One thing that I don’t think is stressed enough in the Veeam manual is the “Application-Aware” checkbox that is, by default, not checked. Because Veeam (like most other image level backup software) do not do a true system state backup like in the old days, there can be some significant issues if you are restoring an Active Directory domain controller. However, Veeam can compensate for this problem if the “Application-Aware Image Processing” checkbox has been selected. If however you restore a domain controller from a backup and that box was not checked then you run the risk of FUBARing Active Directory replication.
For more information on why the problem happens to check out this Microsoft KB article http://support.microsoft.com/kb/875495
I’m no active directory expert, but I did get to witness what happens when you restore a DC without the Application Aware processing, and I must say that it is not a fun process to fix the problem. The best way to avoid having to deal with the problem is to just check the Application Aware Image processing box.
After you restore a system from a backup that did not have that box checked symptoms include:
- Netlogon service is not running
- Active Directory may not replication between servers
- Event ID 2103 in Event Viewer. ( The Active directory database has been
restored using an unsupported procedure.)
I would encourage you to go through your backup jobs and verify that this checkbox has been checked and that you have valid domain credentials in the proper boxes below it on the same window.
My AD backup failed when I checked Application aware check box but my consecutive reverse-incremental backups succeeded (with application aware check box). Any explanation? Is this backup consistent?
I haven’t restored the AD yet.
Do you have a more detailed description of the error your getting ?
I also got an error using application awareness the last days on a single VM. This thread helped me out: http://forums.veeam.com/viewtopic.php?f=2&t=5725
Same here , I had to run a bcedit and restore AD
Justin..thanks for this great info. I think this is really an important point new Veeam users can forget, as it isnt stressed enough that by not checking the application aware checkbox..it can lead into other problems while doing a restore. Thanks Justin!
What permissions are required for this setting in regards to a domain controller? Will an admin of the box work, or does the account need higher permissions(domain admin)?
the user account needs to have permissions for the admin share on the local host. However if the machine is a domain controller …. there is no such thing as a “local account”, so you will be forced to use a domain admin account.
The reason for this is because when the backup runs Veeam sends their vss agent to the machines admin$ share and then runs it… to run apps remotely you will need a privileged account.