Skip to main content
Start a Conversation

Solved!

Go to Solution

bingo.1

2.4K Posts

330

May 1st, 2022 14:00

Whaat is a "...user with the privilege to perform directed recoveries"?

Hello,

during my recent tests with NW 19.6.0 I struggled with the problem that for certain server - source - and destination client combinations a directed recovery will be rejected with this error (see screenshots).

When I tested this with NW 9.2.1 some years ago, this operation was possible.

The user has Remote Access rights - otherwise he would not even be possible to browse. And I did not find a user privilege that looks like "Execute directed recoveries".

So my questions are:

  -  What do I do wrong or how to overcome this obstacle?

  -  When has this feature been introduced?

  -  Why can't I find a hint in the manuals at all?

I hope somebody will be able to explain. Thank you.

 

 

 

 

 

2 Attachments

bingo.1

2.4K Posts

May 5th, 2022 07:00

It took me a while to finally find the solution. But yes, I got it.

Assuming a problem with a resource I used findstr/grep to search through the resource database for the string "recover remote data". And I found 5 hits - all of them were "NSR usergroup" resources:

   -  Application Administrators
   -  Database Administrator
   -  Database Operators
   -  Monitors
   -  Operators

Trying to think logical I just could assume that the Operators group was causing the problem. And after adding the remote user to it, the directed recovery was working as expected.

 

barry_beckers

393 Posts

May 2nd, 2022 03:00

Haven't been using directed recoveries myself (*).

(*) I can recall a colleague however once intending to perform a directed recovery (while we are never ever supposed to perform recoveries as that is the task for the OS admins (or DB admin in case of DB's) themselves (we would only recover the NW media/res DB, if anything, during a NW server DR). We "only" deliver the backup service and infra structure) but by omitting the -R option, he was actually restoring linux files unto the Solaris backup server at the time. That was fun...

I am looking back into earlier NW Security Configuration manuals, but even already in the NW9.2 manuals from 2017 it stated about remote directed recoveries, but I don't believe that is what you are doing here, as you perform just a directed recovery, by issuing the recover command on hostA to restore data from HostB unto HostB (except for the fact it seems to be you are trying a restore for the NW server itself as the -s (server) states the same client name? Is the behavior the same when trying this on one client for another regular client instead of for the backup server?), while - if memory serves me right a remote directed recovery entails starting the recovery from HostA to restore files from HostB unto a 3rd host HostC?

"Restricting remote program executions and client-tasking rights

When a NetWorker host requests the right to perform a task on another NetWorker host, the destination host compares the name of the requesting host to the list of hostnames that are specified in the servers file on the destination NetWorker host. If the hostname of the requesting host is not in the servers file, then the requesting host does not have client-tasking rights and the destination host rejects the request.


The following table provides a list of tasks that require client-tasking rights.

Table 9 Operations that require entries in the servers file
Operation Entries required in the client servers file
- Archive request Add the FQDN and shortname of the NetWorker server.
- Scheduled backup Add the FQDN and shortname of the NetWorker server.
- For a clustered NetWorker server, add the long and shortname of the virtual NetWorker and all physical nodes.
- Remote directed recovery Add the FQDN and shortname of the administering client to the servers file on the destination client.
- NDMP DSA backup Add the FQDN and shortname of the NetWorker client that starts the backup."

bingo.1

2.4K Posts

May 3rd, 2022 02:00

Thank you so much for your response. And it sounds logical to a certain extent. But of course you cannot even connect if the entry is missing and you start recover. The program clearly states:

  Cannot start session with server : Service not available yet.

 

As the original message states this points to the issue as if the user misses an appropriate right to write to the destination client's file system. But I do not see how to modify that.

 

 

View More

View All

No Events found!

Top