Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Backup Exec 2012 Password protected tapes

Created: 31 Aug 2012 • Updated: 04 Sep 2012 | 5 comments
This issue has been solved. See solution.

Some of our remote offices have been been running BE 12.5 with password protected media. Our new server running in the datacenter is installed with BE 2012. Are we able to do restores from the password protected media, or do we need to install BE 2012 R3 (or older)? I can't find anywhere to type in the password when doing catalog/restores

Comments 5 CommentsJump to latest comment

AmolZeroCool's picture

Refer to http://www.symantec.com/docs/TECH194494

Amol

MCITP | STS | SCP 
______________________________________________________________
If this response answers your query, do mark it as a solution
SOLUTION
Colin Weaver's picture

Hmm Backup Exec 12.5 also used Encryption and NOT Media Passwords are you sure you have 12.5 - OR was 12.5 originally upgraded from a much older version of Backup Exec where Media Passwords were enabled?

If you were using Encryption then you have to add the same encryption passphrases into 2012 to do the restore.

If you somehow were using Media Passwords then AmolZeroCool's answer applies.

 

Be aware that if you are planning an upgrade from a Backup Exec version using Media Passwords to a version that uses Encryption it is recommended to either remove the passwords from all the configured jobs before the upgrade or to delete and recreate all the jobs after the upgrade. This is because there is no way to manipulate the Media Password configuration in the jobs after the upgrade but the configuration might still be used. This could result in a Backup Administrator being unaware that he is using Media Passwords and then unable to restore at a later date (especially if it is a new Backup Administrator that never knew the specific Media Password that was set before the upgrade). This could explain how 12.5 is still using Media Passwords, however if it does then please recreate all of the jobs (they must be deleted don't edit them) and recreate them with Encryption defined.

PCmannen's picture

Thanks for the info, but I still have problems restoring the data. This is what happens:
 

- Run default inventory and catalog: Job failes with; The password provided in the job properties doesn't match the password for this media

- Following information provided bu AmolZeroCool: Alert; The encryption key required by this set (key name: <username>) cannot be retrieved. To Catalog this set, click Application Menu > Configuration and Settings > Backup Exec Settings, click Network and Security > Manage Keys, and then create a key using the same pass phrase and encryption type as the original key.

I've tried to do as stated but the alert still keeps comming with the same info.

The information I have about the site is as follows: Site installed 14.03.2008 (BE v10d?), Upgraded 09.12.08 (BE v12), Upgraded 21.04.09 (BE v12.5). Backup from June 2012 (last backup before site was terminated)

 

Colin Weaver's picture

Hmm OK if the administrator at the time was using 10D media passwords and they upgraded without either removing the passwords before the upgrade OR deleting and recreating the jobs after the upgrade, then you will need to know what media password was in use at the time and add this into the properties of the catalog job when you go to run the catalog. If you do not know this password then you have a bit of a problem. So I guess the key question here is do you have that password? If you do not have the password, then you may need a specialist data recovery company to assist with extracting the data from the tape (which would be in MTF format)

If you are in this state then I would recommend immediately recreating any jobs that may have existed in 10D as these jobs will probably still be using media passwords even though you cannot see the configuration and can cause problems like this when it comes to a restore if your catalogs are missing (see below)

If you have edited jobs that came from 10D that had media passwords and added Encryption to them as well then you will need both the encryption key and the media password to catalog them and a Specialist Data Recovery Company will NOT be able to help because of the encryption.

If the catalog for the media still exists on the server, then even if a media password was accidentally in use you should still be able to restore, media passwords disable the ability to catalog the media.

 

Oh and if you do know the password then the Tech  article already given involving BEMCLI is the way to use media passwords in 2012 and I am not sure why someone has given that post a negative mark.

PCmannen's picture

I've found that the password for the media is correct, so the tech article is the correct way to solve the problem if the tapes was only password protected. So the tech article answers my original question.

To bad someone has encrypted the tapes as well, and it seems like they have used an undocumented encryption key / passphrase. To bad the original server is gone and the only thing I have is the tapes. Thanks for the information, both to Colin Weaver and AmolZeroCool