From owner-networker@LISTSERV.TEMPLE.EDU Sun Sep 10 16:35:11 2000 Return-Path: Received: from listserv.temple.edu (listserv.temple.edu [155.247.166.105]) by mailhost.nmt.edu (8.10.2/8.10.2) with SMTP id e8AMZ7v11981 for ; Sun, 10 Sep 2000 16:35:08 -0600 Received: (qmail 24919 invoked by uid 0); 10 Sep 2000 22:35:18 -0000 Received: from listserv.temple.edu (155.247.166.105) by listserv.temple.edu with SMTP; 10 Sep 2000 22:35:18 -0000 Received: from LISTSERV.TEMPLE.EDU by LISTSERV.TEMPLE.EDU (LISTSERV-TCP/IP release 1.8d) with spool id 731555 for NETWORKER@LISTSERV.TEMPLE.EDU; Sun, 10 Sep 2000 18:35:15 -0400 Delivered-To: NETWORKER@LISTSERV.TEMPLE.EDU Received: (qmail 24637 invoked by uid 0); 10 Sep 2000 22:35:10 -0000 Received: from agora.rdrop.com (0@199.2.210.241) by listserv.temple.edu with SMTP; 10 Sep 2000 22:35:10 -0000 Received: from joan.burling.com (root@ppp-d7.rdrop.com [199.2.212.40]) by agora.rdrop.com (8.8.7/8.8.7) with ESMTP id PAA00453 for ; Sun, 10 Sep 2000 15:32:49 -0700 (PDT) (envelope-from llywrch@agora.rdrop.com) Received: from joan (IDENT:geoff@joan [127.0.0.1]) by joan.burling.com (8.9.3/8.9.3) with ESMTP id MAA08510 for ; Sun, 10 Sep 2000 12:02:04 -0700 X-Sender: geoff@joan.burling.com MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Message-ID: Date: Sun, 10 Sep 2000 12:02:04 -0700 Reply-To: Geoff Burling Sender: Legato NetWorker discussion From: Geoff Burling Subject: [Networker] Networker FAQ -- Part 6 of 7 To: NETWORKER@LISTSERV.TEMPLE.EDU Status: RO Content-Length: 18911 Lines: 469 I've been lurking here for the last couple of months, & have noticed quite a few questions that should be answered in the FAQ. I checked with the folks who said they'd carry this chore on, & since they had no objection, & although I'm no longer responsible for it, I'm reposting the FAQ one more time. I hope this answers a few questions & save a little bandwidth. Geoff Burling =============================================================== In an email 4 days after this issue, Tim Evans quotes Linda L. Cygan as stating that there is an inexpensive upgrade to Win 98 that fixes this problem. Q. Networker changes the archive bit on my system. How do keep Networker from basing its incrementals on the archive bit? A. Paul White reposted (2 May 2000) the following Legato document to the mailing list: Windows NT Archive Bit Behavior with NetWorker The system environment variable NSR_AVOID_ARCHIVE can be set to YES to prevent NetWorker from using the archive bit as criteria for determining what files are saved during scheduled backups. The following section presents two situations: the behavior of NetWorker scheduled backups when the NSR_AVOID_ARCHIVE is set NO and the behavior when NSR_AVOID_ARCHIVE is set to YES. NSR_AVOID_ARCHIVE set to NO or not present Beginning with NetWorker for NT 4.3 the archive bit is used as part of the criterion for determining if files are saved during an incremental backup. The other criteria are LastWriteTime and CreateTime. During a scheduled backup the archive file attribute is turned off based upon the particular situations listed below. Full Scheduled Backups During a full scheduled backup the archive bit for each file saved is turned off if previously set. * LastWriteTime time or CreateTime >= last scheduled backup time If the LastWriteTime time on a file or the CreateTime is greater than or equal to the last scheduled backup time, the files are save and then the archive bit is turned off if previously set. * LastWriteTime time and CreateTime < last scheduled backup time If the archive bit is set, the file is saved, but the archive bit is not turned off until the file is "captured" by an upcoming scheduled backup. - OR - If the archive bit is not set the file is not saved. NSR_AVOID_ARCHIVE iset to YES (or any value other than "no") Earlier versions of NetWorker (before 4.3) did not use the archive bit. * Full Scheduled Backups All files are saved. * Last Written time or CreateTime >= last scheduled backup time If the LastWriteTime time on a file or the CreateTime is greater than or equal to the last scheduled backup time, the file is backed up. * Last Written time and CreateTime < last scheduled backup time If the LastWriteTime time and CreateTime is less than the last scheduled backup time, the file is not backed up Specify the NSR_AVOID_ARCHIVE system environment variable to control what criteria NetWorker for Windows NT 4.3 or higher uses to determine what files are candidates for incremental saves. The environment variable is set in the System application from the Control Panel. Set NSR_AVOID_ARCHIVE as a system environmental variable, not a user environmental variable. Reboot the system to activate the variable. Q. I've noticed that some of my NT servers are crashing (a Dr.Watson crash, and a memory dump) when Networker try to backup REPAIRDISK:\. A. Lynn Glessner submitted (21 March 2000): This is a common question, and IMHO belongs in the FAQ for NT. There are three workarounds: 1)specify your savesets, not including REPAIRDISK 2)run the services under a local admin account. 3)change the NT security as described below. The following is copied from the Legato Tech Dialog: Saving REPAIRDISK Results in a Dr. Watson Error in Winmsd.exe NT 4.0 service pack 3 NetWorker 5.1 During a NetWorker backup attempt, Microsoft's winmsd binary causes a Dr. Watson error when run from the anonymous user logon Analysis: Legato's Remote Exec Service calls Microsoft's winmsd program when started. If the Remote Exec Service is started from an anonymous user logon, winmsd.exe causes a Dr. Watson error. By default, Remote Exec Services runs from the System Account, (user SYSTEM). WINMSD.EXE provides information about the system configuration and status by reading the Windows NT Registry. Solution: The user that starts Remote Exec Services needs local backup privileges. No other special file access is required since Microsoft's backup API provides this access already to a user with backup privileges. Administrators who want to require only authenticated users to list account names, and exclude anonymous connections from doing so, need to make the following change to the registry: WARNING: Using Registry Editor incorrectly can cause serious, system-wide problems that may require you to reinstall Windows NT to correct them. Microsoft cannot guarantee that any problems resulting from the use of Registry Editor can be solved. Use this tool at your own risk. Run Registry Editor (Regedt32.exe). Go to the following key in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA On the Edit menu, click Add Value and use the following entry: Value Name: RestrictAnonymous Data Type: REG_DWORD Value: 1 Exit the Registry Editor and restart the computer for the change to take effect. When the RestrictAnonymous value is set to 1, anonymous connections from the Graphical User Interface tools for security management will receive an access denied error when attempting to get the list of account names. When the RestrictAnonymous value is set to 0, or the value is not defined, anonymous connections will be able to list account names and enumerate share names. It should be noted that even with the value of RestrictAnonymous set to 1, although the user interface tools with the system will not list account names, there are Win32 programming interfaces to support individual name lookup that do not restrict anonymous connections. Additional Information: Review Microsoft technet article Q143474 for further details surrounding the anonymous connections. (If you are unable to access this link, please visit Microsoft's World Wide Web site at http://www.microsoft.com/. Created 8/24/98 Q. How do I Email the Bootstrap Notification on an NT Networker Server A. From Rusell Brown (28 March 2000): 1. Download and install Blat on your NT Networker Server (http://www.interlog.com/~tcharron/blat.html) [Blat appears to be a command line mailer for NT.] 2. Change the Action field in the Bootstrap Notification to the following command: blat - -server smtpservername.yourdomain.com -s "NT Servername Bootstrap Save Set Notification" -t backupadministrator@yourdomain.com 3. You can add multiple recipients by separating the names with a comma Q. How do I add pre and post processing on NT? A. From K. Scott Rowe (24 Mar 2000): You must add savepnpc into the backup command field of the client. This will create a .res file in the directory /nsr/res. You can edit this file to fulfill your needs. Below is a .res file we are using: type: savepnpc; precmd: "c:\\win32app\\nsr\\res\pre.bat"; pstcmd: "c:\\win32app\\nsr\\res\pst.bat"; This file is used on a NT-server, notice \\ in the command line. In the pre/pst.bat files the following is necessary to run the commands succesfully: All variables which come with the 'set' command. cmd /c "net stop " echo + > del The last 2 lines are needed to give the bat file a 'exit 0' status. If NO 'exit 0' status comes from the batfile then NO backup will be made. This is due to the fact that some NT-services finish succesfully with a 'exit 1' status and NetWorker checks for 'exit 0'. I need information on Windows Registry, & ACL 9.3 Netware/Novell Q. I can't back up my Netware clients. A. Marie Duplessis posted the following (17 Aug 1999): I've seen this numerous times, and have done it successfully. The fact that manual backups work, but savegrp's issued from the server do not, is the name/password authentication. [snip] I know this sounds silly, but has worked over and over again throughout all versions. Outdated as it is, Technical Bulletin #80 provided by Legato, still holds true. Joseph Oritz has emailed me (4 April 2000) with instructions on how to do this from the UNIX server: First, while you can't do it from the Admin GUI on a Unix server, you CAN do it by using the nsradmin utility from the Networker Unix server. This is character based and does not add the "invisible" character to the password, which is what causes the problem in the first place. Consequently it is also inaccurate to state that you must perform this operation from the Netware client. I've used this method repeatedly with Networker versions from 5.1 to 5.5.2 on Solaris and HP-UX servers. This is applicable only to Unix based Networker server. While from my own experience, one important clue is that the client must be set to use TCPIP instead of IPX/SPX (the default setting) to talk to the non-Novell server. Charles Tilbury (26 April) emailed to me with further troubleshooting tips: Firstly, compression is evil on NetWare 3 servers. Don't use it, unless you like seeing your NetWare servers running at 100% cpu utilisation whilst they are backing up (I've never met a Novell admin who does like this yet!). Secondly, the latest Legato software for NetWare (4.15) actually is now "Tested & Approved" by Novell, at least for NetWare 4 and NetWare 5. The last version that was tested and approved was 4.12. The bulletins for these are available on the Novell solutions search WWW site. 9.4 UNIX Tape drive configuration files & their system names can vary greatly between flavors. Here follows the details for several versions I have information for in alphabetical order. Information on missing flavors is welcome. 9.4.1 OSF1/Digital/Tru64 UNIX Tim Mooney submited (30 Mar 2000): Through the years, all DEC and now Compaq-supplied tape devices have responded to SCSI probes as a TZ device, so `tz' has become synonymous in the DEC/Compaq world with `tape', specifically SCSI tape. If you want to look at the SCSI tape man page, you'll want to do a ``man 7 tz". You will see `tz' mentioned in other places, as well. It means tape. Unlike Solaris, where you must use the `b' device file to get the Berkeley-style close, under Compaq's UNIX the close is *always* Berkeley-style. Versions of the OS from 4.0 and on have an /etc/ddr.dbase file, which is compiled into the binary /etc/ddr.db file, which is the Dynamic Device Recognition database. It's similar in purpose to Solaris' /kernel/drv/st.conf (and sd.conf, and ...). In regard to device naming, in all OS releases numbered < 5.0, the tape device names are: /dev/{n}rmt{logical #}[almh] where: {n} when present, means no rewind on close (non-rewinding). {logical #} the logical # of the tape drive, which is just a number assigned to it, based on when it's discovered in relation to other tape drives when the bus/target/luns are probed, starting with 0. This logical # says nothing about which bus or SCSI target the device is at, it just indicates where it falls in the device probe in relation to other tape devices. [almh] One of these is always present, and they're for density selection. Except in rare cases, a and l both generally mean the same thing, `low density'. Likewise `m' is medium and `h' is high. If you want to use hardware compression, you should use the `h' device. Examples: /dev/rmt5a the sixth tape drive, rewind-on-close, low density /dev/nrmt0h the first tape drive, non-rewinding, high density For robots (media changers), the device file name is /dev/mc{unit #}{lun} where: {unit #} The unit # is taken by multiplying the bus # that the changer is on by 8 and adding the SCSI id of the changer. That is, (bus * 8) + SCSI target id. This # has nothing to do with the SCSI LUN, which is designated (if needed) using a single letter, 1-h. {lun} The SCSI LUN (logical unit number) represented by a single letter, a meaning 0, b meaning 1, through h meaning LUN 7. Examples: /dev/mc3 changer on SCSI bus 0, SCSI target 3, SCSI lun 0. /dev/mc3a same. /dev/mc30 changer on SCSI bus 3, target 6, lun 0. /dev/mc5g changer on SCSI bus 0, target 5, lun 6. To use a media changer, you must load additional (non-default) subsets (packages), specifically the CLCMC subset. This is the "SCSI CAM Medium Changer Driver". Loading this subset adds some basic media changer entries to your /etc/ddr.dbase, and it also loads kernel support for SCSI changers. A kernel rebuild and reboot will be required before the changer will work. Some good man pages to view on these topics: tz(7), mtio(7), ddr.dbase(4), ddr_config(8), SCSI(7), MAKEDEV(8), mc(7), scu(8). At 5.0 and later, most of the above information is the same *except* all the device file paths have changed to be much more SVR4-like. The tape devices files are in their own subdirectory (/dev/tape ?) and now are named based on their bus/target/lun identifier, rather than some "logical #" constructed from that same information. 9.4.2 HPUX The path names of tape drives are similar to Solaris, since both follow System V conventions here. I have no information where the configuration files are -- or if they exist. 9.4.3 IRIX Ulrich Oldendorf wrote in an email dated 21 March 2000: SGI device names: /dev/{r}mt/tpscontrollerdID{nr}{ns}{s}{v}{.density}{c} where means: {nr} no-rewind on close device (mandatory for networker!) {ns} non-byte swapping device {s} byte swapping device {v} variable block size device {.density} for 9-track tape it is one of 800, 1600, 3200, or 6250, for the Exabyte 8500 it is one of 8200 and 8500 and for DLT7000 it is one of 4000 and 7000 {c} data compression (if supported by hardware) For further details see man tps and mtio. Tape drive configurations are kept at /var/sysgen/master.d/scsi. Comments in that file document its layout. 9.4.4 Solaris Q. What do the device pathnames under Solaris represent? A. ``A Networker User" and Dana Bourgeois discussed this on 5 Feb 1999: > Solaris device names: > > ?lbn = low density > ?mbn = medium density > ?hbn = high density > ?cbn = compressed > ?ubn = exactly the same as compressed (I think the u means ultra) > > The densities correspond to the settings in st.conf, and by > default your st.conf file is probably wrong, i.e. not configured. > Check the archive for lots of good info on st.conf settings for > your particular devices. This is true. You need to set up your device type in the st.conf file and how you set it up will determine how many different densities and options are available. If you only set up one entry for DLT, for example, then you can expect that either the above device types will either not work or they will all work the same. To get differences among the l, m, h, c, and u devices, you would need to have different entries for all of them. > You almost certainly want to be using ?cbn on devices which > support compression. Except for that hardware which compresses by default or has device-switchable compression. My AIT drives are configurable for compression from the jukebox front panel. I have it ON and want it always compressing so I really don't care about the ?cbn device entry. I will always use hardware compression and the server doesn't know and can't tell. > The "b" bit means Berkeley style devices, you should use these > with NetWorker. Yes. True. The 'n' represents a 'no-rewind' device. This means that the tape is not rewound at the end of the write stream. This is important. Legato needs to have control over the location of the tape in the drive. You don't want the drive moving the tape except under command from Legato. Without the 'n', a lot of hardware will rewind the tape back to the beginning when writing is finished. Hoo Boy! Would that (eventually) cause a lot consternation to Legato! I think it asks for a tape reposition at the end of every write stream (which would succeed) but then the drive would rewind back to the beginning. At the next saveset, Legato would assume proper positioning and just start writing...over the tape label and all of the previous chunks. I think you'd be able to get an awful lot of data on that one tape if one session didn't completely fill it up and go to the next tape. Like an infinite amount? > I hope this is a good summary. Yeppers. Tape drive configurations are kept at /kernel/drv/st.conf (for Solaris). The format for this file is documented in the ``st" man page, while further details can be found in the ``mtio" man page as well as in the file /usr/include/sys/mtio.h. Legato has sample entries for versions of Solaris from 2.3 thru 2.5.1 at ftp://ftp.legato.com/pub/NetWorker/Unix/Solaris. Q. ``Why does NetWorker seem to hang?" -- Note: To sign off this list, send a "signoff" command via email to listserv@listserv.temple.edu or visit the list's Web site at http://listserv.temple.edu/archives/networker.html where you can also view and post messages to the list. =*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=