Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP11MR1 with Backup Exec 11

Created: 17 Jan 2008 • Updated: 22 May 2010 | 6 comments
I applied MR1 last Friday but every day since I did the out backup has failed within seconds of starting..
 
The server is SBS2003R2 with Backup Exec 11 and everything is patched to latest as far as i'm aware.
 
The fault appears to be that the BE Remote agent crashes as soon as the backup starts. I have removed BE 11 rebooted and then reinstalled but after this I cannot even create a backup job as the Remote Agent is required to display the selection list and the remote agent still crashes.
 
Has anyone alse seen this issue or got any suggestions as to what I should try. My next move may well be to downgrade to Backup Exec 10 or downgrade to SAV 10.2

Comments 6 CommentsJump to latest comment

JoeG's picture
I had something similar happen to me.  What I did was include the BackupExec folder in the "Centralized Exceptions" located in the policies section on SEP manager.  I also included "beremote.exe" as a "Tamper Protection File" exception. Good luck.
Chris Wilkinson 2's picture
Thanks Joe! you're a **bleep** genius. I won't know if it's fixed until i've seen it run a backup according to the schedule later tonight but' i've just managed to run one manually.
Chris Wilkinson 2's picture
Hi Joe,
 
Thanks for your help. My problem is now fixed and the backup is working again. I can see you have another post going about this but I wanted to let you know I didn't have to do anything other than follow your instructions to fix it.
 
Chris
JoeG's picture
Chris, thanks for your feedback.  Even with the exclusions I'm still getting a communications error with beremote.exe.  I've got a case open, but I'm getting little response.  Actually on the phone with Symantec right now.
 
Joe
JoeG's picture
Thought I'd update this tread.
 
SEP tech support bounced me over to BE tech support with a new case after telling me it was a BE problem.
BE support said that because my CASO server and the managed media servers had different HF levels, this was causing the communication errors. So I spent the day making sure all MMS had the same SP2 and HF31-35 that the CASO server has. They couldn't tell me why LU was downloading the HF on some servers and not others.  After rebooting all servers again I had about 7 servers bomb with comm errors. So I tried something just to see if I could prove my theory. I uninstalled SEP11 from 2 of my failing MMS and rebooted then ran a backup.  The backup finished without any problems on both servers. I've sent the results to BE support, but haven't heard from anyone yet.
 
More to follow.............................
Ongoing pain's picture

Not sure if this will help.  Try editing the policy settings for Intrusion Prevention and checking the "enable excluded hosts"/adding the backup source IPs to the list of excluded hosts.

I have a very simple SBS network and do backups using ntbackup from all of my fixed machines (desktops in the office and my server) to an external USB drive I share out from one of the XPPro clients.  Probably not the most efficient/elegant approach to backups, but it worked until I installed MR1.  It appeared the UNC was timing out after the backups would successfully start.  Turning off Network Threat Protection (the firewall) on the client with the shared drive allowed the backups to succeed.  Pointing the backups to a linux file server without SEP also allowed the backups to succeed. 

I opened a case (290-918-644) and went through extensive online troubleshooting with a tech: adding firewall rules allowing ntbackup and network file sharing.  Also turned on traffic logging for each rule set.  We also tried adding security risk scan exceptions and TruScan exceptions for ntbackup.exe.  In every case, the backups would start and after 5-8 minutes, would fail.  Finally after watching the client desktop (the one with the shared drive/backup target) during a backup, we saw a popup that indicated a "DoS" attack had been detected and the connection was being shut down for 10 minutes.  At this point, we'd beat down all the firewall rules that had been logging blockages (more on that in a minute) and the same DoS message was popping up, but no further information was being logged in the traffic logs. 

I vaguely remembered seeing a default timeout of 600s in the Intrusion Prevention setup during install.  I turned on the host exclusion for the Intrustion prevention (recommendation above), declared my internal network/subnet mask as the exclusion, and backed out all of the firewall rules and exceptions I'd been experimenting with.  All my backups started working again. 

Bottom line:  It looks like ntbackup uses UDP broadcasts that are picked up as DoS by Intrusion Prevention and the firewall exceptions don't affect the default (undocumented policies) in Intrusion Prevention.