Link to home
Start Free TrialLog in
Avatar of samntlam
samntlam

asked on

SBS2003 backup logs - backup indicated fail - but still completed in size!

Hi, EE:
One of SBS2003 Backup indicated fail by reading logs file then the log data also said backup completed?
This backup process has never been failed before for the past 3 years
----
in the log file, there was this one file can't opened / backup by ntbackup process... "access denied"...

We've done:
Backup media / drive checked & proof healthy
Space available
Scanned antivirus
No other backup running while this scheduled / run

Need help ASAP!
please review & offer any comment / solution from any experts
thank you!
Sam
-------
Error:
Backup Type: Normal

Backup started on 7/21/2008 at 1:04 AM.
Warning: Unable to open "C:\WINDOWS\system32\nvrsma.dll" - skipped.
Reason: Access is denied.

-------
Complete log file:


7/21/2008 1:00 AM
-------------------------------
Date: 7/21/2008
Time: 1:00 AM
User: SYSTEM
-------------------------------

Backup Runner started.
Launching NTBackup: ntbackup.exe backup "@C:\Program Files\Microsoft Windows Small Business Server\Backup\Small Business Backup Script.bks" /d "SBS Backup created on 7/21/2008 at 1:00 AM" /v:yes /r:no /rs:no /hc:off /m normal /j "Small Business Server Backup Job" /l:s /f "S:\SBS Backup\Backup Files\Small Business Server Backup (01).bkf" /UM
NTBACKUP LOG FILE: C:\Documents and Settings\SBS Backup User\Local Settings\Application Data\Microsoft\Windows NT\NTBackup\data\backup08.log
=====================<BEGIN NTBACKUP LOG FILE>=====================
Backup Status
Operation: Backup
Active backup destination: File
Media name: "Small Business Server Backup (01).bkf created 7/21/2008 at 1:00 AM"

Volume shadow copy creation: Attempt 1.
Backup (via shadow copy) of "C: Server"
Backup set #1 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Media name: "Small Business Server Backup (01).bkf created 7/21/2008 at 1:00 AM"

Backup Type: Normal

Backup started on 7/21/2008 at 1:04 AM.
Warning: Unable to open "C:\WINDOWS\system32\nvrsma.dll" - skipped.
Reason: Access is denied.


Backup completed on 7/21/2008 at 2:10 AM.
Directories: 7404
Files: 102102
Bytes: 21,792,748,237
Time:  1 hour,  6 minutes, and  52 seconds
Backup of "SERVER01\Microsoft Information Store\First Storage Group"
Backup set #2 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Media name: "Small Business Server Backup (01).bkf created 7/21/2008 at 1:00 AM"

Backup Type: Normal

Backup started on 7/21/2008 at 2:10 AM.
Backup completed on 7/21/2008 at 2:12 AM.
Directories: 4
Files: 5
Bytes: 1,792,058,158
Time:  1 minute and  48 seconds
Backup (via shadow copy) of "System State"
Backup set #3 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Media name: "Small Business Server Backup (01).bkf created 7/21/2008 at 1:00 AM"

Backup Type: Copy

Backup started on 7/21/2008 at 2:12 AM.
Backup completed on 7/21/2008 at 2:15 AM.
Directories: 253
Files: 2911
Bytes: 634,740,920
Time:  2 minutes and  55 seconds

----------------------

Verify Status
Operation: Verify After Backup
Active backup destination: File
Active backup destination: S:\SBS Backup\Backup Files\Small Business Server Backup (01).bkf

Verify of "C:"
Backup set #1 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Verify started on 7/21/2008 at 2:15 AM.
Verify completed on 7/21/2008 at 2:24 AM.
Directories: 7404
Files: 102102
Different: 0
Bytes: 21,792,748,237
Time:  9 minutes and  0 seconds

Verify of "SERVER01\Microsoft Information Store\First Storage Group"
Backup set #2 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Verify started on 7/21/2008 at 2:24 AM.
Verify completed on 7/21/2008 at 2:25 AM.
Directories: 4
Files: 0
Different: 0
Bytes: 1,792,058,158
Time:  50 seconds

Verify of "System State"
Backup set #3 on media #1
Backup description: "SBS Backup created on 7/21/2008 at 1:00 AM"
Verify started on 7/21/2008 at 2:25 AM.
Verify completed on 7/21/2008 at 2:25 AM.
Directories: 253
Files: 2911
Different: 0
Bytes: 634,740,920
Time:  17 seconds

----------------------

=======================<END NTBACKUP LOG FILE>=====================
NTBackup finished the backup with errors.

For more information about failed backups, see the article on troubleshooting your backup at the following Web page: http://go.microsoft.com/fwlink/?LinkId=18414

Backup ended at Monday, July 21, 2008 2:25 AM
Backup Runner finished.

SOLUTION
Avatar of sysreq2000
sysreq2000

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of samntlam
samntlam

ASKER

you mean... that's it! still good as excepted from backup log?
sysreq2000:
my question was....
can I "still" make it (backup) perfect like it was before? so that I won't get any fail email messages from the server notification report
Sorry i clicked too soon!
thanks
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sysreq2000,
Sound good!
I did a full scanned before posted my question, no virus infection from the sbs2003 box
i am thinking of manually remove or delete that file from the directory? what's your expert recommendation?
I did not saw a similar file like it on any other sbs2003 boxes.
thank you!
sam
SOLUTION
Avatar of Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Jeff,
How're you?
it's good to hear from you and I was hoping you would jump in... and thanks!
------
Nivlesh
I will try it and get back to you on my report and result
thank you both for your comments - suggestions & patient...
deeply appreciated
----

here's the situation,
when i took over the responsible of this box. I done a scanned - cleaned and removed some low risk virus and also cleaned up the registry and that was months ago!
plus there wasn't any other issue and all and all, the box was healthy and still stand solidly...
----
last week - company has visitors in bound to make a inspection of their merchandises that they have requested wireless access. and there you go....!
----
After the virus scanned and detected virus named "infostealer.gampass" from the same box, I also found out there was this file named "nvrsma.dll" hiding under:
"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"st" = "1" (removed-deleted)
and,
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"zjpInit_Dlls" = "nvrsma" (removed - deleted)
----------

that was after NTBACKUP reported back that backup has failed even though all sizes are the same except one file couldn't copied due to "access denied"

Now... when I do a search and saw that the file still sitting in the same directory inside system32 folder. knowing ntbackup scheduler eventually will notify - send failure email alert once the backup scheduler is being running...

I can always follow "sysreq2000" 's recommendation to exclude it from backup tool & exclude. but that's not what I am asking here...

I can download & run any spywares application as "Nivlish" recommended except this is not a final solution for me and this company!

I can "googling","reading" all links offered which I've already done and familiar!

I have to make a decision of what's the best solution for this company & my question needed  "solutions" in order to get the file remove - delete ONCE & for ALL!

Please note that I did NOT submitted my question and asking - putting any body's recipe into the ingredients on my own SOUP!

I only asked of a taste of your soup & from all experts and their opinions especially experiences to allow me to review, test & make a proper decision and move on to get this thing resolve!

Please forgive me if I offended EE as I was being frustrated but here at EE, I am 100% sure that I can always uses some or all of the suggestions - recommendations as I've received from those closed question in the past...

thanks
Sam

SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
sysreq2000:
I've logged on as administrator and do an "exclude" file process but that doesn't seem to works?
maybe I done some thing wrong here!
do you have a specific instruction on this backup, tool exclude process you can post here?
thanks!
Sam
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Jeff,
that's what I need to hear!
YOU BOOST MY CONFIDENT@!
I was thinking about that step due to my work has related mostly on diagnostic - trouble-shooting from XP Workstation to scan - clean & remove those virus from my experience (not on Server, though)
I will try it off-peak time
hank you very much!
sam
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Haha...
I actually thought of that (when I surf through hidden (enable hidden file - folder)  folder directory. You know what... it doesn't shown any! but that's an excellent point & suggestion, thanks!

Nivlesh,
One reason why i didn't want to perform / running any of those spywares - scan - cleaning program recommended (links) from all E.E.

they are "free" (some of them) and it could be another added on issue if it (they) doesn't run the way I expected...
I don't need any more trouble.

Jeff has indicated "safe mode" deletion and that was the only way & method I still want to try.

thank you, both!
Sam
Please note:
I didn't hear from sysreq2000 about backup/tool/exclude instance - instruction
I have made few changes to this SBS2003 backup process
1) disable original SBS Backup created under SMC / backup
2) run NTBACKUP and select "C" drive included SystemState
3) excluded "nvrsma.dll" from weekly backup scheduled

Plan to work this box on Sunday to remove - delete file from safe mode.
...
Sam
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Jeff,
Not because you're my number one go to guy~!
but because I don't think it's SAFE to download anything that was for free and let those programs run a physical check on your Server!@

Well... maybe for mind at home (testing) but definitely not a good practice to to put a mice on my client's Server.
No way...

I shall get back to you on the safe mode task!
thank you!
Sam
Jeff,
safe mode still can't delete - remove the file.
does rename it works?
Sam
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Sorry, Jeff.
I should post the whole situation!
I meant with the unlocker program installed & executed, it can't be delete!
that's why I ask if I may pick the rename it
Sam
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Ok, thank you Jeff.
and, thank you:
Nivlesh
sysreq2000
sincerely
Sam...