Backup Exec and Amazon S3 error

 

I was trying to test Veritas Backup Exec 15 to connect to  Amazon S3 for Cloud backups.  I wanted to test this out before getting into the online backup world. One thing after calling Backup Exec support is that they fixed some connectivity problems in Feature Pack 4.  So download and install that first.

Now I followed the instructions in article

https://www.veritas.com/support/en_US/article.000081253

1. First you create your free Amazon Account. Sorry I don’t have screenshots for this, but this should be pretty self-explanatory.

http://docs.aws.amazon.com/AmazonS3/latest/gsg/SigningUpforS3.html

2. Then you create a Bucket

http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html

3. Then you Create Your Access Key which in turn creates a secret access Key. Follow these instructions. Download these and keep them in a safe place.

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html

If you follow the rest of the instructions in the Veritas support article you will not be able to connect. Here is the part missing from the instructions. If this your first time using Amazon S3 like myself, you may have missed.

You will get an error in backup exec when trying to connect if you didn’t set any permissions on the bucket.  The error that I received was in Backup exec.

Unable to configure Amazon S3 on BE 15, Error: BEMSDK Failure Code: A0009B23

You must now grant access to the bucket to the account

4. To Grant Permissions to the Bucket
   1. In the AWS Console Go to the IAM Management Console by clicking on Services and IAM.   Go to Policies Menu.
   2. I think at first it says “get started” click that, then click the “Create Policy” button, then click “Create Your Own Policy”
   3. Fill in your name for the policy and the description.
   4. Then modify the example from AWS and modify the permissions to your needs.

Here’s an example from AWS to allow access to a bucket

http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html

Here is what mine looked like. I have named my bucket “backupexec” below. (Sorry I use the free version of WordPress so i don’t have the Code plugin – copy it from the link above)

"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3::: backupexec"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3::: backupexec/*"
}
]
}

Now you would think that you could change the version number at the top to any date.  Well in my testing you are wrong.  Keep the date the same.  I don’t know why from my research I got mixed answers and since I am testing this I don’t have the time or energy to figure out why.

You would get this error when clicking the Validate the Policy button on the bottom.

This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar, see AWS IAM Policies.

 

5. Now go to “Users” select your user, Go to Permissions, and Attach the policy that you created and named above.

Thanks to the following article for this blog for help on this creating and understanding the permissions to the bucket:

http://mikeferrier.com/2011/10/27/granting-access-to-a-single-s3-bucket-using-amazon-iam/

 

Hope this saves someone time trying to go through Veritas support.  After I set the permissions it worked perfectly.  I was able to save and restore with no problems.

Here’s some information on Amazon S3 Storage Classes

https://aws.amazon.com/s3/storage-classes/

Here’s a calculator on pricing for these storage classes

http://calculator.s3.amazonaws.com/index.html

 

 

 

 

Windows 2008 Terminal Services Stops Accepting Connections

All of the sudden my Windows 2008 Enterprise Terminal server stopped accepting connections.  I had about 30 users who couldn’t connect including administrators. I was looking all over the place for a fix and thought it could even be that i was out of licenses as I had 25 installed but 35 in use.  It turned out not to be that.  One error that i was getting was

Event ID 56

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.

After trying several things, including reactivating the server  using the “corrupt certificate” reason, and installing a hotfix that resolves issues related to terminal server certificates here’s how i fixed it. On the Terminal server, i opened up MMC and added Certficates snap-in for the Computer Account.   I went to the “Remote Desktop” >> “Certificates” folder and backed up the certificates that were there, Then I deleted them. I rebooted the server, which recreated those certificates.  Then i could connect with both admin accounts and non admin accounts.  I hope this post saves someone some time.

Credit to these two posts for helping me figure this out

http://blogs.technet.com/b/askperf/archive/2010/03/25/the-curious-case-of-event-id-56-with-source-termdd.aspx

http://arstechnica.com/civis/viewtopic.php?t=1131179

The exact event id.

Log Name:      System
Source:        TermDD
Date:          4/13/2015 2:59:59 PM
Event ID:      56
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      mytermserver.mydomain.com
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;
<System>
<Provider Name=”TermDD” />
<EventID Qualifiers=”49162″>56</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2015-04-13T18:59:59.865Z” />
<EventRecordID>643544</EventRecordID>
<Channel>System</Channel>
<Computer>mytermserver.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Termdd</Data>
<Binary>00000400010000000000000038000AC00000000038000AC00000000000000000000000000000000030030980</Binary>
</EventData>
</Event>

Sonicwall and Kiwi Syslog 9.4.1

I could not get my sonicwall NSA2400 to log to a syslog server. I used Kiwi 9.4.1 Free version and no matter what i did it would not log the messages.  I followed the steps in the following article with no luck

http://www.kiwisyslog.com/help/syslog/index.html?configure_sonicwall.htm

I had to end up putting the IP address of the device in the input tab and it finally started capturing. i don’t remember having to do that in the past. Hope this saves someone some time.

sonicwallKiwi

Exchange Event 7024

Yesterday we had an issue where the exchange information store would not start after a reboot. Our environment is Microsoft Exchange 2007 with all the update rollups installed, running on Windows 2008 R2 VM. The issue started out as all attachments being stripped from users emails.  We tried to restart all exchange and other services to try and resolve the problem and the information store suddenly would not start.  After a few hours of troubleshooting and finding no great information on google, i tried disabling the McAfee Security for Exchange Service, then rebooted the server, and the information store started right up.  The specific error I got was:

The Microsoft Exchange Information Store service terminated with service-specific error %%-2147467259.

A repair of the Mcafee Security for Exchange resolved the issue with the Mcafee product.  I hope this helps someone out.

Restoring A Mailbox Using a Backup and Exchange Recovery Storage Group

My environment is Exchange 2007. I had a user whose exchange folders all dissapeared, we tried to restore it from Veeam and it gave some error about a Domain Controller or something like that which after speaking with Veeam they told us we couldn’t restore it using their methods. I ended up going with the Exchange Recovery Group Method found here.

http://technet.microsoft.com/en-us/library/aa997694.aspx

A helpful discussion about this is located here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24860312.html

First I created a separate disk on the exchange server because I didn’t have enough space on the hard drive that my exchange install was located on (it was a VM so I just added a 200gb drive to it) I assigned F:\ to it.

I restored the EDB and log files from my backup to “F:\First Storage Group” initially. I copy these later into the RSG

Some helpful commands before you start to see what your databases are named and what storage groups you have setup. If you’re not used to using the powershell these commands will help you out.


[PS] C:\Windows\system32>get-mailboxdatabase

Name Server StorageGroup Recovery
—- —— ———— ——–
Mailbox Database FLEMAIL First Storage Group False
Mailbox Database FLEMAIL Recovery121013 True

[PS] C:\Windows\system32>get-storagegroup
Name Server Replicated Recovery
—- —— ———- ——–
Second Storage Group FLEMAIL None False
First Storage Group FLEMAIL None False
Recovery121013 FLEMAIL None True

If you look above, I called my recovery group ”Recovery121013” which I created in the steps below. My database is just the default of exchange called “Mailbox Database” if you’re wondering why there are 2, one is my current live exchange database and the other one is the one i created in the steps below which is why it already says recovery. My email server is called “FLEMAIL”

So to wrap it up here’s the parameters I’m going to enter into the commands below:

<Server_Name> = FLEMAIL
<path_to_logfiles> = F:\First Storage Group
<RSG_Name> = Recovery121013
<Database_Path> = F:\First Storage Group\RSG
<database_name> = Mailbox Database

Here are the steps I used to create the recovery group and database and then restore the mailbox:

• First Create the RSG

Here’s the command syntax

new-storagegroup -Server <Server_Name> -LogFolderPath <path_to_Logfiles> -Name <RSG_Name> -SystemFolderPath <Database_Path> -Recovery

Here’s the command I ran. I’m basically creating the Recovery Storage Group in a folder called RSG. The Recovery Storage Group is called Recovery121013

new-storagegroup -Server FLEMAIL -LogFolderPath "F:\First Storage Group\RSG" -Name "Recovery121013" -SystemFolderPath "F:\First Storage Group\RSG" –Recovery

• Now I copy my “Mailbox Database.EDB” file and all the log files into the RSG folder that it just created, located in “F:\First Storage Group”
• Now I add a recovery database called “Mailbox Database” to the RSG using the following command

Here’s the command syntax:

new-mailboxdatabase -mailboxdatabasetorecover <Database_Name> -storagegroup <Server_Name>\<RSG_Name> -EDBFilePath <Database_Path>

Here’s the command I ran:

new-mailboxdatabase -mailboxdatabasetorecover "Mailbox Database" -storagegroup FLEMAIL\Recovery121013 -EDBFilePath "F:\First Storage Group\RSG\Mailbox Database.edb"

• The next step was to check to see if the database was in a clean shutdown state. I ran this command to check to see if it was and it was dirty so I had to clean it up.

eseutil -mh "F:\First Storage Group\RSG\Mailbox Database.edb"

• Since it was in a dirty state I had to run the eseutil on it:

eseutil /r E00 /l "F:\First Storage Group\RSG" /d "F:\First Storage Group\RSG"

• Now you set your recovery databases to allow overwriting

Heres the syntax of the command:

set-mailboxdatabase -identity <Server_Name>\<RSG_Name>\<Database_Name> -AllowFileRestore:$True

Here’s the command I ran:

set-mailboxdatabase -identity "FLEMAIL\Recovery121013\Mailbox Database" -AllowFileRestore:$True

• Now that you have a clean recovery database, you can mount it

Here’s the syntax of the command:

mount-database -identity <Server_Name>\<RSG_Name>\<Database_Name>

Here’s the command I ran:

mount-database -identity "FLEMAIL\Recovery121013\Mailbox Database"

• Next I create a user called in the “live” exchange called “john smith temp” and restore the mailbox there. You can actually restore it to the original mailbox or whereever you would like (see link at the beginning of this article for different options), for my purposes I used a temporary mailbox. It basically created a folder called “John Smith Temp” with all the users data within the mailbox by the same name.

NOTE: I ended up getting this error message: “Error occurred in the step: Moving messages. This mailbox exceeded the maximum number of corrupted items specified for this move mailbox operation” so i had to add the BadItemLimit flag to the end of the command. I put 1000 just in case. After this it restored correctly

Here’s the syntax:

Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email'

Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'Recovery121013\Mailbox Database' -id 'John Smith Temp' -TargetFolder 'JsmithTemp Email' –BadItemLimit 1000

I haven’t removed anything yet, but I believe these are the commands to remove the database and RSG after your done with it. Please do more research on this as I have not completed it

Remove-MailboxDatabase -identity FLEMAIL\"Recovery Storage Group"\"Mailbox Database"

Remove-Storagegroup -identity FLEMAIL\"Recovery Storage Group"

Safari crashes on Google Docs

Hi, when using Safari 6.05 and opening up Google Docs word documents, it would force close.I was able to fix the solution by right clicking on the safari icon in Applications, then selecting Get Info, and then unchecking run in 32bit mode.

Just a note: It actually wasn’t doing this on spreadsheets. Hope this helps someone out.

Move ASPNETDB from local machine to a SQL Server (quick way)

I had a ASPNETDB database with a bunch of users, roles, etc that I setup that I had been using for quite a few years, and it functioned fine using SQL Express.  It would just sit in the App_Data folder and any time I needed to work on the asp.net site I would just make sure not to overwrite the one on the server.   Not wanting to spend a lot of time on this I needed a quick and easy way to move this to a central location where I wouldn’t be in danger of accidentally overwriting the current  ASPNETDB  .  I also needed it to be properly be backed up accessed remotely.  Basically I just attached it to a production SQL Server 2008 R2 that I had onsite and changed my connection string in my web.config.  Here’s the instructions:

1. Copy the most up to date ASPNETDB.mdf and ASPNETDB_log files up to your server and place them in whatever directory  you want .
2. Open SQL Management Studio.
3. Attach the aspnetdb.mdf file by right clicking on databases and clicking attach.
4. I think by default it names the database with the full path of the database, so I just renamed mine to ASPNETDB.
5. Go to your web.config file and put in the following string under the connectionstrings section:


<remove name="LocalSqlServer"></remove>

<add name="LocalSqlServer" connectionString="Data Source=MySQLServer;Initial Catalog=ASPNETDB;Persist Security Info=True;User ID=myusername;Password=mypassword" providerName="System.Data.SqlClient" />

That should be it. I loaded up my ASP.net pages and it functioned like it normally does.

Exchange 2007 Outlook anywhere RPC endpoint 6004 error

I was attempting to get outlook anywhere to work. My environment is Exchange 2007 SP3 with the latest rollup package (as of 2/27/13) running on W2K8R2. I am using a UCC certificate from godaddy with my external name “mail.mydomain.com” and my Subject Alternative Names are autodiscover.mydomain.com; MYINTERNALSRVNAME.mydomain.com; etc…

This is a small environment so every exchange role is installed on the same server.
The error pops up when I run the RPC over HTTP test at
https://www.testexchangeconnectivity.com

and get an error on the following test:

Attempting to ping RPC endpoint 6004 (NSPI Proxy Interface) on server.

I checked a few things on this:
1. I made sure that the “valid ports” registry key in HKLM/Software/Microsoft/RPC/RpcProxy had the following:

“MYMXINTERNALSRVNAME:6001-6002;MYMXINTERNALSRVNAME:6004;MYMXINTERNALSRVNAME..com:6001-6002;MYMXINTERNALSRVNAME.mydomain.com:6004”

2.I added my internal server name to my DNS hosts (I’m not sure if this made a difference) I’m going to remove it and test at a later time.

3. Following someone’s advice (and what I really think solved the problem) was that I edited the hosts file on the exchange server and put in 2 entries (192.168.1.10 is my internal ip address for my exchange server)
192.168.1.10 MYMXINTERNALSRVNAME
192.168.1.10 MYMXINTERNALSRVNAME.mylocaldomain.com

This seemed to solve the problem with that 6004 error. I believe it has something to do with an IPv6/IPv4 incompatibility problems with Outlook Anywhere/rpcoverhttp.

More info at:
http://technet.microsoft.com/en-us/library/db543644-c252-47ee-a70b-4f60770083dc.aspx

FreeNAS won’t boot from USB

I was setting up FreeNAS 8.03 and ran into a problem when trying to boot off the USB stick as is recommended by the FreeNAS documentation.  I am using a Dell Poweredge R610, and It kept locking on the F1:FreeBSD screen. The solution to this was to go into the BIOS, into Boot Options and change the USB Emulation to Hard Disk. After this it booted properly off the USB drive.

I found the answer at the bottom of the forum the following link which has another solution as enabling the EHCI Hand Off BIOS setting. Not sure what kind of brand of server/bios this was but it may point you in the right direction.

http://forums.freenas.org/archive/index.php/t-1921.html

Hope this saves someone some time.

Convert OEM Version of Windows Server 2003 to a VMWare Virtual Machine (P2V)

One thing that’s a problem with converting to a vm, is if you have an OEM version of Windows installed. An OEM license is tied to the hardware that you have it was installed on which means that you cannot move this to another machine. The problem arises when you have been using that server for years, have a lot of software and settings on it, the hardware is getting old, and you need to convert it to a VM.  When you convert it to a VM, Windows Activation notices that an OEM license is installed on new hardware, and basically will not allow you to login and will shut the server down.  The most frustrating part about this is that you may have a valid open license,  but W2k3 does not allow you to upgrade the license by any conventional means.

NOTE: W2k8 DOES allow you to switch licenses, so if you have an OEM license installed, BEFORE you convert it, you simply need to right-click on Computer, go to properties, and click “change key” towards the bottom, enter your valid key, and it should convert with no licensing problems.

My environment is I am using VMWare ESXi, 5.x

NOTE: This should be done in a test environment only after a valid backup to your server.  I am merely providing you with instructions that worked for me. They may not work for you. I am not responsible if this does not work or something does not work properly for you. It shouldn’t be a problem since you will not be altering the original server, and if something goes wrong or you run out of time, you can just delete the VM and turn the original machine back on.  Just in case always have a backup of your machine before you try anything.

To do this you must have the following, if you don’t have these, then don’t start the project:

1. A valid open Windows 2003 license for either the 32bit or 64bit version that you are converting to a virtual machine.
2. A valid W2k3 Volume License CD or ISO.  You may need use Disk 2 of the server install so keep that in mind.  If you’re using ISO’s you should mount both of the disks before you start the VM, that way you don’t have to worry about it.
3. Download VMware-converter  (I used version 5.0.0-470252)
4. Obviously a working vmware server.
5. A timetable of around 3-5 hours depending on how big your server takes to convert, your internet connection speed to download/install the updates.

Here are the steps:

1. Install all Windows security updates to your W2k3 installation before you do this and make sure it is working properly after. This is important because you will most certainly need to reinstall all of these updates later before your server works properly.
2. Use vmware converter to convert your server to a virtual machine.
3. If possible shut down your old W2K3 server.
4. If using ISO Files, upload them to your datastore (do this by using vsphere client to connect to your VMWare server, click on the Summary tab, Rt-Click on your Datastore under the resources column, and choose browse datastore)
5. Right click your newly created VM, and click “Edit Settings”
6. Click “Add” and choose “CD/DVD Drive”
7. Add the CDRom of your virtual server, OR If you have iso files, then choose the path to the ISO files that you copied. If you have disk1 and disk 2, then add 2 drives. Make sure that Connected And/Or Connect at Power On is checked.
8. While still in the “Edit Settings” screen, go to the “Options” tab, then click on “Boot Options” and click the box to force you into the bios settings.
9. At this point you may want to shut down the original server so there are no conflicts.
10. Open the console for the VM and start the machine
11. It should boot to the BIOS, Go to boot options \, and make sure your cd rom is the first boot device.
12. Save settings and exit, Let it boot, press any key to boot from the CD
13. Choose “Install”, then when it finds your operating system, then repair it.
14. It will now do all of the install, and reboot, and ask you to enter the CD Key in which you enter your Volume License key, let it run the install, it should take you to the login screen and allow you to login
15. Now you want to install VMWare Tools. Do this in Vsphere Client by going to the VM menu, then Guest, then “install/upgrade VMWare Tools”. it takes about 20 seconds for the install dialogue box to come up so be patient.
16. Now you need to install updates from Windows update until there are no more (even with the SP2 install, there were a ridiculous amount) and if everything goes ok you should be good. If it gives you an error when clicking Windows Update See The Notes Below.
17. Change the IP address in Windows to that of the old server, remember to  shut down the old server.

Note: When changing the IP address in Windows it will give you an error about a hidden network adapter, that was the adapter that was part of your physical box on your other machine.

Note: On one machine, when trying to click Windows Update from the IE Tools menu I got an error “the requested lookup key was not found in any active activation context”  To resolve this I opened up a run prompt, navigated to c:\windows\ie8\spuninst\  and ran spuninst.exe. This uninstalled IE8 and restored the update functionality in IE6.