Documente Academic
Documente Profesional
Documente Cultură
Contents
CONTENTS ............................................................................................................................................ 1
INTRODUCTION ................................................................................................................................... 2
SCENARIOS .......................................................................................................................................... 3
ANTIVIRUS INTERFERES WITH BACKUP CLIENT INSTALLATION ................................................................................... 3
1.
2.
3.
4.
1.
2.
1.
2.
3.
4.
Introduction
On a modern operating system, it is likely that some form of threat management system is installed. While in the
past, only antivirus and port/application-based firewall solutions were common on hosts, intrusion prevention
systems (IPS) are increasingly becoming the norm. These can perform traffic and behaviour analysis, and block
suspicious activity.
To a threat management system, Attix5 Pros behaviour can appear suspicious. If not excluded from threat
management system monitoring, these applications can prevent Attix5 Pro from backing up successfully.
It is important to understand how Attix5 Pro can be disrupted by threat management systems, and what to look
for when troubleshooting. This guide demonstrates a number of scenarios in general terms.
Scenarios
Antivirus interferes with Backup Client installation
1. Installation interference
Symptom:
Backups will not run and sometimes a connection to the Storage Platform cannot be established.
Example error message:
Various Backup Client may halt indefinitely, e.g. Building Selection List.
Cause:
This scenario typically occurs when antivirus exclusions have not been applied to exclude the Attix5 Pro
installation folder (default location: C:\Program Files\Attix5 Pro\Backup Client or Backup Client SE). The antivirus
scans the installation folder and incorrectly identifies the working files and folders, including those of the Java
installation, as potential virus threats. It often deletes or blocks access to these.
Solution:
Exclude the installation folder from antivirus scans. A Backup Client reinstall, and reconnect to the Backup
Account may be required to get the Backup Client back into a known good state.
In the Attix5 Pro GUI or backup log file: "file is encrypted or is not a database" or "Could not calculate
differences between new and previous backup sets:database is full".
In the Attix5 Pro GUI or backup log file: "Unable to recover from exception in backup process".
Cause:
Antivirus has either scanned and corrupted the Backup Client database (backuplist.db) or has a file handle on
the database, preventing the Backup Client from getting an exclusive lock.
Solution:
Exclude the database folder from antivirus scans. It may be necessary to delete the backuplist.db file and
reconnect to the Backup Account in order to get the last known good version of the Backup Client database.
3. Cache corruption
Symptom:
Files are flagged as trouble by either the Backup Client or Storage Platform and larger than expected data
transfers are occurring. Errors can also be seen during the adding/patching phase of a Staged Backup.
Example error message:
In the Backup Client log when patching Unable to patch file and Trouble file encountered and added
as full file.
In the Backup Client log when updating the cache Patching cache file failed, Could not apply patch to
file, Could not move backup file to cache reason: Trying to move a file to the cache that does not
exist and Flagged file for full backup.
During a Staged Backup in the adding/patching file stage, in the backupservice.log file: WARN
com.attix5.service.spcomms.StoragePlatformConnection File not found in toBackup.
Cause:
Files in the cache or ToBackup folders have been altered by the antivirus application which incorrectly handled
them as a threat. The cache file checksums either do not exist or no longer match the Backup Client database,
cannot be patched, and so must be resent in full. This can result in larger than expected data transfers.
Deletion of files in the ToBackup folder can cause the backup to fail.
Solution:
Exclude the cache and ToBackup folders from antivirus scans. This will prevent the files being altered and
prevent them being resent in full.
within
VHDTemp
the
and
WindowsImageBackup
are shown as failing to
rename
in
the
backupservice.log files,
which
causes
the
error
message:
Backup Client log may
show Unable to read
file. Slow backups will
not show this error,
but the time taken to
process each file will
be noticeably slower
than normal.
The following may be
seen in the backupservice.log when System State rename failures are occurring:
Cause:
File reads and writes are being monitored by antivirus on-access scanning, which can cause read failure or slow
backup speeds. The failure to rename is caused by antivirus holding the file open during this process.
Solution:
Exclude the installation folder and Attix5 Pro Backup Client service (a5backup.exe or a5backup64.exe on 64-bit
machines) from antivirus scanning. Also ensure WindowsImageBackup and VHDTemp are excluded from
scanning.
Solution:
Ensure that traffic from the Attix5 Pro Backup Client service to the AccountServer is permitted in the firewall or
IPS rules.
Solution:
Ensure that traffic from the Attix5 Pro Backup Client Service to the AccountServer is permitted in the firewall or
IPS rules.
Note: There are other issues that produce the same or very similar symptoms to these. Speed and
duplex settings mismatch or errors can cause similar network traffic drops. Also, ISP-based traffic
shaping or throttling can prevent effective communication. These causes should not be ruled out
when investigating AccountServer and StorageServer communication issues.
10
Solution:
Ensure that the system tray application (A5Loader.exe on Desktop and Laptop Edition, SERunner.exe on Server
Edition) and Backup Service (a5backup.exe, a5backup64 on 64-bit machines) are permitted in the firewall or IPS
rules.
11
Cause:
A host firewall / IPS is blocking communication between the Backup Client GUI and the Backup Client Service.
Solution:
Ensure that the Backup Client GUI (javaw.exe) and Backup Client Service are permitted in the firewall or IPS
rules.
12
Solution:
Ensure that the Exchange Agent Service and Backup Client Service are permitted in the firewall or IPS rules.
13
Solution:
Ensure that access to the Remote Management port (default 9091) of the Backup Client Service is permitted in
the firewall or IPS rules.
Note: When connecting over a network, bear in mind that network-based firewalls and IPS systems
can also prevent Remote Management connections being established. Additionally, any Backup Clients
sitting behind Network Address Translation will require port forwarding to be configured.
14
System State Folders for Windows 2008 (assuming C: is used by System State).
C:\VHDTemp\.
C:\WindowsImageBackup\.
If any working folders or plug-in dump locations are moved, ensure that these are also excluded.
Processes
TCP ports
The other ports used by the Backup Client are randomly selected, but can be manually specified in the
a5backup.properties file:
o
The ports must be unique, and not clash with any existing services. Ensure the GUI is closed and that the service
is stopped when editing the file.
15
Processes
TCP ports
The other ports used by the Backup Client are randomly selected, but can be manually specified in the
a5backup.properties file:
o
The ports must be unique, and not clash with any existing services. Ensure the GUI is closed and service is
stopped when editing the file.
16
Processes
TCP ports
The other ports used by the Backup Client are randomly selected, but can be manually specified in the
a5backup.properties file:
o
The ports must be unique, and not clash with any existing services. Ensure the GUI is closed and that the service
is stopped when editing the file.
17