[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Backup Exec 10 does it work in more than 2 AD Domain?

Posted on 2006-03-31
16
Medium Priority
?
312 Views
Last Modified: 2013-12-01
Hi,

This is my first posting, apologies for the English grammar.

I have Backup Exec 10 install in Win2K server - Primary AD let us call "ABC". I have another Primary AD let us call "DEF".
They are in same subnet, can ping IP Addresses. Can go to the Network Neighborhood. But my Backup Exec 10 cannot backup the files in Domain "DEF".
I am sure it is the right password. Do I need to configure the network protocols?
Error below
===============================================================================
The Media Server was unable to connect to Remote Machine SERVER01. The machine could not be found on the network.
The Media Server will fall back on the local agent to try and complete the operation.
================================================================================

hope you can help me with this, as I will add more domain in my network.

JPYPH
0
Comment
Question by:jpyph
  • 5
  • 5
  • 2
  • +2
14 Comments
 
LVL 12

Expert Comment

by:Rant32
ID: 16341260
Are you able to browse to the server using the network neighbourhood? PING is a command that uses DNS if configured, but Backup exec uses the NetBIOS name of the server. Configure a WINS server if possible.

Secondly, the account you're using to run Backup Exec (the service account) needs permissions on the remote domain to function.

If the remote host is a domain controller, then add the service useraccount to the local Administrators group and the Backup Operators group in the DEF domain. If the remote server is a domain member (non-dc) then add the service account to the local Administrators and Backup Operators group on the server.
0
 
LVL 5

Expert Comment

by:shankshank
ID: 16346103
Make sure DNS is working correctly, and ping by using the hostname. If you cannot ping with the hostname, then that is your problem. You can do a quick workaround by creating an hosts file on each machine with the proper IPs specified.
0
 
LVL 8

Expert Comment

by:Disorganise
ID: 16346919
I suspect you may need to create a trust between the domains in order to grant the backup account sufficient access.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:jpyph
ID: 16347104
hi disorganise,

Any workaround  without using trust? I don;t like using trust it makes my servers slow.

Thanks for the info
0
 

Author Comment

by:jpyph
ID: 16347109
Hi shankshank,

I can ping the hostname, but it so happen that the media server (where the BE is installed) is my DNS server. When I ping it gives me Public IP address. Do you think that is the problem?

Thanks

0
 
LVL 12

Expert Comment

by:Rant32
ID: 16347119
Yeah, create all domains in the same forest.
0
 

Author Comment

by:jpyph
ID: 16347133
Hi rant32,

I can go to the DEF server in my Network neighborhood. Also, I've just installed WINS Server on my media server then add the private IP Address of DEF. But still the C$ and D$ on the BackupExec interface is still grayed out.

I have not tried putting the service account yet, but will let you know what is the result of this.

BTW, remote agent and AOFO are installed on DEF just to let you guys know.

Thanks
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16347141
Usually the public IP address should not be in the AD DNS zone. I recommend to disable dynamic DNS registration for the WAN network interface, and then delete the public IP address from the DNS zone. Make sure the LAN/private IP address is there.

Also check the binding and adapter order on the Advanced properties in the Network Connections control panel. The LAN adapter should be listed first.
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16347171
If you can see the shares, C$ and D$ then I'm quite sure this is a permissions problem, so either with the trust (if the 2 domains are not within the same forest) or the service account is not a local Administrator. By making it a backup operator you can circumvent NTFS permissions for backup purposes.
0
 

Author Comment

by:jpyph
ID: 16347274
Hi RANT32,


1. BackupExec Server -> Server1 (name of server) -> ABC (Name of Domain)
2. The one to backup -> Server2 (name of server) -> DEF (Name of Domain)

Should I add something like this in Server2?

BKSERVICE -> then put in the logon this account in the BE remote agent service?

Thanks

0
 
LVL 8

Expert Comment

by:Disorganise
ID: 16347946
Is there a particular reason why you're using different domains?  I see in your question that you are considering adding more domains.  you do realise you can delegate most rights to OU's?  the only real problem is domain admins - which I guess is one reason for many domains.  however, if you make a 'placeholder  domain' and then add all your other domains as child domains to the placeholder, there is automatic trusts and your DA's are still separate.  You still have Enterprise Admin of course, but that's easily addressed by having only one member and locking the password in the safe for schema changes and the like only.

Anyways...can you map a network drive to the other domain?  eg" net use ? \\server2\c$ /user:DEF\BackupAccount"
where BackupAccount is replaced by a valid userwith sufficient rights (like DA).  This will at least prove whether you can talk to the other domain correctly or not.  I've seen some switches in the past that somehow interfere with such communications.  Let's rule that out first before worrying about the application.
0
 

Author Comment

by:jpyph
ID: 16348306
net use ? \\server2\c$ /user:DEF\BackupAccount is successful.

Different domains for security reasons, I've got a 3 suppliers handling the DEF server. I don't want it to be included in ABC domain as it is for our office use. The DEF server are web servers with diff web applications, there is no need to be included in my ABC domain.

I hope this explains.

Thanks
0
 
LVL 12

Expert Comment

by:Rant32
ID: 16349015
In this case I think you should also test

net use ? \\server2\c$ /user:ABC\BackupAccount

(note the ABC instead of DEF) because the backup application is in ABC, right? The BE service account runs with ABC domain credentials.

If Server2 does not accept ABC domain accounts then you should create a one-way trust from DEF to ABC. You don't want ABC to trust DEF. This is also the only way to make ABC user-accounts member of the local Administrators/Backup Operators groups, which is a requirement anyway.

jpyph, you're completely right about not putting the DEF server in your office domain for security reasons. But I also agree with Disorganise here - a seperate sibling domain in the same forest does not automatically receive rights to do anything in another domain. You just don't have to take care of the trusts anymore. But maybe it's a bit late to change any of that.
0
 
LVL 9

Accepted Solution

by:
David_Fong earned 500 total points
ID: 16355160
Always worked fine cross-domains for me, just use Hosts file if needed and specify  a user/domain/passwd in the foreign domain under the jobs credentials tab. Install RANT32 directly on the target machine if you haven't got the permissions available to push it from the BE console / service account. Never dared tell a customer to change his AD/DNS just to suit the backup software even if they have got multiple forests for no logical reason.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your phone running out of space to hold pictures?  This article will show you quick tips on how to solve this problem.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question