An Engineers Notebook

Restoring System State on a Domain Controller from Backup Exec on a fresh OS

When doing this I hit problem after problem so it’s worth creating a guide.

Background

A clients server had been hacked and was infected with ransom ware. They attackers destroyed Exchange and SQL and many other OS components. The best resolution seemed to be a complete rebuild and restore from backups. 

When installing Backup Exec, I changed the installation path for the application so that it was something like C:Program FilesSymantecBackup Exec Recovery so that when the restore is done later it does not interfere with itself. I did the same for the SQL install.

Problems Hit:

1. After installing backup exec, I was unable to catalog the data on the backup disks. To resolve this I had to follow this guide.

https://www.veritas.com/support/en_US/article.TECH142684

HOWEVER : It didnt work. What I needed to do was:

  • Stop Backup Exec services
  • Copy the “Catalog” folder from the old installation (I recovered this from Windows.Old)
  • Paste it over the new backup location.

Start Backup exec and now when clicking restore I could see the data.

2. Once booted into AD Repair mode I encountered a problem where Backup Exec services would not start. I resolved this by ensuring the following local security policies were set (secpol.msc)

Add the account for the Active Directory Repair account into the following policies:

Like this : ServerAdministrator

Also, before booting into AD restore mode, set the Backup Exec services to run using the “Local System” account and ensure you tick the “Allow service to interact with Desktop” checkbox.

Backup Exec then started OK.

3. I was then getting a permissions error when trying to restore system state. This was because the account that Backup Exec was installed with was “DomainUsername”. 

To get around this, you have to change the account that it was set up with. CREATING A NEW ACCOUNT FOR THE LOCAL AD RESTORE ACCOUNT DOES NOT WORK.

Leave a Reply

Your email address will not be published.