none
Disaster Recovery Testing RRS feed

  • Question

  • Hi there,

    We're currently backing up SharePoint 2010, Exchange 2010, SQL 2008 and Active Directory, all running on Hyper-V, with DPM 2010. As part of our Disaster Recovery planning, I'd like to do a full restore of the environment from tape, but I'm running into some PITA snags. I suspect part of it has to do with the fact that we're dealing with two domains (my Dev/Test/DR domain and production.local), but I'm soldiering on anyways.

    1. Built test server, installed Hyper-V, built dev.local DC
    2. Joined test server to dev.local and then installed DPM on test server
    3. Imported the tapes we're testing with and successfully restored a BMR backup of production.local DC VM
    4. Successfully restored several other servers this way

    Here's where we run into issues. I'm trying to say, restore our DAG or our SharePoint 2010 instance, but I'm not able to since I can't seem to get the DPM 2010 agent for the dev.local domain installed on the production.local SharePoint/SQL servers. I've read some articles detailing the protection of workgroup computers, but haven't run into much about protecting computers from another domain.

    Is what I'm attempting possible? If not, how do I go about doing a smoking-hole test restore with only a tape and a Hyper-V server?

    Much Obliged,

     - Liam

    Friday, August 26, 2011 4:16 PM

Answers

  • The concept for using NTLM to protect workgroup or 'other domain' computers is essentially the same, DNS just needs to be able to resolve and you would need to use the setdpmserver on your servers such as setdpmserver.exe -dpmservername dpmservername -isnondomainserver -username "unique account that will be created on the untrusted domain server" -password "password for that user that will be used to attach on the DPM server". Then on the DPM server use the gui and use the attach agent in a workgroup or untrusted domain (under install agent) using the username and password you specified on the protected server.

    The other option is to completely segregate your recovery environment from your production network and restore as the same domain etc as you protected. A little bit risky in the case someone accidentally joins up that network to the production network.

    Wednesday, August 31, 2011 11:09 PM

All replies

  • The concept for using NTLM to protect workgroup or 'other domain' computers is essentially the same, DNS just needs to be able to resolve and you would need to use the setdpmserver on your servers such as setdpmserver.exe -dpmservername dpmservername -isnondomainserver -username "unique account that will be created on the untrusted domain server" -password "password for that user that will be used to attach on the DPM server". Then on the DPM server use the gui and use the attach agent in a workgroup or untrusted domain (under install agent) using the username and password you specified on the protected server.

    The other option is to completely segregate your recovery environment from your production network and restore as the same domain etc as you protected. A little bit risky in the case someone accidentally joins up that network to the production network.

    Wednesday, August 31, 2011 11:09 PM
  • I was trying it with a local user account - I'll give it a shot with the domain account and see how it goes!
    Thursday, September 1, 2011 5:59 PM