Backup Exec – the bane of my existence. Part 1.
This is one of those times I'm glad to have a blog - a place that I can write down my thoughts for Google eternity to go back on.
Backup Exec. I've been using it since version 9 when it was still Veritas and unlike a fine wine, it has not been getting better with age. 9 was the last good version. I never had any problems with it and backups and restores were never a hassle.Version 9 and I were friends.
I don't remember 10 and 10d very well, but I do remember the amount of pain they caused me. 10d was also when Symantec re-branded the product and marks when the software really started to take a nose dive.
Fast forward to 11. It's now Symantec Backup exec. Symantec adds a really nice (sounding) feature called GRT, or Granular Restore Technology. In previous versions, Backup Exec had to back up the entire mail store and you had to go through a lengthy process if you wanted to restore individual mailboxes or email messages. Not so with GRT.
I remember being very excited about this feature and the moment I got the upgrade I turned it on. Backups worked well enough. The usual random failures for no particular reason.
One day I received a call from my boss asking if I could restore a mailbox for an ex-employee. The ex-employee needed a couple of emails for a personal matter and had left on good terms. I said "No problem boss, I'll get right on it," like the good PFY I was.
I set up the restore job, ran it, and Backup Exec told me which tape to insert. I slapped the tape the tape drive. The job starts, gets almost all the way to the end and then fails. Oh crap.
Typical error message from hell... you know, the one that doesn't actually tell you anything. This was before they had a functional knowledge base.
I called Symantec for support and was connected to the usual under-trained tech support employee. To make a long story short, after a fair amount of troubleshooting the guy said that it was a known issue. What was a known issue? You couldn't restore a mailbox if the mailbox owner had an email signature. Right.
In the next part of this series, I go over Backup Exec 12.5 and my constant battle for working backups as well as outline a few fixes that seem to resolve most Backup Exec errors.
vSphere U1, 1 down, 1 to go.
Good news first - in my previous blog post I had mentioned that there was a serious bug with updating to ESX 4 U1 and HP SIM agents. This has been resolved, U1 has been re-released and people should not have this issue any more (I have not tested this myself). That KB article has been updated and is available here.
The bad news is that there is now a bug with U1 and vCenter if it manages ESXi hosts.
It does not seem nearly as drastic as the previous issue I blogged about, but you should be aware of it. For now, it seems that you can avoid running into it by not adding, removing and then readding an ESXi host to vCenter.
Stay tuned for my next post (possibly a series?) about backups.
vSphere Update 1 and HP SIM agents
Phew - I'm glad I waited a little bit before installing vSphere update 1!
Turns out there's a nasty bug that will PSOD (purple screen of death) your vSphere hosts when updating if you are running HP SIM agents.
You can find the information here.
The document says that you should stop the HP agents on your host before updating. I can verify that this worked for me. I can also verify that not doing this will cause a PSOD - a colleague of mine had it happen.
This is exactly why I always wait at least a week after any major update... to see if it made the news.
vSphere Update 1 is out!
Apparently as I lay in bed in dreamland last night VMWare released vSphere update 1 - took long enough!
Update 1 brings several notable improvements:
• vSphere client works in Windows 7 - without a hack!
• You can run Windows 7 and Windows Server 2008 R2 as guest operating systems.
• View 4.0 support.
• Improved MSCS support.
• PVSCSI for 2003 and 2008.
• Improved dvswitch performance.
• 25 vCPU's per core!
• Support for Intel Xeon 3400 Series.
• And a whole lot of bug fixes.
No USB pass-through fix, and it seems like there are more known issues than fixed. To be fair, one of my VMWare colleagues mentioned that there were more known issues when 4 released than now, and most of these have existed since then.
For those of you with ESXi free, it's not available yet. No word on when it will be released - sorry!
Reports are already coming in of successful deployments, and I will probably update myself during next week’s rather large maintenance window (read: Thanksgiving).
Cisco AnyConnect, LDAP, and you.
I recently discovered that Cisco had released a much cheaper version of their AnyConnect client alongside their ASA 8.2 release. AnyConnect Essentials runs $150 (list price, so for Cisco, chop off an average of 35%) and allows for up to 250 concurrent connections on my ASA 5510. Previously you either had to settle for their IPSec client or their Premium AnyConnect license. From my own impressions, Cisco had given up on their IPSec client... no 64 bit client? Hello? Their more expensive AnyConnect license included features that I didn't need and was something obscene like $150/user.
Enter AnyConnect essentials. You can install it by going to your ASA's IP address and logging in. It downloads the client which is about 1.5MB compressed, and connects you. Bam! Instant SSL encrypted VPN tunnel. In testing it appears to work really well. I've tried the client on XP, Vista, 7, and Linux and I like it. I'll be deploying this to my company very soon.
Like most things Cisco, just because you can do it doesn't mean it's easy to do (or easy to find relevant information for). In my case, I wanted to implement the AnyConnect software with LDAP and allow different groups access to different resources depending on Active Directory group memberships.
After an hour or so of using Google, I found a few documents that really helped me (and hopefully you!):
Configuring AnyConnect VPN Client Connections
ASA 8.0: Configure LDAP Authentication for WebVPN Users
PIX/ASA 8.0: Use LDAP Authentication to Assign a Group Policy at Login
I hope that helps - if you need any help, leave a comment and I'll see what I can do