Backup Central

Hello,

I am trying to get a client backed-up via a dedicated interface.

Client primary interface: 140.x.y.1, with dns of client1.domain.tld
Client dedicated backup interface: 10.x.x.1, no DNS.

Server primary interface: 140.x.y.2 with dns of server1.domain.tld.
Server dedicated backup interface: 10.x.x.2, with dns of
server1-priv.domain.tld.

In the client's Globals 1 of 2 tab, I have entered
"server1-priv.domain.tld" for Server network interface field.

The client is 2008 R2 with a C:, D:, and two iscsi-attached mount
points. Using save set "All".

The "OSSR_C" and "OSSR_B" save sets generate traffic across the
server's primary interface;

All other save sets fail with "error, permission denied. 'SYSTEM on
'10.x.x.1' must have remote access privilege to client
'client1.domain.tld'.

Is the solution to add a PTR record for the client's dedicated backup
interface also resolve to 'client1.domain.tld' ? Or must each
interface have a host name wither access permissions to the original
client name?

I'm sure I missed something obvious, however doing as the error
message says appears to have no effect.

Thank you.


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

Eugene,

You need to put "server1-priv.domain.tld" in the NetWorker client's server's file, then restart NetWorker on the client.

On 10 17, 2011, at 12:47 PM, Eugene Vilensky wrote:

Hello,

I am trying to get a client backed-up via a dedicated interface.

Client primary interface: 140.x.y.1, with dns of client1.domain.tld
Client dedicated backup interface: 10.x.x.1, no DNS.

Server primary interface: 140.x.y.2 with dns of server1.domain.tld.
Server dedicated backup interface: 10.x.x.2, with dns of
server1-priv.domain.tld.

In the client's Globals 1 of 2 tab, I have entered
"server1-priv.domain.tld" for Server network interface field.

The client is 2008 R2 with a C:, D:, and two iscsi-attached mount
points. Using save set "All".

The "OSSR_C" and "OSSR_B" save sets generate traffic across the
server's primary interface;

All other save sets fail with "error, permission denied. 'SYSTEM on
'10.x.x.1' must have remote access privilege to client
'client1.domain.tld'.

Is the solution to add a PTR record for the client's dedicated backup
interface also resolve to 'client1.domain.tld' ? Or must each
interface have a host name wither access permissions to the original
client name?

I'm sure I missed something obvious, however doing as the error
message says appears to have no effect.

Thank you.


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

On Mon, Oct 17, 2011 at 12:06 PM, STANLEY R. HORWITZ <stan < at > temple.edu> wrote:
Eugene,

You need to put "server1-priv.domain.tld" in the NetWorker client's server's file, then restart NetWorker on the client.

Hi Stan,
I apologize I left this out of my original message, but this has been done.

Right now for giggles I edited my server's /etc/hosts file to reflect
client1.domain.tld as 10.x.x.1 and everything works as expected. I
hope to figure out why the OSS_R and OSS_C save sets were able to
complete while the others generated the "access" message.


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

Unfortunately, the message is not perfectly clear:

>> All other save sets fail with "error, permission denied. 'SYSTEM on '10.x.x.1' must have remote access privilege to client 'client1.domain.tld'. <<

One solution could be that you add the appropriate User in the User Group and assign the privilege 'Remote Access All Clients'.

The other potential solution is to add the appropriate entry (obviously SYSTEM@10.x.x.1) in the client's 'Remote Access' list (Globals 2/2 tab).

And of course, the name resolution must be uniquely possible at all times, either via DNS or hosts file.

Is a DNS entry required for the client's dedicated backup interface?
Sent via mobile.

-----Original Message-----
From: bingo <networker-forum < at > BACKUPCENTRAL.COM>
Sender: EMC NetWorker discussion <NETWORKER < at > LISTSERV.TEMPLE.EDU>
Date: Mon, 17 Oct 2011 12:57:10
To: <NETWORKER < at > LISTSERV.TEMPLE.EDU>
Reply-To: NETWORKER < at > LISTSERV.TEMPLE.EDU
Subject: [Networker] "Dedicated interface for client backup/recover operatio

Unfortunately, the message is not perfectly clear:

All other save sets fail with "error, permission denied. 'SYSTEM on '10.x.x.1' must have remote access privilege to client 'client1.domain.tld'. <<

One solution could be that you add the appropriate User in the User Group and assign the privilege 'Remote Access All Clients'.

The other potential solution is to add the appropriate entry (obviously SYSTEM < at > 10.x.x.1) in the client's 'Remote Access' list (Globals 2/2 tab).

And of course, the name resolution must be uniquely possible at all times, either via DNS or hosts file.

+----------------------------------------------------------------------
|This was sent by carsten_reinfeld < at > avus-cr.de via Backup Central.
|Forward SPAM to abuse < at > backupcentral.com.
+----------------------------------------------------------------------


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

DNS or hosts file - whatever you like.

But what should this DNS/hosts file entry be? The client is
configured on the server with the DNS name of the primary interface.

On Mon, Oct 17, 2011 at 4:57 PM, bingo
<networker-forum < at > backupcentral.com> wrote:
DNS or hosts file - whatever you like.

+----------------------------------------------------------------------
|This was sent by carsten_reinfeld < at > avus-cr.de via Backup Central.
|Forward SPAM to abuse < at > backupcentral.com.
+----------------------------------------------------------------------


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER



via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

What do you mean? Name resolution is independent of NW configuration.

I am just mentioning it because you stated:
"Client primary interface: 140.x.y.1, with dns of client1.domain.tld
Client dedicated backup interface: 10.x.x.1, no DNS."

Or do you mean FQDN? - It does not really matter as long as short and FQDN resolve the same IP.

tisdag 18 oktober 2011 03:58:47 skrev du:
But what should this DNS/hosts file entry be? The client is
configured on the server with the DNS name of the primary interface.

E.g. hostname-bu
Then you alias that hostname-bu to hostname in the NW client settings.

Best
Dag


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

On Mon, Oct 17, 2011 at 11:40 PM, bingo
<networker-forum < at > backupcentral.com> wrote:
What do you mean? Name resolution is independent of  NW configuration.

I am just mentioning it because you stated:
"Client primary interface: 140.x.y.1, with dns of client1.domain.tld
Client dedicated backup interface: 10.x.x.1, no DNS."

Or do you mean FQDN? - It does not really matter as long as short and FQDN resolve the same IP.

That's what I don't follow:

If I have a set FQDN of the server's dedicated backup interface, a
different FQDN of server primary interface, and configure the client
entry via the FQDN of the client's primary interface, do I need to set
a name for the client's dedicated backup interface?

Thanks,
Ev


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

On Tue, Oct 18, 2011 at 12:42 AM, Dag Nygren <dag < at > newtech.fi> wrote:
tisdag 18 oktober 2011 03:58:47 skrev du:
But what should this DNS/hosts file entry be?  The client is
configured on the server with the DNS name of the primary interface.

E.g. hostname-bu
Then you alias that hostname-bu to hostname in the NW client settings.

Thank you. I still receive "'System' on 'hostname-bu' must have
remote access privileges to client 'hostname'," after setting
hostname-bu as client alias.


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

On 18/10/11 13:41, Eugene Vilensky wrote:
On Tue, Oct 18, 2011 at 12:42 AM, Dag Nygren <dag < at > newtech.fi> wrote:
tisdag 18 oktober 2011 03:58:47 skrev du:
But what should this DNS/hosts file entry be? The client is
configured on the server with the DNS name of the primary interface.

E.g. hostname-bu
Then you alias that hostname-bu to hostname in the NW client settings.

Thank you. I still receive "'System' on 'hostname-bu' must have
remote access privileges to client 'hostname'," after setting
hostname-bu as client alias.

Shall I try to simplify this?

Every interface on every server involved in the backup process needs to
resolve. That means the backup server, any storage node that might
backup this client, and the client itself must all be in DNS or hosts
files, with all interfaces included. If an interface is an alternate
interface for a physical client, e.g. just for backups, you should set
it as an alias to the main hostname. If it is a cluster service, you
should NOT under any circumstance add the service name as an alias for
any physical host - this is what the remote access field is for.

I have come across customers who say "We don't put the backup network in
the DNS". This is their choice, but they are making life difficult. By
not doing this they need to add lots of hosts file entries to lots of
machines. The backup server needs entries for all the clients and
storage nodes. The storage nodes need entries for all the clients they
may backup. All the clients need entries for the server and storage
nodes. IMHO it's easier to stick these in the DNS.

If you want to force the backup data over a particular network, then set
the storage node field of the client resource to be the storage node's
name on the backup network. If you want to send the metadata to the
server via the backup network, set the server network interface field.
If you want to send all data from the server to the client over the
backup network, you need to define the client using its name on the
backup network.

Follow these rules and it should work.


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER

On Tue, Oct 18, 2011 at 8:32 AM, Davina Treiber
<Davina.Treiber < at > peevro.co.uk> wrote:
On 18/10/11 13:41, Eugene Vilensky wrote:
On Tue, Oct 18, 2011 at 12:42 AM, Dag Nygren <dag < at > newtech.fi> wrote:
tisdag 18 oktober 2011 03:58:47 skrev du:
But what should this DNS/hosts file entry be?  The client is
configured on the server with the DNS name of the primary interface.

E.g. hostname-bu
Then you alias that hostname-bu to hostname in the NW client settings.

Thank you.  I still receive "'System' on 'hostname-bu' must have
remote access privileges to client 'hostname'," after setting
hostname-bu as client alias.

Shall I try to simplify this?

Every interface on every server involved in the backup process needs to
resolve. That means the backup server, any storage node that might
backup this client, and the client itself must all be in DNS or hosts
files, with all interfaces included. If an interface is an alternate
interface for a physical client, e.g. just for backups, you should set
it as an alias to the main hostname. If it is a cluster service, you
should NOT under any circumstance add the service name as an alias for
any physical host - this is what the remote access field is for.

I have come across customers who say "We don't put the backup network in
the DNS". This is their choice, but they are making life difficult. By
not doing this they need to add lots of hosts file entries to lots of
machines. The backup server needs entries for all the clients and
storage nodes. The storage nodes need entries for all the clients they
may backup. All the clients need entries for the server and storage
nodes. IMHO it's easier to stick these in the DNS.

If you want to force the backup data over a particular network, then set
the storage node field of the client resource to be the storage node's
name on the backup network. If you want to send the metadata to the
server via the backup network, set the server network interface field.
If you want to send all data from the server to the client over the
backup network, you need to define the client using its name on the
backup network.

Follow these rules and it should work.

Brilliant. I recommend including this exact verbiage in the Admin
Guide underneath the useless backup interface blurb.

Thank you!,
Eugene


via RSS at http://listserv.temple.edu/cgi-bin/wa?RSS&L=NETWORKER