Solved

After enabled Auditing on folder & Files - archive bit gets reset

Posted on 2008-10-03
10
929 Views
Last Modified: 2013-12-04
Experts,

Environment:
OS:   Windows Unified Data Storage server - Windows 2003 standard R2.
Role: File server
HW : Dell Power Vault NX series.
Backup SW: Veritas Netbackup.

Problem:
We use to take weekly full backu and daily incremental backup - file server data is >1TB.
Recently we enabled auditing on folders and files for DELETE & DELETE SUBFOLDERS AND FILES.

Now incremental backup is not happening - everytime it takes only full backup.
we know why this happens - archive bit is getting reset.

We got this article: http://seer.support.veritas.com/docs/277419.htm, but it is GP related.

Thanks in advance.
>>>> Veera.
0
Comment
Question by:Veerappan Sundaram
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
10 Comments
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22636837
Did you enable the auditing on files and folder on the servers or via group policy.
It looks like you manually changed the auditing permissions on the server, but still a group policy is with different setting is applied on the server...

Probably you can run rspo.msc from the server and try to identify the settings on the group policy....
to view the applied gp's on the server run gpresult on the server
0
 
LVL 9

Author Comment

by:Veerappan Sundaram
ID: 22636889
Raja,
Thanks for the response.

Auditing was not done through GP.
We enabled it directly on the folders, because it is not for all the folders.
only few subfolders which are critical.

>>>> Veera.
0
 
LVL 18

Expert Comment

by:sk_raja_raja
ID: 22637117
Veera,
1.Does the inc backup fail or skips the folder ?
2.Did you check for any errors on the backup log?
3.Any errors on the Event log of the server.

Also,Basically, after each file gets backed up its archive bit gets reset.
So then it depends on how your backup job failed. Netbackup has the habit of flagging a job as failed even when files actually have been backed up.

Check your job log. The files that were backed up would have their archive bit reset. The ones that didn't back up, wouldn't
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 55

Expert Comment

by:McKnife
ID: 22644537
If you setup auditing, the SACL of the file gets altered and this is a change to the file so the archive bit is reset. But this should only happen once, so the second backup afterwards should be incremental again. Did you really already run subsequent backups?
0
 
LVL 9

Author Comment

by:Veerappan Sundaram
ID: 22649581
Raja,
1. Inc. backup does not fail, instead it takes a full backup everytime.
2. No errors because backup never fails.
3. No errors on the event logs too.

McKnife,
Yes. As you mentioned it should reset the archive bit only once when we enable the auditing.
But in our case, we are not sure what is going on in the background. But everytime we run incremental it takes full backup only for those folder where we enabled auditing. Backup on other folders are good.

>>>> Veera.
0
 
LVL 55

Accepted Solution

by:
McKnife earned 500 total points
ID: 22652972
Veera, local group policy is required to enable auditing. You activated auditing in two steps, first you edited the security settings of the file (auditing section), then you turned on audit object access in secpol.msc/gpedit.msc. And that local policy does background refresh the settings just like a domain policy, so the MS -kb-article you mention seems to be applicable and your problem. Ask MS for the patch.
0
 
LVL 9

Author Comment

by:Veerappan Sundaram
ID: 22657466
Thanks McKnife.
We have not used group policy to enable auditing. We enabled auditing directly from Advanced option of security settings.

Do we really need GP?
what is the impact If we enable it directly?

>>>> Veera.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 22661370
There is no "enabling it directly". The settings at the auditing tab have no effect as long as you don't modify the auditing policy either via gpedit.msc/secpol.msc or via domain group policy. Please check your policy: secpol.msc - local policies - audit policy. To enable logging, audit object access has to be configured.
0
 
LVL 9

Author Comment

by:Veerappan Sundaram
ID: 22685370
Thanks McKnife.

Yes. we have enabled "Audit Object Access" in our Group Policy.
So, we need to apply the hotfix specified here http://seer.support.veritas.com/docs/277419.htm.
We will apply this hotfix during our regular maintenance window and update you.

Thanks again to make me clear on this.

>>>> Veera.  
0
 
LVL 9

Author Closing Comment

by:Veerappan Sundaram
ID: 31502780
Thanks to make me understand few things on Auditing which I did not know earlier.
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Do you want to know how to make a graph with Microsoft Access? First, create a query with the data for the chart. Then make a blank form and add a chart control. This video also shows how to change what data is displayed on the graph as well as form…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question