Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

A simple restore job wont succeed

Created: 15 Jul 2013 | 2 comments

Doing a simple Solaris to Solaris restore, the image expires sometime 2014, I pick my files, and attempt to restore to the server that wrote the image.

It fails, the first error is a permission denied. Uh? Cannot read image from media id xx1234, drive index 4, permission denied.

I try and simplify it, remove the original server from the equation and restore to the master, same error. How come I cant use my own tape drives to do me a restore?

Barking.

 

sol10 sparc, nb7504, lto4 with encryption by the tape drive.

Something similar appears to be associated with KMS but my key is the same, the platform is too.

Most appreciative of any pointers.

Regards,Jim

Operating Systems:

Comments 2 CommentsJump to latest comment

mph999's picture

Can you do restores from other backup images, is it only this one backup image.
If other images do work, can you tie it down to a particular media server or client, or policy etc ...

M

 

Regards,  Martin
 
Setting Logs in NetBackup:
http://www.symantec.com/docs/TECH75805
 
wr's picture

See if this works for you from an older technote: Article URL http://www.symantec.com/docs/TECH68876

On restore, a key tag is read from the tape by bptm and the associated key is fetched from the nbkms service and passed to the drive so decryption can occur.

It is usual to specify a pass phrase when creating the key. This allows the key to be recovered from scratch if it is lost or deleted prematurely. A key is recovered using the "nbkmsutil" command; e.g.

  # nbkmsutil -recoverkey -keyname <my_key_name> -kgname <my_keygroup_name> -tag <my_tag>

The command prompts for a pass phrase. Providing the pass phrase is the same as was entered when the key was originally created, then the same key can be generated. However, if the pass phrase is entered incorrectly, a different key is generated for this key tag.

When a restore is attempted, the bptm process reads the tag from the tape and fetches the key from the nbkms service for that tag. As a key does exist for this tag it is returned to bptm and loaded into the drive. However, it is not the correct key so the drive is unable to decrypt the data. The bptm process reports this as a "Permission denied" error.

There is no "master key" or "master pass phrase" that can unlock any encrypted backup so to enable the restore to succeed, the key should be recovered with the correct pass phrase

 

 

Will Restore -- where there is a Will there is a way