booted, we first installed the vmware tools, set the IP in network adapter, checked the DATE.TIME, & finally rebooted it once. Alhamdolillah ! all went well πŸ™‚

12- A communications failure has occurred with a System State resource

We are running few Windows 2008 R2 physical servers (Oracle SAP Servers). Using Veritas BackupExecΒ  , When taking complete system image for bare metal recovery purposes (SDR) , below error occurs,

A communications failure has occurred with a System State resource.

To sort this I did following,

Stop the below services from an administrator command line:

  1. net stop wuauserv
  2. net stop cryptSvc
  3. net stop bits
  4. net stop msiserver

Rename the two folders DataStore and Download which are inside the SoftwareDistribution folder or rename or delete the complete SoftwareDistribution folder (later is recommended)

Method 1:

  • Rename C:\Windows\SoftwareDistribution\DataStore to DataStoreOffline
  • Rename C:\Windows\SoftwareDistribution\Download to DownloadOffline
  • Move the SoftwareDistributionOffline and DownloadOffline folders to C:\TEMP or to another drive/folder location outside of C:\Windows directory.

Method 2: [Recommended & I followed this one)

  • Rename C:\Windows\SoftwareDistribution to SoftwareDistributionOffline
  • Move the SoftwareDistributionOffline folder to C:\TEMP or to another drive/folder location outside of C:\Windows directory. Or You may delete it

Start the below services from an administrator command line:

  1. net stop wuauserv
  2. net stop cryptSvc
  3. net stop bits
  4. net stop msiserver

Now reboot the server & try to Perform a System State or Server Backup.

Regard’s

SYED JAHANZAIB
aacable at hotmail.com
http : / /Β  aacable . wordpress . com

%d bloggers like this: