none
DPM backup restoration issue RRS feed

  • Question

  • Hi,

    I have installed DPM 2010 and configured protection group for one of my server. I have also imported certificate in DPM BackupStore from CA authority to take a backup in encrypted format.

    I took my backup in encrypted format on tape and backup job is successfully completed after encryption enable. But when i am restoring backup from tape to DPM Server Disk it doesn't ask for any key or password. So how could I come to know my restored backup was in encrypted format.

    Also let me know, Does DPM backup restoration ask for password or certificate.

    Thanks,

    Manzoor Ahmed.

    Wednesday, July 20, 2011 4:55 AM

Answers

  • Hi,

    DPM does not ask for the for certificate or password when restoring recovery points from excrypted tapes.  DPM will simply use the certificate found in the backupstore or restorestore. If you want to confirm that the tape is encrypted, you can test using one of these two methods

    1) Move the encrypted tape to another DPM server that does not have the certificate installed and try to re-catalog the tape, it should fail and give the following error.

    Type: Tape recatalog
    Status: Failed
    Description: This DPM server is not authorized to read or write to this encrypted tape because there is no valid certificate in DPMBackupStore and DPMRestoreStore which can decrypt data. (ID 24071)

    2) Export the certificate including the private key, then delete the certificate in the dpmbackupstore - then try to restore from the tape, you should get the same error.


    Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 21, 2011 5:03 AM
    Moderator
  • Hi Mike,

     

    Thank you for the reply.

    Thanks,

    Manzoor Ahmed

    Thursday, July 21, 2011 5:46 AM

All replies

  • Hi,

    DPM does not ask for the for certificate or password when restoring recovery points from excrypted tapes.  DPM will simply use the certificate found in the backupstore or restorestore. If you want to confirm that the tape is encrypted, you can test using one of these two methods

    1) Move the encrypted tape to another DPM server that does not have the certificate installed and try to re-catalog the tape, it should fail and give the following error.

    Type: Tape recatalog
    Status: Failed
    Description: This DPM server is not authorized to read or write to this encrypted tape because there is no valid certificate in DPMBackupStore and DPMRestoreStore which can decrypt data. (ID 24071)

    2) Export the certificate including the private key, then delete the certificate in the dpmbackupstore - then try to restore from the tape, you should get the same error.


    Regards, Mike J. [MSFT] This posting is provided "AS IS" with no warranties, and confers no rights.
    Thursday, July 21, 2011 5:03 AM
    Moderator
  • Hi Mike,

     

    Thank you for the reply.

    Thanks,

    Manzoor Ahmed

    Thursday, July 21, 2011 5:46 AM