Backup Exec and Amazon S3 error

Leave a comment

 

I was trying to test Veritas Backup Exec 15 to connect to  Amazon S3 for Cloud backups.  I wanted to test this out before getting into the online backup world. One thing after calling Backup Exec support is that they fixed some connectivity problems in Feature Pack 4.  So download and install that first.

Now I followed the instructions in article

https://www.veritas.com/support/en_US/article.000081253

  1. First you create your free Amazon Account. Sorry I don’t have screenshots for this, but this should be pretty self-explanatory.

http://docs.aws.amazon.com/AmazonS3/latest/gsg/SigningUpforS3.html

  1. Then you create a Bucket

http://docs.aws.amazon.com/AmazonS3/latest/gsg/CreatingABucket.html

  1. Then you Create Your Access Key which in turn creates a secret access Key. Follow these instructions. Download these and keep them in a safe place.

http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSGettingStartedGuide/AWSCredentials.html

If you follow the rest of the instructions in the Veritas support article you will not be able to connect. Here is the part missing from the instructions. If this your first time using Amazon S3 like myself, you may have missed.

You will get an error in backup exec when trying to connect if you didn’t set any permissions on the bucket.  The error that I received was in Backup exec.

Unable to configure Amazon S3 on BE 15, Error: BEMSDK Failure Code: A0009B23

You must now grant access to the bucket to the account

  1. To Grant Permissions to the Bucket
    1. In the AWS Console Go to the IAM Management Console by clicking on Services and IAM.   Go to Policies Menu.
    2. I think at first it says “get started” click that, then click the “Create Policy” button, then click “Create Your Own Policy”
    3. Fill in your name for the policy and the description.
    4. Then modify the example from AWS and modify the permissions to your needs.

Here’s an example from AWS to allow access to a bucket

http://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_examples.html

Here is what mine looked like. I have named my bucket “backupexec” below. (Sorry I use the free version of WordPress so i don’t have the Code plugin – copy it from the link above)

"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:ListAllMyBuckets",
"Resource": "arn:aws:s3:::*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3::: backupexec"
},
{
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3::: backupexec/*"
}
]
}

Now you would think that you could change the version number at the top to any date.  Well in my testing you are wrong.  Keep the date the same.  I don’t know why from my research I got mixed answers and since I am testing this I don’t have the time or energy to figure out why.

You would get this error when clicking the Validate the Policy button on the bottom.

This policy contains the following error: The policy must contain a valid version string For more information about the IAM policy grammar, see AWS IAM Policies.

 

  1. Now go to “Users” select your user, Go to Permissions, and Attach the policy that you created and named above.

Thanks to the following article for this blog for help on this creating and understanding the permissions to the bucket:

http://mikeferrier.com/2011/10/27/granting-access-to-a-single-s3-bucket-using-amazon-iam/

 

Hope this saves someone time trying to go through Veritas support.  After I set the permissions it worked perfectly.  I was able to save and restore with no problems.

Here’s some information on Amazon S3 Storage Classes

https://aws.amazon.com/s3/storage-classes/

Here’s a calculator on pricing for these storage classes

http://calculator.s3.amazonaws.com/index.html

 

 

 

 

Windows 2008 Terminal Services Stops Accepting Connections

Leave a comment

All of the sudden my Windows 2008 Enterprise Terminal server stopped accepting connections.  I had about 30 users who couldn’t connect including administrators. I was looking all over the place for a fix and thought it could even be that i was out of licenses as I had 25 installed but 35 in use.  It turned out not to be that.  One error that i was getting was

Event ID 56

The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.

After trying several things, including reactivating the server  using the “corrupt certificate” reason, and installing a hotfix that resolves issues related to terminal server certificates here’s how i fixed it. On the Terminal server, i opened up MMC and added Certficates snap-in for the Computer Account.   I went to the “Remote Desktop” >> “Certificates” folder and backed up the certificates that were there, Then I deleted them. I rebooted the server, which recreated those certificates.  Then i could connect with both admin accounts and non admin accounts.  I hope this post saves someone some time.

Credit to these two posts for helping me figure this out

http://blogs.technet.com/b/askperf/archive/2010/03/25/the-curious-case-of-event-id-56-with-source-termdd.aspx

http://arstechnica.com/civis/viewtopic.php?t=1131179

The exact event id.

Log Name:      System
Source:        TermDD
Date:          4/13/2015 2:59:59 PM
Event ID:      56
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      mytermserver.mydomain.com
Description:
The Terminal Server security layer detected an error in the protocol stream and has disconnected the client.
Event Xml:
<Event xmlns=”http://schemas.microsoft.com/win/2004/08/events/event”&gt;
<System>
<Provider Name=”TermDD” />
<EventID Qualifiers=”49162″>56</EventID>
<Level>2</Level>
<Task>0</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime=”2015-04-13T18:59:59.865Z” />
<EventRecordID>643544</EventRecordID>
<Channel>System</Channel>
<Computer>mytermserver.mydomain.com</Computer>
<Security />
</System>
<EventData>
<Data>\Device\Termdd</Data>
<Binary>00000400010000000000000038000AC00000000038000AC00000000000000000000000000000000030030980</Binary>
</EventData>
</Event>

Sonicwall and Kiwi Syslog 9.4.1

5 Comments

I could not get my sonicwall NSA2400 to log to a syslog server. I used Kiwi 9.4.1 Free version and no matter what i did it would not log the messages.  I followed the steps in the following article with no luck

http://www.kiwisyslog.com/help/syslog/index.html?configure_sonicwall.htm

I had to end up putting the IP address of the device in the input tab and it finally started capturing. i don’t remember having to do that in the past. Hope this saves someone some time.

sonicwallKiwi

sonicwallKiwi

Exchange Event 7024

Leave a comment

Yesterday we had an issue where the exchange information store would not start after a reboot. Our environment is Microsoft Exchange 2007 with all the update rollups installed, running on Windows 2008 R2 VM. The issue started out as all attachments being stripped from users emails.  We tried to restart all exchange and other services to try and resolve the problem and the information store suddenly would not start.  After a few hours of troubleshooting and finding no great information on google, i tried disabling the McAfee Security for Exchange Service, then rebooted the server, and the information store started right up.  The specific error I got was:

The Microsoft Exchange Information Store service terminated with service-specific error %%-2147467259.

A repair of the Mcafee Security for Exchange resolved the issue with the Mcafee product.  I hope this helps someone out.

Restoring A Mailbox Using a Backup and Exchange Recovery Storage Group

4 Comments

My environment is Exchange 2007. I had a user whose exchange folders all dissapeared, we tried to restore it from Veeam and it gave some error about a Domain Controller or something like that which after speaking with Veeam they told us we couldn’t restore it using their methods. I ended up going with the Exchange Recovery Group Method found here.

http://technet.microsoft.com/en-us/library/aa997694.aspx

A helpful discussion about this is located here:

http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_24860312.html

First I created a separate disk on the exchange server because I didn’t have enough space on the hard drive that my exchange install was located on (it was a VM so I just added a 200gb drive to it) I assigned F:\ to it.

I restored the EDB and log files from my backup to “F:\First Storage Group” initially. I copy these later into the RSG

Some helpful commands before you start to see what your databases are named and what storage groups you have setup. If you’re not used to using the powershell these commands will help you out.


[PS] C:\Windows\system32>get-mailboxdatabase

Name Server StorageGroup Recovery
—- —— ———— ——–
Mailbox Database FLEMAIL First Storage Group False
Mailbox Database FLEMAIL Recovery121013 True

[PS] C:\Windows\system32>get-storagegroup
Name Server Replicated Recovery
—- —— ———- ——–
Second Storage Group FLEMAIL None False
First Storage Group FLEMAIL None False
Recovery121013 FLEMAIL None True

If you look above, I called my recovery group ”Recovery121013” which I created in the steps below. My database is just the default of exchange called “Mailbox Database” if you’re wondering why there are 2, one is my current live exchange database and the other one is the one i created in the steps below which is why it already says recovery. My email server is called “FLEMAIL”

So to wrap it up here’s the parameters I’m going to enter into the commands below:

<Server_Name> = FLEMAIL
<path_to_logfiles> = F:\First Storage Group
<RSG_Name> = Recovery121013
<Database_Path> = F:\First Storage Group\RSG
<database_name> = Mailbox Database

Here are the steps I used to create the recovery group and database and then restore the mailbox:

  • First Create the RSG

Here’s the command syntax

new-storagegroup -Server <Server_Name> -LogFolderPath <path_to_Logfiles> -Name <RSG_Name> -SystemFolderPath <Database_Path> -Recovery

Here’s the command I ran. I’m basically creating the Recovery Storage Group in a folder called RSG. The Recovery Storage Group is called Recovery121013

new-storagegroup -Server FLEMAIL -LogFolderPath "F:\First Storage Group\RSG" -Name "Recovery121013" -SystemFolderPath "F:\First Storage Group\RSG" –Recovery

  • Now I copy my “Mailbox Database.EDB” file and all the log files into the RSG folder that it just created, located in “F:\First Storage Group”
  • Now I add a recovery database called “Mailbox Database” to the RSG using the following command

Here’s the command syntax:

new-mailboxdatabase -mailboxdatabasetorecover <Database_Name> -storagegroup <Server_Name>\<RSG_Name> -EDBFilePath <Database_Path>

Here’s the command I ran:

new-mailboxdatabase -mailboxdatabasetorecover "Mailbox Database" -storagegroup FLEMAIL\Recovery121013 -EDBFilePath "F:\First Storage Group\RSG\Mailbox Database.edb"

  • The next step was to check to see if the database was in a clean shutdown state. I ran this command to check to see if it was and it was dirty so I had to clean it up.

eseutil -mh "F:\First Storage Group\RSG\Mailbox Database.edb"

  • Since it was in a dirty state I had to run the eseutil on it:

eseutil /r E00 /l "F:\First Storage Group\RSG" /d "F:\First Storage Group\RSG"

  • Now you set your recovery databases to allow overwriting

Heres the syntax of the command:

set-mailboxdatabase -identity <Server_Name>\<RSG_Name>\<Database_Name> -AllowFileRestore:$True

Here’s the command I ran:

set-mailboxdatabase -identity "FLEMAIL\Recovery121013\Mailbox Database" -AllowFileRestore:$True

  • Now that you have a clean recovery database, you can mount it

Here’s the syntax of the command:

mount-database -identity <Server_Name>\<RSG_Name>\<Database_Name>

Here’s the command I ran:

mount-database -identity "FLEMAIL\Recovery121013\Mailbox Database"

  • Next I create a user called in the “live” exchange called “john smith temp” and restore the mailbox there. You can actually restore it to the original mailbox or whereever you would like (see link at the beginning of this article for different options), for my purposes I used a temporary mailbox. It basically created a folder called “John Smith Temp” with all the users data within the mailbox by the same name.

NOTE: I ended up getting this error message: “Error occurred in the step: Moving messages. This mailbox exceeded the maximum number of corrupted items specified for this move mailbox operation” so i had to add the BadItemLimit flag to the end of the command. I put 1000 just in case. After this it restored correctly

Here’s the syntax:

Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'RSG\Mailbox Database' -id 'Allison Brown' -TargetFolder 'JSmith Email'

Restore-Mailbox -RSGMailbox 'John Smith' -RSGDatabase 'Recovery121013\Mailbox Database' -id 'John Smith Temp' -TargetFolder 'JsmithTemp Email' –BadItemLimit 1000

I haven’t removed anything yet, but I believe these are the commands to remove the database and RSG after your done with it. Please do more research on this as I have not completed it

Remove-MailboxDatabase -identity FLEMAIL\"Recovery Storage Group"\"Mailbox Database"

Remove-Storagegroup -identity FLEMAIL\"Recovery Storage Group"

Safari crashes on Google Docs

Leave a comment

Hi, when using Safari 6.05 and opening up Google Docs word documents, it would force close.I was able to fix the solution by right clicking on the safari icon in Applications, then selecting Get Info, and then unchecking run in 32bit mode.

Just a note: It actually wasn’t doing this on spreadsheets. Hope this helps someone out.

Move ASPNETDB from local machine to a SQL Server (quick way)

Leave a comment

I had a ASPNETDB database with a bunch of users, roles, etc that I setup that I had been using for quite a few years, and it functioned fine using SQL Express.  It would just sit in the App_Data folder and any time I needed to work on the asp.net site I would just make sure not to overwrite the one on the server.   Not wanting to spend a lot of time on this I needed a quick and easy way to move this to a central location where I wouldn’t be in danger of accidentally overwriting the current  ASPNETDB  .  I also needed it to be properly be backed up accessed remotely.  Basically I just attached it to a production SQL Server 2008 R2 that I had onsite and changed my connection string in my web.config.  Here’s the instructions:

  1. Copy the most up to date ASPNETDB.mdf and ASPNETDB_log files up to your server and place them in whatever directory  you want .
  2. Open SQL Management Studio.
  3. Attach the aspnetdb.mdf file by right clicking on databases and clicking attach.
  4. I think by default it names the database with the full path of the database, so I just renamed mine to ASPNETDB.
  5. Go to your web.config file and put in the following string under the connectionstrings section:


<remove name="LocalSqlServer"></remove>


<add name="LocalSqlServer" connectionString="Data Source=MySQLServer;Initial Catalog=ASPNETDB;Persist Security Info=True;User ID=myusername;Password=mypassword" providerName="System.Data.SqlClient" />

That should be it. I loaded up my ASP.net pages and it functioned like it normally does.

Older Entries