IT Infrastructure blog

November 27, 2010

Enabling Auditing in NetApp Cifs volume

Filed under: NetApp — Akther @ 8:12 pm

Just imagine if you have a situation that a user is coming and saying i cannot see my files in network storage. Haahhh

That’s it….. and he don’t no how it got deleted and he want to know who done this…. here you need to answer two questions .

1) When you will give back my file ( since i am the admin i have to give back)

2) Who deleted this….?

Deleted file i restored it from recent backup ( If you have snap shot enabled in NetApp volume you can retrive very easily)

The second one i don’t have answer because i didn’t enable the auditing in filer. Then i find out how we can enable auditing in Netapp filer and thought to share with you all

Enable Auditing

Telnet to filer

Filer > options cifs.audit.enable on

This will enable to auditing in cifs volume. The disadvantage of this we need to save manually to stop the auditing ( i will tell you how we can do it automatically)

Save Cifs auditing

filer>cifs audit save -f

Automatically save auditing

Filer > options cifs.audit.autosave.ontime.enable on

Filer >cifs.audit.autosave.onsize.enable on

Where we can see the audited logs ?

/etc/log/adtlog.evt

Run –> //filername/etc$

Give the credentials. Go to etc folder then log folder. There you can see adtlog.evt

It’s a event viewer file. Go to Event Viewer –> Right click –> open log file–> show this path

( try to mount this CIFS volume before it show the path in event viewer). Select security log while selecting open.

Could able to see similar like Windows Auditing. Object Access, log on/ log off category etc

Below command will give the real status of CIFS auditing in NetApp filer

options cifs.audit

cifs.audit.account_mgmt_events.enable off
cifs.audit.autosave.file.extension timestamp
cifs.audit.autosave.file.limit 0
cifs.audit.autosave.onsize.enable on
cifs.audit.autosave.onsize.threshold 75%
cifs.audit.autosave.ontime.enable on
cifs.audit.autosave.ontime.interval 1d
cifs.audit.enable            on
cifs.audit.file_access_events.enable on
cifs.audit.liveview.enable   off
cifs.audit.logon_events.enable on
cifs.audit.logsize           524288
cifs.audit.nfs.enable        off
cifs.audit.nfs.filter.filename
cifs.audit.saveas            /etc/log/adtlog.evt

Hope it helpful for all and thanks for being here

Regards

Akther

You are already running Available_Media.when running the Available_Media command.

Filed under: Symantec Netbackup — Akther @ 7:42 pm
Tags:

Available_media.cmd command is helpful to find out the media status in Veritas Netbackup. If you run the below command to see the status of media you may encountered below error

C:\Program Files\Veritas\NetBackup\bin\goodies>available_media.cmd
You are already running Available_Media.
Try again later.

How to resolve this

There is a tech note available in symantec that how we can resolve this error.

http://support.veritas.com/docs/245562

you have to delete  the AM.<USERNAME>.lok file,  from %temp% folder then run the Available_Media.cmd script again

Thought to share this error with all of you and hope it helps some one who is working with Symantec Veritas Netbackup

November 26, 2010

Status code 96 in Veritas Netbackup server

Filed under: Symantec Netbackup — Akther @ 7:58 pm

If you have a chance to work with Veritas Netbackup server this error code you would probably see.

Error code 96 throwing error in Activity monitor mainly because of unavailability of media.

Why media is not available to write images ? several reason….

1) Media is full

2) Media is suspend mode

3)Media is frozen

4) Media Retention period and the net backup policy retention policy is different ( Tape retention policy is 1 and policy retention period is 1 month ( basically 2)

4) There is no media in Volume pool

So Netbackup Administrator should be vigilant in daily monitoring these media status by using a use full command to check  what happens to tape media.

C:\Program Files\Veritas\NetBackup\bin\goodies>available_media.cmd >>c:\media.txt

This will throw the media is in full or frozen or suspend or available.

Based on this unfreeze the media or find out new tape and put it in to the correct volume pool.

other use full command to see a particular media status is below

C:\Program Files\Veritas\NetBackup\bin\admincmd>nbemmcmd -listmedia -mediaid TP0064

( TP064 defines the label name of tape)

output of this command would be below. Here you can find out the retention period of tape, when this image will be expire and Media status.

Here media status is showing Active, it may be vary like Full or Frozen.

NBEMMCMD, Version:7.0.1
====================================================================
Media GUID:                     968da873-a972-4a9f-a27c-62404b8991b2
Media ID:                            TP0064
Partner:                                –
Media Type:                       HCART2
Volume Group:                000_00000_TLD
Application:                    Netbackup
Media Flags:                    1
Description:                    Added by Media Manager
Barcode:                           TP0064
Partner Barcode:          ——–
Last Write Host:             Netbackup-Masterserver
Created:                            10/27/2010 16:13
Time Assigned:              11/13/2010 18:34
First Mount:                    11/13/2010 18:35
Last Mount:                     11/19/2010 12:01
Volume Expiration:              –
Data Expiration:            12/03/2010 12:00
Last Written:                   11/19/2010 12:00
Last Read:                         –
Robot Type:                     TLD
Robot Control Host:     Netbackup-Masterserver
Robot Number:               0
Slot:                                     22
Side/Face:                      –
Cleanings Remaining:   –
Number of Mounts:       3
Maximum Mounts Allowed:     0
Media Status:                   ACTIVE
Kilobytes:                         198078296
Images:                              14
Valid Images:                   14
Retention Period:             1
Number of Restores:             0
Optical Header Size Bytes:      1024
Optical Sector Size Bytes:      0
Optical Partition Size Bytes:   0
Last Header Offset:             3095010
Adamm Guid:                     00000000-0000-0000-0000-000000000000
Rsm Guid:                       00000000-0000-0000-0000-000000000000
Origin Host:                    NONE
Master Host:                  Netbackup-Masterserver
Server Group:                NO_SHARING_GROUP
Upgrade Conflicts Flag:
Pool Number:                    5
Volume Pool:                    Exchange pool
Previous Pool Name:             –
Vault Flags:                    –
Vault Container:                –
Vault Name:                     –
Vault Slot:                     –
Session ID:                     –
Date Vaulted:                   –
Return Date:                    –
====================================================================

If you want to expire the image in particular tape we can use below command ( be sure that you would not require this data in future)

C:\Program Files\Veritas\NetBackup\bin\admincmd> bpexpdate -m TP0064 -d 0

This will expire media TP0064 and will be available for next backup .

Hope this article would be helpful for Netbackup admins.

Thanks

Akther

November 22, 2010

Status code 71 in Veritas Netbackup server for Exchange Mail box backup

Filed under: Symantec Netbackup — Akther @ 6:36 pm

There was an issue to take backup of Exchange mailboxes  ( granular backup to say in Veritas terminology) through Symantec Veritas Netbackup.

Error code was showing 71 in Activity monitor.

Error was below

11/22/2010 3:23:46 PM – mounting Tp0066
11/22/2010 3:23:48 PM – Warning bpbrm(pid=2140) from client Exchange-cluster: WRN – unable to successfully enumerate folder: Microsoft Exchange Mailboxes:\
11/22/2010 3:23:48 PM – Warning bpbrm(pid=2140) from client Exchange-cluster: WRN – unable to successfully enumerate folder: Microsoft Exchange Mailboxes:\
11/22/2010 3:23:48 PM – Error bptm(pid=4636) socket operation failed – 10054 (at child.c.1294)
11/22/2010 3:23:48 PM – Warning bpbrm(pid=2140) from client Exchange-cluster: WRN – unable to successfully enumerate folder: Microsoft Exchange Mailboxes:\
11/22/2010 3:23:48 PM – Error bptm(pid=4636) unable to perform read from client socket, connection may have been broken
11/22/2010 3:23:48 PM – Error bpbrm(pid=2140) could not send server status message
11/22/2010 3:23:50 PM – end writing
none of the files in the file list exist(71)

SOLUTION/WORKAROUND:

1. Checked and found that we cannot browse and enumerate the mailboxes from the Exchnage policy \ Selections

2. Went to Exchange active node and configured the exchange backup account. ( Services–> Netbackup client–>logon tab–>give exchange admin account and password there). Then restart the netbackup service

3) Updated the changes using bprdreq command

C:\program files\veritas\netbackup\bin\admincmd >bprdreq -readconfig

 

4) ran the Mailbox backup manually. And it works fine.

 

Thanks

Akther

November 19, 2010

Archiving, Retention and Discovery with Microsoft Exchange Server 2010 SP1

Filed under: Exchange 2010 — Akther @ 10:23 am

After a short gap i am back. I was busy with our new ERP project ( We implemented Microsoft Dynamics AX 2009) in our company and the phase 2 go live is ahead on Dec 15. Fully involved in the administration/Instalaltion/Configuration part of Dynamics AX 2009. It’s good to learn a ERP product from scratch. Thanks to Rafeeq to give this oppertunity to be a part of Dynamics AX team.

I was watching the Tech ed Europe 2010  in online and could see a good video about Archiving feature in Exchange 2010 sp1 by Krish Sundareshan, Program Manager MSFT.

Here is the link

http://www.msteched.com/2010/Europe/UNC308

And all the Tech Ed Europ 2010 can watch here

http://www.msteched.com/2010/Europe/Page2/

Thanks to Steve to shaer this

Regards

Akther

Blog at WordPress.com.