Copyright © SEP AG 1999-2011. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Contents 1 General Questions 1.1 How do I obtain the Community Version? 1.2 How are the hardware and software requirements to operate a SEP sesam Server? 1.3 Why does SEP sesam Server use so much disk space on the local hard disk? 1.4 How do I install a Remote Device Server? 1.5 How do I obtain the free Zarafa Extension 1.6 Where can I get the latest 64-bit version of Sun's JRE 1.7 What is SEP sesam 'Newday'? 1.8 How do I order a new license or activate a new license? 1.9 Is there an overview of SEP sesam services? 1.10 Which Java version is required by SEP sesam 1.11 What do the flags mean in the column 'type' in Backups by State? 1.12 How do I schedule a backup task? 1.13 Why does the SEP sesam GUI create so many Java processes under Linux? 1.14 A support staff member told me to set a profile, what does it mean? 1.14.1 In Linux/UNIX 1.14.2 In Windows 1.15 What is necessary to change the IP-address and the servername of the SEP sesam Server? 1.16 Ports used by SEP sesam 1.17 A Support Engineer told me to set a higher loglevel. How do I do this? 1.17.1 Backup Loglevel 1.17.2 Restore Loglevel 2 Network 2.1 How can I check the reachability of a client from SEP sesam Server? 2.2 Used ports for backing up a client behind a firewall (DMZ) 2.3 How do I use the Nagios monitoring tool to query the SEP sesam database for monitoring system information? 2.4 How to backup from and write to UNC paths, or a CIFS share of a NetApp? 3 LINUX 3.1 Installing the SEP sesam GUI under Linux 3.2 How can you allow the SEP sesam Profile to run automatically during Login? 3.3 Using a backup source and exclude from a file with Linux 3.4 Installing the SEP sesam GUI in Linux 3.5 Problems that may occur after installing the SEP sesam RPM-package 4 Windows 4.1 A client backup fails with a WIN32 API error: 1450 - Not enough system ressources to execute the requested service. 4.2 When I try to connect to a client I get the error: 'Network communication problem: SOCKET error: 10038 - The descriptor is not a socket'. What is going on? 4.3 Using an Exclude-File in Windows 4.4 How can you set the SBC, so that the Exclude List always uses the file pattern (?,*) instead of using the regular expressions? 4.5 How are Archive Bits processed? 4.6 How do I get backups to ignore Archive Bits and use creation/modification time? 4.7 Why does the backup of encrypted data fail on Windows 2000 with the message "The network path was not found"? 4.8 How can I restore active directory subtrees in a clustered environment? 4.9 Warning during System_State backup "The system cannot find path. RegLoadKey()..." 4.10 No Powershell script becomes executed on a destination machine 4.11 Can I backup MS SQL / MS Exchange with the Volume Shadow Copy (VSS) functionality of Windows? 5 Backup 5.1 The backup of a client did not function properly. How can I determine where the problem is? 5.2 During backup I receive the message: "'Login incorrect. Password incorrect."' What's wrong? 5.3 Where is the Encryption key stored? 5.4 Compression settings 5.4.1 Compression for backups on virtual tape media 5.4.2 Compression on Tape Drives 5.5 How can you configure a backup using another Network or Interface? 5.6 How do you backup the eDirectory on a Novell OES Linux - without SP2 -? 5.6.1 Step by Step Instructions 5.6.2 Path for ndsbackup since eDirectory 8.8.1 5.7 After the initial backup does SEP sesam do incremental backups? 5.8 Can users do their own backup and restore? 5.9 Are backups performed directly to disk or tape? 5.10 I have decided to use removable or USB media for my backup strategy. Does SEP sesam support these types of devices? 6 Cluster backup 6.1 File backup of a Linux / Windows cluster 7 Restore 7.1 Common Questions 7.1.1 How is it possible to restore only single files if the SEP sesam listing file is no longer available ? 7.1.2 How do I use the Selective Restore Commands? 7.1.3 How do I restore all the data from a tape media without the SEPsesam DB? 7.1.4 How can I restore a backup that has errors? The backup log file reported that the backup was partially successful. 7.2 Microsoft Windows Restore 7.2.1 How can I Restore Active Directory Subtrees in a Clustered Environment? 8 Databases 8.1 Determine the number of SID for Oracle 8.2 What's the difference of a Novell Groupwise Backup with the SEP sesam Online Extension and without the Extension? 9 Media 9.1 How do I set up a backup to disk? 9.2 How do I set up automatic Archive Adjustment? 9.3 I have found a tape without a label and I want to know whether it is a SEP sesam tape or not. 9.4 How can you manually write a label on a tape? 9.5 How do I automatically remove the tape after the backup is finished? 9.6 Where do I install the cleaning tape? 9.7 SEP sesam locks tapes after a backup, which were not involved 9.8 Get information of oldest tape in a pool before backup starts 10 SEP sesam GUI 10.1 SEP sesam Master GUI 10.1.1 Configuration 10.2 Setting permissions for a GUI Client 10.3 Problems when adding a new client 10.4 How can I enter a backup source with more than 256 Characters? Avoid length limitations of complete filenames (incl. path) 10.5 How can you specify an exclude list that's longer than 150 characters? 10.6 Request Status or Daily Protocol (Log Files) returns 'Host SEPsesam is not allowed to connect or security problem for user'. What is going on? 10.7 The data lists do not appear in the Restore Wizard. 10.8 I can't type anything into the GUI. 10.9 Can the Master schedule be changed by a user? 10.10 How do I set permissions for GUI Client after Version 3.x? 11 SuSE LINUX 10.0 Prof. Community Version 11.1 How can I install the freeware version of SEP sesam? 12 Problems that may appear after installation with SEP sesam RPM Packets. 13 Tape drives 13.1 I have an Exabyte single tape drive. But when I try to initialize it I can't find it in the list of devices. What's wrong"? 13.2 I have an Exabyte VXA172, and I have configured my backup per the standard instructions. When I try to perform a SEP sesam backup I get the error message: skipping blocks. What does that mean? 13.3 SEP sesam does not write to my LTO drive on my x86 system 14 Encryption 14.1 When encryption is selected before transferring data to the server, does sesam do a compression before it encrypts the data? Does it compress after it encrypts the data? 15 Multiple Files 15.1 Will SEP sesam recognize the fact that several users have saved the same file on separate clients and only backup one file and various changes? 16 Open Files - Will SEP sesam backup open files? 16.1 Linux 16.2 For Windows 17 Data Storage - Methodology 17.1 Is data that is collected for backup stored in a flat file or a database? 18 Reporting 18.1 Can special reports be generated regarding backups, time of backups, restores performed, etc.? 18.2 I would like to generate reports for both summary and detail for backups. Does SEP sesam provide this extra granularity I require? 18.3 How can I send a SEP sesam Daily Protocol to an email account? 19 Licensing problems 19.1 W008-License Licensed TCPIP adress does not match the local adress 127.0.0.2

General Questions

How do I obtain the Community Version?

The SEP Community Version is available to the general private user community. Please note that the software, manuals, licensing and terms from SEP AG and SEP Software Inc remain unchanged.

During the installation of a SEP sesam demo version (can be found at SEP's download page) a Community License file is created automatically. This file has to be used in perpetuity and copied to the license file location after the 30-day trial period is over.

The file sm_lic.ini.com can be found at <SESAM_ROOT>/skel.
Copy the file to <SESAM_ROOT>/var/ini and rename it to sm_lic.ini.

You can check the license status under "Help -> License Info" in the GUI.

The SEP Community Version is available for Windows and Linux. You do not get technical support and it cannot be upgraded. However, the SEP Forum and the SEP Wiki are always available if you need help.

How are the hardware and software requirements to operate a SEP sesam Server?

• Hardware
  • >= 2 GB RAM, Single CPU 1GHz or more
  • 300 GB disk space for the metadata of SEP sesam (Sesam-DB, log files and so on). The needed disk space depends strongly on the planned backup and media strategy. The called value allows a hassle-free operation of the backup server for the next 3 years.
  • The metadata on a SEP sesam Server on Linux should be stored on a separate partition. As file system you can use all conventional Linux files systems from Ext3 on.

• Software
  • Java >= 1.6, to avoid display problems we recommend the use of Oracle/Sun Java
  • On 64-bit Linux the Linux distribution depending PostgreSQL-Server is needed

Why does SEP sesam Server use so much disk space on the local hard disk?

One of the essential advantages of SEP sesam is that not all information is filed in a database, but in simple text files.
Usually the really big files are the *.lis files. These contain information about the unique files of a backup and are used by the restore wizard for selecting and restoring unique files.

Those files are stored in the following directories:

Linux/UNIX: /<SESAM_ROOT>/var/lis Windows: C:\<SESAM_ROOT>\var\lis

These files can be compressed by SEP sesam automatically.

Documentation

Compressing SEP sesam Listing files

Before executing this command the SEP sesam profile has to be set.

Linux/UNIX: source /var/opt/sesam/var/sesam2000.profile Windows: C:\<SESAM_ROOT>\var\ini\sm_prof.bat

To execute the process of compressing immediately, the command "sm_newday" can be used.

The compression then will be done directly with the "newday" schedule.

The reason why the *.lis files are not compressed directly after they are created but, as predefined in the command, three days later, is that in our experience most restores are triggered within three days after a backup.

What happens

All *.lis files are converted into a compressed file format and will be uncompressed by SEP sesam automatically if required.

How do I install a Remote Device Server?

Detailed description under: How to create a Remote Device Server (RDS).

1. • Linux/UNIX: Select and install the SEP sesam Remote Device Server (e.g. sesam_rts-4.0.2-13.rhel5.i386.rpm for RedHat) package from the SEP download center on a selected computer.
   • Windows: Select the SEP sesam Server (e.g. sesam-srv-4.0.2.13-windows.exe) package from the SEP download center on a selected computer. Start the installation and choose "SEP sesam Remote Tape" as package.
2. This computer should be added as a normal SEP sesam Client (Components->Topology). Consider that the DNS between the SEP sesam Server and SEP sesam Remote Device Server is properly handled.
3. Create a new drive group (Components->Disk Drives) and select the drive from the remote computer as a new drive.
4. On the Remote Device Server it should be possible to see the name of the new device using the command: <SESAM_ROOT>/bin/sesam/slu scan (e.g. Tape0 or /dev/nst0). If you've selected a disk drive you only need to enter the drive type DISK_HARD.
5. Create a new Media Pool and assign it to the new Drive Group.
6. Register new media to the Media Pool.

How do I obtain the free Zarafa Extension

Free Backup for Zarafa environments

SEP sesam provides a complete Backup-, Restore- and Recovery solution for all types of IT environments from simple single server, single operating system solutions to multi-O/S, complex heterogeneous environments that are running various types of hardware and software applications.

Besides the usual server Operating Systems like Novell Netware, Linux, Windows, Unix and Solaris, SEP sesam offers extensions to execute hot backups of common groupware and database applications.

A complete overview of supported software is available in the SEP sesam OS and database support matrix

Zarafa users can get a complete SEP sesam environment to backup their Zarafa installation for free. The following modules are provided in the free download:

• One "SEP sesam ONE Server" for scheduling and managing all backup and restore tasks. SEP sesam ONE supports backups to tape as well as backups to disk. A 500 GB Virtual Tape Library is integrated in the base product.

• The SEP sesam Zarafa Online Module for up to 10 Users. The module offers the online backup and restore of the complete Zarafa Server environment. Restore and recovery of single mailboxes or even E-Mails are possible for up to 10 users.

• The SEP sesam MySQL Online Module. It provides hot backups and restores of the Zarafa Database.

• The SEP sesam Graphical User Interface (GUI) including our powerful 'Restore Wizard'.

The free licenses for backing up the Zarafa Server do not expire. However, the license is limited to this dedicated environment. Please note that no upgrade service or technical support is included.

It is possible to upgrade the free version with the following enhancements:

• high-capacity SEP sesam Servers License (Standard Server with 5-Streams and 1TB or Advanced Server with 64 data streams and 1TB)
• additional SEP sesam Clients to backup other servers than the Zarafa Server
• further online database extensions
• Autoloader support
• Disaster Recovery modules
• SAN backup capability
• Citrix Xen or VMware ESX disaster recovery
• Expanded storage capability
• or additional Zarafa users

are available at the SEP Homepage.

<b>To apply for a free Zarafa Backup please send the following information to sales@sep.de</b> * Name of your company * Complete address * Contact person incl. phone and email * Which additional servers do you use in your IT environment? * Which backup software do you use beside SEP sesam? <b>Additionally, please provide the Zarafa related information:</b> * Installation of SEP sesam Server - Is it on a Zarafa Server or a dedicated SEP sesam Server? * IP address of the SEP sesam Server * Hostname of the SEP sesam Server * Operating System of the SEP sesam Server * Number of Zarafa Users

All SEP sesam Software is available at the SEP Download Center

SEP sesam Server for Linux http://download.sep.de/linux/

SEP sesam Server for Windows http://download.sep.de/windows/

Zarafa Module http://download.sep.de/extensions/groupware/zarafa/

MySQL Module http://download.sep.de/extensions/databases/mysql/

An introduction to setup a backup of the Zarafa Server with SEP sesam is available on the SEP Wiki: SEP sesam Extension for Zarafa

Where can I get the latest 64-bit version of Sun's JRE

Under the following link there is a list of different versions for the designated operating system and architecture (64 and 32 bit) of Sun's Java Runtime Environment. After accepting the license agreement the appropriate package can be downloaded.

http://www.oracle.com/technetwork/java/javase/downloads/jre-6u26-download-400751.html

What is SEP sesam 'Newday'?

SEP sesam NEWDAY gives System Managers the flexibility to extend backup routines to run after midnight and retain the backup date of the prior day. This is very useful when the computers requiring backup exceed the time allotment between the End of Day and midnight. SEP sesam defines the period between two NEWDAY events as one backup day. This event is predetermined at the installation and may need to be adjusted for specific requirements.

When a daily NEWDAY event is set to 08:00 the backup day lasts until the morning of the next day 08:00 (8 a.m.). Backups that run after midnight - the real new day - will be administered (recorded) as a backup of the prior day.

Example: The SysAdmin begins a backup at 19:00 (7 p.m.) and the projected finish time is 02:00 (2 a.m.) By selecting a NEWDAY event at 08:00 (8 a.m.) the job has time to complete and all data is stored in the backup file of the day the job was started.
Weekends are often used for full-backups. If this is the case it is advisable to interrupt the Newday event on the weekend. Define the execution as a weekly event but without execution since a Full Backup is performed instead.

A NEWDAY event carries out the following tasks additionally:

• finishing all running backups
• restarting the SMS- and STPD-processes
• erasing files and database entries backup files that don't exist any longer
• calculating future tasks in the calendar

You can configure the NEWDAY to a time other than 8 a.m. but you should not deactivate the NEWDAY event because the internal administration jobs in the system and database can't work without it. This could provoke malfunctions in the SEP sesam system in the medium term.

How do I order a new license or activate a new license?

If you need a new license please contact sales@sep.de and provide the following information:

• Hostname of the SEP sesam Server
• IP Address of the SEP sesam Server

To determine which specific names SEP sesam uses (e.g. if more than one network card is installed on the server) you can use the information that's given in the SEP sesam GUI under "Help -> License info". Our compliance/sales team will send you a new license via e-mail.

If the SEP sesam Server is currently running in trial mode, you can examine the number of clients and modules needed by your configuration under "Help -> License info".

Follow these steps to activate your license:

1. Unzip the License file
2. Copy it to the directory: <SESAM_ROOT>/var/ini
3. Switch to the directory <SESAM_ROOT>/bin/sesam
4. You can verify the license information with the following commands:

• Windows

sm_info c

• Linux

./sm_info c

If the program displays errors in the hostname or IP address please contact our licensing department immediately at support@sep.de. If all the information is correct please send the license file back to support@sep.de with a copy of the output file returned after running the above commands.

Is there an overview of SEP sesam services?

There are different services depending on whether you dealing with a SEP sesam Server, a SEP sesam Client or a SEP sesam Tapeserver.

The services can be found in the SEP sesam 'Install Directory' <SESAM_ROOT>/bin/sesam

• For Linux/UNIX use the following command:

./sm_main status

• For Windows use the following command:

sm_main status

to check the status of the services.

• Services of the SEP sesam Server

main SEP sesam main processes sepuler SEP Event calendar to control all tasks db Databank services of SEP sesam qm The Queue Manager administers backups, restores and devices rmi Server part of graphical user interface sms Read/Write of SEP sesam Media stpd Linking protocol from SEP sesam Client to the SEP sesam Server passd Security administration for SEP sesam ctrl Linking protocol from SEP sesam Server to the SEP sesam Client

• Services of a SEP sesam Client

main SEP sesam main processes ctrl Linking protocol from SEP sesam Server to the SEP sesam Client

• Services of a SEP sesam (Remote) Device Server

main SEP sesam main processes ctrl Linking protocol from SEP sesam Server to the SEP sesam Client sms Read/Write of SEP sesam Media stpd Linking protocol from SEP sesam Client to the SEP sesam Server passd Security administration for SEP sesam

Which Java version is required by SEP sesam

SEP sesam needs Java version 1.6 or higher. Either Oracle/Sun Java, as well as IBM Java or open JDK can be used.

The Java version currently in use can be checked with the following command:

java -version

Example:

#>java -version java version "1.6.0_26" Java(TM) SE Runtime Environment (build 1.6.0_26-b03) Java HotSpot(TM) Client VM (build 20.1-b02, mixed mode, sharing)

Linux - RPM

IMPORTANT: If the SEP sesam Server is installed as an RPM package in Linux, Java has to be installed as an RPM package as well.

NOTICE: For the installation of the SEP sesam Server on an OES2 system, please note that the Java version 1.5 that is running there has to remain the default, so the Novell specific functions can be operated. If another Java version (e.g. 1.6) is installed in the system via RPM the default Java version is kept, i.e. the reinstallation doesn't overwrite it. This means that the installation of Java and the following installation of the SEP sesam Server can be done as described below.

The approach here is shown with a 64 bit Sun Java:

• After the download the package has to be given execution rights:

#> chmod +x jre-6u25-linux-x64-rpm.bin

• Installation of the JRE Binary package:

># ./jre-6u25-linux-x64-rpm.bin Unpacking... Checksumming... Extracting... UnZipSFX 5.50 of 17 February 2002, by Info-ZIP (Zip-Bugs@lists.wku.edu). inflating: jre-6u25-linux-amd64.rpm Preparing... ########################################### [100%] 1:jre ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Done.

• Afterwards you can check is the Sun Java version was properly registered in the package database:

># rpm -qa | grep jre jre-1.6.0_25-fcs

• Next, the installation of the SEP sesam Server is done via an RPM package, The SEP sesam installer finds the Java information in the package manager and automatically sets a link to this Java in the directory /opt/sesam/bin/sesam. In case of a Tarball installation of the SEP sesam Server and the Java, the link has to be set manually.

Linux - Tarball

IMPORTANT: If the Java is installed as Tarball, the SEP sesam Server also has to be installed as Tarball. Installing a SEP sesam Server package with --nodeps is not supported by SEP AG.

The approach for a Java Tarball installation:

• Download e.g. the SUN Java 32-version jre-6u25-linux-i586.bin that's compatible to the operating system to /opt/java
• Go to the directory /opt/java
• After the download the package has to be given execution rights:

#> chmod +x jre-6u25-linux-i586.bin

• Extract the Tar-archive by executing the binary:

#> ./jre-6u25-linux-i586.bin

• Java is now unpacked into a subfolder jre1.6.0_25 and is now ready to use. The function of Java can be tested as follows:

#> /opt/java/jre1.6.0_25/bin/java -version java version "1.6.0_25" Java(TM) SE Runtime Environment (build 1.6.0_25-b04) Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03, mixed mode)

• Create the directory structure /opt/sesam/bin/sesam, in order to the Java link to the installation of the SEP sesam Server:

#> ln -s /opt/java/jre1.6.0_25/bin/java /opt/sesam/bin/sesam/java

• Now the installation of SEP sesam Server via Tarball can be done

Windows

You can also operate several Java versions in Windows. Here the SEP sesam Server can also be working with a different Java version than the default Java version of the operating system. In the file <SESAM_ROOT>\var\ini\sm.ini in the section [JAVA] the path of the desired Java version has to be entered:

[JAVA] java_interpreter="C:\Program Files\Java\jre6\bin\java" java_home="C:\Program Files\Java\jre6" java_exit_on_fail=no

With this, SEP sesam Server gets its own Java environment on startup.

What do the flags mean in the column 'type' in Backups by State?

• The first letter shows the type of backup

F/D/I/C: Level of backup (Full, Diff, Incr, Copy) M: Media event N: SEP sesam newday S: SEP sesam Startup X: SEP sesam command event

• The second letter is used when a database backup is performed. For regular path backups it does not have any significance.

H: Hot, this signifies an online backup of database C: Cold, this signifies an offline backup of database

How do I schedule a backup task?

To allow access from a client to the SEP sesam Server you must insert a command from the administration console. The entry depends on the type of client platform.

Windows Client

Use the following to set the access rights: HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\CommandEvents\{user}\{command} for the user and the command.

Call the Regedit editor and create a new key under HKEY_LOCAL_MACHINE\SOFTWARE\SEP Elektronik GmbH\sesam\ (right click, select "new Key") - if they don't exist already - CommandEvents, enter the user and then the command with full path information as the key. If other commands are present the last command is completed. It is possible to enter an asterisk (*) which allows all commands to be executed.

Linux/UNIX Client

Copy the file sesam_cmdusers.allow from the directory <SESAM_ROOT>/skel to /etc on the client and adjust the file. This means you can enter a line for the user and command in the format {User} {command}. The wild card (*) means all commands are executed.

Note: No explicit permissions are required for the execution of SEP sesam commands like sm_loader. [edit]

Why does the SEP sesam GUI create so many Java processes under Linux?

On some Linux Systems the threads created by the SEP sesam GUI are shown in the process table. These are not real processes but only threads. There are a large number of processes since Java creates threads for all objects with 'Listener' functionality.

A support staff member told me to set a profile, what does it mean?

By setting the profile, the directories (and their subdirectories) <SESAM_ROOT>/bin, and <SESAM_ROOT>/var/db/ are added to the environment variable "$PATH" so SEP sesam commands can be executed globally, and you don't need to be in the actual "run directory".

The profile is set in the following manner:

In Linux/UNIX

Go to the directory <SESAM_VAR>/var/ini and call

. sesam2000.profile

Important! Do not forget the dot and the space ( )!

Or simply use

source sesam2000.profile

In Windows

Open a Command Window

Go to the directory <SESAM_ROOT>\var\ini and call

sm_prof.bat

Or use the Link

<code><SESAM_ROOT>\var\ini\sm_prof.bat.lnk</code>

Note:

The profile is hereby just set for the current session. To set it permanent under Linux please look here.

What is necessary to change the IP-address and the servername of the SEP sesam Server?

First your license must be amended to match the new server name and/or IP-address. Please send the original license, the new server name and IP-address to info@sep.de. Until you receive the license please change the following items in the database. Set the SEP sesam profile and execute the following commands:

sm_db "select * from servers"

In this table the name and ip_address must be changed.

sm_db "update servers set name='newname',ip_address='new IP' where name='old name'"

sm_db "update clients set name='new name' where name='old name'"

When you receive the new license information you can change the SEP sesam Server name using sm_setup. First set the SEP sesam profile and enter the following command:

sm_setup change_servername mynewserver

Ports used by SEP sesam

When using the standard configuration for SEP sesam the following ports must be opened to allow backups:

program used ports control ports stpd 11001, 11002 (listen Port) --> 11003-11006 (enter in SEP sesam GUI for 2 parallel streams) ctrl 11301 (listen Port) --> 11302-11305 (enter in SEP sesam GUI)

A Support Engineer told me to set a higher loglevel. How do I do this?

In some cases the backup must be performed with a higher loglevel in order to supply our developers with more detailed information.

There are two ways to set the loglevel: the backup loglevel and the restore loglevel.

Backup Loglevel

The backup loglevel can be set in the additional call arguments.

Double-click the backup task. Go to the register "Options 1".

The following loglevels exist:

0=ERROR 1=EMERGENCY 2=WARNING 3=NOTICE 4=INFO 5=DEBUG 6=TRACE

Set the loglevel like shown in this screenshot:

Restore Loglevel

The loglevel for restore is set in the expert options of the last page of the restore wizard, like shown in this screenshot:

Network

How can I check the reachability of a client from SEP sesam Server?

Even if you can reach a client from the backup server with nslookup and ping over DNS names it is still possible that the SEP sesam Server cannot connect to the client. In this case you can check the reachability of a client from the SEP sesam Server view. You have to enter the following command:

For Linux/UNIX client:

sm_ctrlc -l root {nameofclient} sbc

For Windows client:

sm_ctrlc -l system {nameofclient} sbc

The output should be as follows (example with Linux client) (standard output of the sbc command):

smsrv:~ # sm_ctrlc -l root dbsrv.local sbc 2007-10-26 13:29:11: sbc-3036: Info: # @(#)SESAM BACKUP CLIENT FOR UNIX FILE SYSTEMS, VERSION: 1.8R2 Build: 1.165 20070829 18:45:14 Linux i586 postfix # 2007-10-26 13:29:11: sbc-3000: Info: usage: sbc -b|r|g|p|k|h [-C <control_host>] [-d <device>] [-f <list_source>] [-F <data_format>] [-i <saveset_info>] [-j <job_name>] [-l <level>] [-L <control_target>] [-n <segment_number>] [-o {options}] [-O <STOR/RETR_direct>] [-R <restore_target>] [-s <saveset_spec>][-S <storage_node>] [-t <tape_spec>] [-T <since_time>][-x <exclude_patterns>] [-X <exclude list>] [-v <level>] # Backup # [<backup_source1>[ <backup_source2> <backup_sourceN>]] | # Restore # [<restore_source1>[ <restore_source2> <restore_sourceN>]] | # Get # [<remote_file> [<local_file>]] | # Put # [<local_file> [<remote_file>]] {options}: comma separated list of compress, encrypt[_plain]={passwd} only for backup: verify # verify data after backup plain # do not decend into subdirectories hard=defer # defer hardlinks hard=sort # expect i-node sorted input plain # decend into subdirectories only for restore: rename, overwrite # rename/overwrite if file exists plain, tree # restore plain/tree in target dir next # start from subsequent tape 2007-10-26 13:29:11: sbc-3001: Info: Exiting.

When a network problem occurs the output could look like:

2007-10-26 13:25:59: scc-1128: Error: Network communication problem: STDLIB error: 110 - Connection timed out. connect() call failed for host: [dbsrv.sep.de].

...or a connection from SEP sesam Server to the SEP sesam Client is forbidden:

2007-10-26 13:28:29: scc-1128: Error: Network communication problem: CTRLD reply: 2007-10-26 13:37:55: scd-1136: Error: Host [smsrv.local] is not allowed to connect or security problem for user: [root].

Used ports for backing up a client behind a firewall (DMZ)

In order to be able to back up a client behind a firewall several ports need to be unlocked. First, a port range has to be adjusted. This can be done in the SEP sesam GUI via the options of the according clients via the STPD options:

It is necessary to check if "Timeouts" are considered in the firewall options if no traffic is running on a port. This specifically affects port 11001 because it only transfers data at the beginning and end of a backup.

Transferring of the OOB-signal has to be activated for all ports.

If you want to make a data mover communicate with an OES-NetWare (6.5/6.0) Server that's inside a DMZ only the following port has to be unlocked for the TSA: 40193

The following image shows the connection as well as the port range:

This means that the SEP sesam Client has to allow always port 11301 and all ports from the range defined above for incoming connections by the SEP sesam Server.

How do I use the Nagios monitoring tool to query the SEP sesam database for monitoring system information?

Using the Nagios plugin from Netway to query and monitor the SEP sesam Database

Attention - Disclaimer

Open Source monitoring tools like Nagios are not part of, nor are they supported by, SEP AG and/or its partners and subsidiaries. Neither are other programs or scripts which query data from the SEP sesam DB or any other SEP sesam module that are not specifically distributed by SEP AG. SEP cannot nor will make any guarantees or warranties as to the usability or functionality of such scripts. Therefore, for obvious reasons, SEP can not offer support for any of these customer and client designed and implemented tools or programs. Consequently there is no support for the client specific programs.

• Netways' Nagios Plugin for SEP sesam

NETWAYS GmbH has developed an Open Source database query routine for SEP sesam - the Nagios plugin. This is, in accordance with the OSF foundation rules a free software package, and comes with the standard disclaimers regarding warranty, usability and functionality. In other words, use it for free at your own risk.

Note:

Since many names of parameters in the SEP sesam database have changed in Version 4.0 you have to choose the adequate Version of the plugin.

Download: http://download.sep.de/utils/nagios/

• Demo scripts from projects

Various scripts have been written for specific projects to allow customers to query (retrieve information from) the SEP sesam DB. These scripts are very specific to the client environments and are in no way warranted to work in other environments. Sample scripts to query the SEP sesam DB have been written illustrating the use of the Nagios methodology are for demonstration purposes only. They can be found at the third party site:

http://download.sep.de/utils/nagios/SesamToNagios_DemoScripts.tgz

How to backup from and write to UNC paths, or a CIFS share of a NetApp?

• This example assumes that the SEP sesam Server or the SEP sesam Client is a Windows system.
• All rights of the backed up files and ACLs are not considered.

In Windows services - and therefore the SEP sesam processes - usually run under the special SYSTEM account. This account has all local access rights but for security reasons none for non-local or network drives.
For access to network drives the following configurations have to be modified:

• Let the SEP sesam service, for the SEP sesam Client where the backup task should be assigned to, run under an administrator account (services.msc -> 'SEP sesam Server' -> Logon as "Administrative" Account), which has all reading and writing privileges for the network drive.
• Share the network drive in such a way that no login for reading and writing is required. You can test this by opening the shared path on the SEP sesam Server in the Windows explorer. If the content of the share is displayed without a request for user and password, this UNC path can be used as a source for the backup task.

Due to increased security since Windows 2000/2003 and XP it is not possible to assign dedicated drive letters, e.g. e:\. Instead the path must be entered using UNC Notation. The backup is carried out over the associated network devices but only after entering the UNC Names e.g. //fileserver/install/Driver.

• Example of a backup task configured in SEP sesam GUI:

Prerequisite: From SEP sesam Client the network share has to be accessible without retrieval of username and password. If this is not the case, the share on the providing computer has to be modified.

Attention

The VSS Option has to be disabled when backing up UNC paths. Only one path for each task is possible.

• Exclude of a file or directory

To exclude a file or a directory the following has to be entered (with regular expressions):

The source being backed up in this example is:

\\hostname\files

Path that should be excluded:

UNC\\hostname\\files\\path-to-be-excluded

File that should be excluded:

UNC\\hostname\\files\\filedirectory\\file-to-be-excluded.exe

• Testing the backup on the command line:

As mentioned in the section above the SEP sesam service has to be running on an administrator account. Then, you can enter the following command for a backup in the command line:

C:\Programme\SEPsesam\bin\gui>sm_ctrlc -l system rmpc1(Hostname of the system) sbc -b -s @test.save -v 2 \\fileserver\pub\customers

For a restore command use:

C:\Programme\SEPsesam\bin\gui>sm_ctrlc -l system rmpc1(Hostname of the system) sbc -r -s @test.save -v 2 -R \\fileserver\pub\customers_restore

This saves the files in \pub\customers into the file (saveset) test.save, i.e. restores them from the saveset test.save into the folder \pub\customers_restore.

LINUX

Installing the SEP sesam GUI under Linux

To install a SEP sesam GUI, the GUI software package must be loaded on the target computer. The actual software for the different Linux distributions can be downloaded from download.sep.de, like e. g. sesam_gui-3.4.1-31.SuSE.i586.rpm.

Install this package after the download. For example:

rpm -Urh sesam_gui-3.4.1-31.SuSE.i586.rpm

Afterwards please check if the SEP sesam Server is available by using the following command:

nslookup "name of your SEP sesam Server"

Now make a shortcut with the following path:

/opt/sesam/bin/gui/sesam_gui -S "name of your SEP sesam Server"

done

How can you allow the SEP sesam Profile to run automatically during Login?

You need to create a link in the directory /etc/profile.d/.

ln -s /var/opt/sesam/var/ini/sesam2000.profile /etc/profile.d/sesam.sh

Using a backup source and exclude from a file with Linux

If many directories or files have to be included in or excluded from a backup task it may be possible that the limit of counts or characters of the field (max. 255 character) will be exceeded. To solve such problem you can use files to define a backup source or an exclude list. This file has to be created on the backup client the backup is to be executed on.

Include:
Create a separate line for each directory or file item in a file (e.g. /etc/sesam/backupfiles.txt):

/lib /usr/share /usr/bin/a2ps /srv/Dos6.22.img /var/opt/sesam/var/ini

Attention

Wildcards are not allowed in the file or directory entries.

At least one item has to be entered in the field Source, e.g. you can enter the include-file itself. Then this file is also included in the backup set (e.g. /etc/sesam/backupfiles.txt). In addition to that you have to set up the following entry in the field Save options of the register Options 1 in the backup task definition:

-f /etc/sesam/backupfiles.txt

Beside the value of the source field all values that are containd in the file are backed up.

Exclude:
The behaviour of the exclude is quite similar. This file is called e.g. /etc/sesam/excludefiles.txt. Each file or directory you want to be excluded from the backup has to be entered in a separate line in the file, e.g.:

\./tmp$ \./home/John Doe/videos.zip$ \./home/John Doe/Business Documents/Closing for the business year 2006$

Achtung

Please keep in mind that the exclude entries have to be set up with a regular expressions syntax.

For instance, all is entered in the source of the task definition. This means that the complete system is backed up excluding the items in the exclude file. In contrary to the include the field Exclude List is left empty. Then set up the following entry in the field Save options of the register Options 1 in the backup task definition:

-X /etc/sesam/excludefiles.txt

SEP sesam will exclude all files and directories from the backup which are included in the file.

Installing the SEP sesam GUI in Linux

In order to install a SEP sesam GUI on a Linux system you need to have the current installation package. You can get the installation packages for the various distributions at download.sep.de, e.g. sesam_gui-3.4.1-31.SuSE.i586.rpm. Install this package after the download as shown in this example:

rpm -Urh sesam_gui-3.4.1-31.SuSE.i586.rpm

Afterwards, please check if the SEP sesam Server can be reached by using:

nslookup "Name of the SEP sesam Server"

Lastly, create a shortcut with this path:

/opt/sesam/bin/gui/sesam_gui -S "Name of the SEP sesam Server"

and you're done.

Problems that may occur after installing the SEP sesam RPM-package

The following message appears when starting the SEP sesam GUI:

The connection to the server sesamserver was denied. The last message was:

java.rmi.RemoteException: Connection refused to host: [SEP sesam-Server]; nested exeption is: java.net.Connect.Exception: Connection refused

Please check if the SEP sesam RMI server component is active and if the used port matches.

The program is terminated.

If you get this error message, first check the java version with the following command:

/opt/sesam/bin/sesam/java -version

If this java version is wrong it has to be updated.

Windows

A client backup fails with a WIN32 API error: 1450 - Not enough system ressources to execute the requested service.

The backup of a client ends with the following error message in the backup log:

sbc-1148: Error: W2KSS Error: [WIN32 API error: 1450 - Not enough system ressources to execute the requested service. Cannot store registry key: [SOFTWARE]. RegSaveKey() call failed in BackupRegistry().].

The reason for this is the small size of the registry/paged memory area. This problem not only affects SEP sesam but also other backup tools like for example NTBackup. The following Technet article explains approaches for different Windows versions:

<a href="http://support.microsoft.com/kb/304101/en-us" class="external free" title="http://support.microsoft.com/kb/304101/en-us" target="_blank">http://support.microsoft.com/kb/304101/en-us</a>

When I try to connect to a client I get the error: 'Network communication problem: SOCKET error: 10038 - The descriptor is not a socket'. What is going on?

The Layered Service Provider (LSP) Chain is defective/damaged. The cause can be an Antivirus program or a Virus; another possibility is that DLLs were switched during the installation or deinstallation. This results in the subprocesses not being able to inherit open your Socket Handles

In this example event the SEP sesam CTRL connection takes the SM_CTRLD_MAIN daemon call from SM_CTRLC, it opens the necessary Sockets and passes them on to the newly created subprocesss SM_CTRLD. Due to the defective LSP the Sockets can not use this information and returns during an operation, e.g. setsockopt() the following error:

10038 - The descriptor is not a socket.

The easiest way to check this is to use the following free tools on the client computer:

* lspfix.exe - identifies blocked DLL's, e.g. bmnet.dll and removes them * listdlls.exe - checks the chain of DLL's - (alternatively use sm_list -f {PID of SM_CTRLD_MAIN})

Typical Action:

1. Check if the Layered Service Provider (LSP) links with lspfix 2. Check the sm_ctrld[_main].exe indirectly used DLL's with listdlls 3. Remove the conflicting DLL with lspfix.

An example of a correct listdlls for an environment:

#> listdlls.exe sm_ctrld D:\kit\su\src\gui>listdlls sm_ctrld . ListDLLs v2.25 - DLL lister for Win9x/NT Copyright (C) 1997-2004 Mark Russinovich Sysinternals ------------------------------------------------------------------------------ sm_ctrld_main.exe pid: 4872 Command line: D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe -D . Base Size Version Path 0x00400000 0x23000 D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe 0x7c910000 0xb7000 5.01.2600.2180 D:\WINDOWS\system32\ntdll.dll 0x7c800000 0x106000 5.01.2600.2945 D:\WINDOWS\system32\kernel32.dll 0x71a10000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\WS2_32.dll 0x77be0000 0x58000 7.00.2600.2180 D:\WINDOWS\system32\msvcrt.dll 0x71a00000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\WS2HELP.dll 0x77da0000 0xaa000 5.01.2600.2180 D:\WINDOWS\system32\ADVAPI32.dll 0x77e50000 0x91000 5.01.2600.2180 D:\WINDOWS\system32\RPCRT4.dll 0x719b0000 0x40000 5.01.2600.2180 D:\WINDOWS\system32\mswsock.dll 0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll 0x77ef0000 0x47000 5.01.2600.3099 D:\WINDOWS\system32\GDI32.dll 0x7e360000 0x90000 5.01.2600.3099 D:\WINDOWS\system32\USER32.dll 0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll

After removing the defective DLL the socket can be inherited by the subprocess SM_CTRLD. [edit]

Using an Exclude-File in Windows

This section explains how to create and use an exclude list.

If you want to exclude many directories from a backup source you can create a .txt-file on the computer that you want to backup. This file should contain all directories you want to exclude from the backup.

E.g.:

Create the file exclude.txt on the client in the directory C:\Programme\SEPsesam\var\ini.

Possible content of exclude.txt:

D:/DOWNLOAD D:/PREKITS D:/Dev D:/kit_2_3_1_7 D:/kit_2_3_1_5 D:/knoppix D:/ACHIM D:/gui

The backup task source is set to D: In the backup task window you can see the field Save options. Here, enter:

-X C:\Programme\SEPsesam\var\ini\exclude.txt

IMPORTANT:

• Do not use "\"(Backslash) in the exclude-file, only "/"(Slash)!
• Every directory and every file has to be entered in a new line. This also goes for paths that include spaces.Leerzeichen.

In SEP sesam version 4.3.1-69 a double backslash has to be used (\\) instead of a single slash (/)! (known bug)

In this example the whole drive D: is backed up except the directories that are declared in the exclude.txt.

How can you set the SBC, so that the Exclude List always uses the file pattern (?,*) instead of using the regular expressions?

In the configuration file <SESAM_VAR>/var/ini/sm.ini on the sesam client the entry

[SBC_OPTIONS] EXCLUDE_MATCH=REGEXP

must be changed to

EXCLUDE_MATCH=PATTERN

How are Archive Bits processed?

Since SEPsesam version 3.4.1.67 Archive bit are not used for incremental and differential backups on Windows. This can be switched, if necessary.

The use of archive bit may be set with

sql "update defaults set value='yes' where key='with_archive_bit'"

After setting the value to 'yes' the Windows Archive Bits of the files are treated in the following way according to the backup type COPY/FULL/DIFF/INCR:

COPY

Saves all files without regard to the archive bit, Archive Bit is not reset.

FULL

Saves all files without regard to the archive bit, resets Archive Bit.

DIFF

Only files with archive bit are saved, Archive Bit is not reset.

INCR

Only files with archive bit are saved, resets Archive Bit.

Therefore, when selecting a backup strategy the following issues must be considered:

1. A backup sequence FULL-DIFF-INCR-DIFF-... is not logical. Following an INCR backup with a DIFF will not save files saved by the INCR backup because the archive bit is reset!
2. If the Archive Bit of files are reset manually or by other programs a following DIFF or INCR backup may not save this file!
3. If Archive Bits are not changeable, e.g. cannot be reset due to the fact they are in 'ReadOnly' directories warnings will be returned during FULL and INCR backups.

As a consequence of these issues we recommend to save on time based creation/modification. See below.

How do I get backups to ignore Archive Bits and use creation/modification time?

Attention: Since SEPsesam version 3.4.1.67 Archive bit are not used for incremental and differential backups on Windows!

To set the use of creation/modification time execute the following steps:

Got to the directory <SESAM_ROOT>/bin/sesam and call:

sm_db "INSERT INTO defaults (key,user_name,value) VALUES ('with_archive_bit','sesam','no');"

After this FULL, DIFF and INCR backups ignore Archiv Bits. DIFF and INCR backups use the start time of the last referenced backup in case of DIFF a preceding FULL - in case of INCR any preceding backup.

Optional resetting of Archiv Bits of backed up files is executed with the option

-o clear_archive

when it is inserted in the properties of the backup task in tab 'Options 1' in field 'Save options'.

Why does the backup of encrypted data fail on Windows 2000 with the message "The network path was not found"?

Microsoft has released a Hotfix for older Windows 2000 Versions for the backup of encrypted data (Encrypting File System - EFS). Dated March 24, 2004. Please see:

http://support.microsoft.com/?scid=kb%3Ben-us%3B843198&x=10&y=8

Beginning with this Hotfix Unicode Patch Convention with Prefix \\?\ is supported.

How can I restore active directory subtrees in a clustered environment?

1. Boot into Directory Services Restore Mode. This ensures that the directory is offline. During the normal boot menu while restarting the computer, notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do this and then select "Directory Services Restore Mode" from the "Safe Mode and Other Startup Options" list.

2. Restore the "System_State" Backup using the SEP sesam GUI.

3. To authoritatively restore active directory data, you need to run the Ntdsutil utility - Example with Subtree organizational unit Marketing in the domain Anitpodes.com:

#> ntdsutil ntdsutil: authoritative restore authoritative restore: restore subtree OU=Marketing,DC=Antipodes,DC=COM

Refers to Microsoft Publication Windows 2000 Server Disaster Recovery Guidelines - Active Directory and Disaster Recovery: Active Directory Users and Groups section "Performing an Authoritative Restore"

Warning during System_State backup "The system cannot find path. RegLoadKey()..."

You can see the following output in NOT-Log:

C:\Program Files\SEPsesam\var\tmp\usr_wf_S-1-5-21-220523388-1123561945-839522115-1003]. 2010-04-13 02:04:20: sbc-2074: Warning: W2KSS Warning: [WIN32 API error: 3 - The system cannot find path. RegLoadKey() call failed for file: [C:\Documents and Settings\nn\ntuser.dat] in BackupUserProfiles().].

This is an inconsistency of the system configuration of the operating system. The reason is that a user profile has been deleted but the user account still exists. The System_State backup is looking for the corresponding files of the user in the file system, but these files don't exist anymore. To resolve the problem, delete the appropriate user or restore the profile date in the file system.

Please check the following Hive in your registry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

whether it still includes references to usernames which no longer exist.

No Powershell script becomes executed on a destination machine

By default Microsoft installs Windows Powershell with permission Restricted. This setting just allows to execute commands in Powershell, but no scripts.
This can be changed with following command in Powershell:
Set-ExecutionPolicy RemoteSigned

Click here for more information:
http://technet.microsoft.com/en-us/library/ee176961.aspx

Can I backup MS SQL / MS Exchange with the Volume Shadow Copy (VSS) functionality of Windows?

Yes, it's possible to use the VSS functionality to backup MS SQL or MS Exchange environments. But it's only recommended for small installations.

For the consistent backup of a running MS Exchange or MS SQL environment exist two strategies. The usage of the SEP sesam Online Extensions for MS Exchange or MS SQL. Or the file system backup with the activation of the VSS Writer for MS Exchange or MS SQL (Volume Shadow Copy functionality of Windows).

SEP sesam Online Extensions

• Dedicated Backup of the Groupware Data / Database Data, independent from the files in the file system.
• Full, Differential and Incremental backups possible.
• Granular Backup of single Databases and Database instances possible.
• Backup of the transaction log – > other systems accessing the database are aware that a backup is performed
• Restore of the Database / Groupware Data only (without files from the filesystem)
• Granular restore of single instances and databases possible, in a restore scenario there is no need to restore the complete database – important for bigger databases / groupware systems
• Online Restore possible

Backup via the VSS Writer of Microsoft

• The Volume Shadow Copy Functionality of Microsoft Windows is included in the regular SEP sesam file backup agent for Windows. It supports also the VSS backup of MS Exchange and MS SQL.
• A VSS based backup of a Database / Groupware system is always a file system backup. If the file backup agent starts to backup a filesystem with a MS SQL / MS Exchange Database, the VSS functionality is used to inform the Database about the backup. The Database / Groupware System delivers the data in a consistent way.
• A VSS backup of a Database / Groupware System always consist of all the data. No incremental or differential backup possible. Also the backup of single databases or single instances is not possible.
• In case of a restore – a restore of the database only is not possible. The database / groupware system is part of the complete file system backup and the complete file system backup has to be restored to restore the database.
• Restore of single instances or single databases is not possible
• The transaction log file is not backed up – other application are not informed about the backup of the database.

Critical

In distributed environments the different components have to be informed if a backup of one of the systems is performed to enable a consistent restore. For example in a Sharepoint Server environment, the Database and the Mailserver run on different servers. A VSS Backup of a single server will result in an inconsistent restore. Here only the backup via the SEP sesam Online Extensions will guarantee consistent data.

Summary

The Backup of MS Exchange or MS SQL environments via VSS is a valid option to get a consistent backup of the running environment – as long as the volume of data is not to big. It is an alternative for small environments with only 1-5 users. In critical productive environments the usage of the SEP sesam online Extensions for MS Exchange / MS SQL is highly recommended.

Backup

The backup of a client did not function properly. How can I determine where the problem is?

The following test commands should help you to isolate the problem. From a backup server or a client you can make a test backup for the target client without writing data to a tape drive or disk drive. Run the following commands in the directory <SESAM_ROOT>/bin/sesam/.

Caution!

All of the following commands produce a high network load.

• Backup server: Unix, client: Windows

sm_ctrlc -l system {client name} sbc -b -s - f:/test >/dev/null

The data from Directory F:/ of the Windows computer is written over the network to the Unix computer to the directory: /dev/null.

To display this add -v 1 to the command above. Everything written to /dev/null is displayed that way.

sm_ctrlc -l system {client name} sbc -b -s - -v 1 f:/test >/dev/null

• Backup server: Unix, client: Unix

sm_ctrlc -l root {client name} sbc -b -s - /usr >/dev/null

or with the announcement of the read data:

sm_ctrlc -l root {client name} sbc -b -s - -v 1 /usr >/dev/null

• Backup server: Windows, client: Unix

sm_ctrlc -l root {client name} sbc -b -s - /usr > NUL

With logging of backup data:

sm_ctrlc -l root {client name} sbc -b -s - -v 1 /usr > NUL

If the test backup is only to be run on the target backup client the command

sbc -b -s - /usr >/dev/null

in <sesam>/bin/sesam/ Unix directory is executed.

And entered <SESAM_ROOT>\bin\sesam\ in Windows

sbc -b -s - f:/test > NUL

Enter -v 1 to show the backed up data on your monitor.

During backup I receive the message: "'Login incorrect. Password incorrect."' What's wrong?

Please check your name resolution (DNS or etc/hosts file). The SEP sesam Server and SEP sesam Client must be reachable with or without FQDN. SEP sesam Server and SEP sesam Client should be able to resolve each other correctly including the so-called reverse lookup. If the resolution is correct please do the following:

In the SEP sesam GUI go to Tasks > by Clients and go to the client and its incorrect backup job.

Open the properties of the backup here and move to the register "Options 1".

Insert -v 4 at backup options .

Start the backup again and go to Backup by State. There go to the properties of the backup an then to Protocol. Here, search for the line "'Login incorrect. Password incorrect."' and correct the respective name resolution here.

Where is the Encryption key stored?

The encryption key is stored encrypted in SEPsesam Database in the backup task entry - table tasks - and in the result entry - table results. If the encryption key is changed then the subsequent task will be executed with the new key and the new key is stored in table results.

A restore uses the stored encryption key from Table Results.

Compression settings

Compression for backups on virtual tape media

Note

The option "Compression" under the tab "Options 2" in the "Properties" of a backup task is only valid for Windows.

To activate compression globally for all backup tasks under Linux the sms.ini under /var/opt/sesam/var/ini/ have to be modified. Under the caption [SMS_Server] the option Compresslevel can be enabled with

Compresslevel=1

This entry is also valid in Windows.

Compression on Tape Drives

Compression is done by the drive itself here. You can use the SEP sesam tool "slu" to check whether compression is activated or deactivated.

• Step 1: Display a list of connected drives:

Linux:

cd <SESAM_INSTALL_DIR>/bin/sesam/ [root@sinus sesam]# ./slu scan ID=0000 Loader: HP ThinStor AutoLdr H43r (/dev/sg0) ID=<b>0020</b> Tape: TANDBERG LTO-3 HH D229 (/dev/nst0) ID=0050 Tape: HP Ultrium 1-SCSI E33P (/dev/nst1) STATUS=SUCCESS MSG="OK"

• Step 2: Check the settings concerning the tape drive:

[root@sinus sesam]# ./slu <b>0020</b> -s Tape Info Read Attribute not supported internal_status_byte=0x0 buffered_mode=1 block_length=0 (variable) media_type=unknown (0) write_protect=0 density_code=44 <b>compression=1</b> STATUS=SUCCESS MSG="OK"

If "compression" is set to 1 drive compression is active. Setting the compression can also be done with "slu" or alternatively with the Linux tool "mt":

• Step 3: Activate compression:

[root@sinus sesam]# slu <b>0020</b> -c 1 DCE=1 DATA COMPRESSION ENABLE:1 TRY MODE SELECT (6) SET COMPRESSION DCE compression=1 DONE MODE SELECT (6) SET COMPRESSION DCE STATUS=SUCCESS MSG="OK"

How can you configure a backup using another Network or Interface?

The first thing that has to be done is establishing an IP address for the new interface. The IP address will then be entered the properties table of the (Tape) server under Topology - Clients (Interface). In the backup events the IP name must be selected from the tab "parameter" in the field interfaces.

Example: The computer 'testme' has a 2nd Interface Module with the name 'testmeb'. In the backup task select 'testmeb'.

How do you backup the eDirectory on a Novell OES Linux - without SP2 -?

Since OES SP2 a TSANDS is available for eDirectory on Novell OES Linux. SEP sesam provides a special backup type called "OES Novell Directory" for older versions. This backup type is using SEP's sbc_nds and Novell's ndsbackup to back up eDirectory. sbc_nds is generating an appropriate command line for backup levels FULL/DIFF and INCR. ndsbackup needs User and Password. These values must be defined in the properties of the Backup Task as Backup Option and Restore Option with -a user={your user},pass={your password}

For instance:

-a user=cn=admin.o=novell,pass=novell

There is no selective restore possible but you can filter specific subtrees. To do this you have to choose "Expert Options" in the restore wizard and enter the requested subtree under tab 'Filter'.

Step by Step Instructions

1. Availability of Backup Task Type 'OES Novell Directory' 1. Which SEP sesam version are you using? It should be version 3.0 or higher. 2. Availability of recent sbc_nds 1. Please use the recent version: <a href="http://download.sep.de/netware/" class="external free" title="http://download.sep.de/netware/" target="_blank">http://download.sep.de/netware/</a> sbc_nds_*.* or sesam-novell-client-*.* 2. Is sbc_nds in bin/sesam on client side available and executable? 3. Backup Task with User and Password 1. If it doesn't exist define a backup user with password for eDirectory backup in Novell iManager. 2. Define a backup task with the type 'OES Novell Directory'. The source is the identifier of your eDirectory tree or subtree. You may check this with the ndsbackup scan function. 3. Set the backup option and restore option to: -a user={your user},pass={your password} 4. Restore 1. Use the target '/' to restore into the original tree. 2. With expert options you may set the filter to the requested subtree.

Path for ndsbackup since eDirectory 8.8.1

Since eDirectory version 8.8.1 ndsbackup is no longer located in /usr/bin but instead in /opt/novell/eDirectory/bin/ndsbackup.

To enable an execution with SEP sesam a link into the SEP sesam bin directory is necessary.

Use the following command in case of a standard installation:

ln -sf /opt/novell/eDirectory/bin/ndsbackup /opt/sesam/bin/sesam

After the initial backup does SEP sesam do incremental backups?

SEP sesam can be set to full, incremental, differential or copy. The disadvantage of incremental is that only changes are backed up to a daily/weekly tape file. In the event of a data restore it will require loading all the incremental tapes up to the data restore. Differential does not require this extra effort. With Differential Backups, restores can be accomplished in Generational View. In this mode SEP sesam will automatically restore the base file and the latest differential backup. SEP sesam will request/mount the appropriate media, simplifying the restore process. It will manage this for all files selected for restore. Copy allows you to make a copy of the data without taking the place of the normal archival activity set by the Master Administrator--it is not to be used when doing a data or a system restore.

Can users do their own backup and restore?

Users typically cannot backup their own computers but it is possible. The most efficient way to accomplish this would be to install a SEP sesam Server license on the target client (i.e. the user's computer). In this mode the user can be designated as the administrator for his/her desktop and the server can be backed up as if it were a client by the SEP sesam GUI administrator.

Are backups performed directly to disk or tape?

Backups can be written either to tape or disk, sesam after version 3.0 supports Disk-to-Disk-Tape functionality. All backup functions are written by the server and/or controlled by the server and may be written directly to the backup disk or tape or remote tape server. SEP sesam supports virtual tape libraries on disk with a pseudo autoloader function. Removable disk media is also supported.

I have decided to use removable or USB media for my backup strategy. Does SEP sesam support these types of devices?

Yes, Removable disk media including USB drives are supported.

Cluster backup

File backup of a Linux / Windows cluster

• Install the standard SEP sesam Client on each physical node
• Check if every node and every resource of the cluster can be correctly resolved by the DNS forward and reverse.
• Now add each physical node and each cluster resource as a backup client. Components/Topology
• After the successful recording of the clients a backup task can be created for each cluster resource. During the backup the data is automatically transferred from the active node.

Restore

Common Questions

How is it possible to restore only single files if the SEP sesam listing file is no longer available ?

In order to do this you can enter file patterns into the Restore Wizard. First the desired "Saveset" is selected in the registry tasks and the option "fully restore" is selected. With the button Expert Options the Expert Options Window is opened. Enter the file patterns in the register "Filter". Many patterns are separated with blanks. Only files which fit to this pattern will be restored. All others are ignored.

Examples:

/*.xls -> restores all files with the ending ".xls" /*/X11/XF86* -> restores all files from the directory "/X11" which start with "XF86". /*.ini /*.conf -> restores all files which end on ".ini" or ".conf"

Attention: the '/' is essential when writing the pattern.

How do I use the Selective Restore Commands?

1. In the directory <SESAM_ROOT>\var\work create a new directory root 2. You will need the files .sgm and .lis from the backup 3. Execute 'Sesamprofile'

In the 'root' directory create a Text File with the name: "selected.txt" and from the .lis File extract the desired lines, e.g.:

"C :/WINDOWS/system32/config/AppEvent.Evt" f 8.10.2004 13:26:54 8.8.2005 15:56:07 1 4096 540672

On the command line of the SEP sesam Server enter:

sm_restore -s SC20050809155617 -R c:/temp -v 1 -l s -c client -d 1 -V

Parameter:

-j Original task name of the backup job -s The saveset name of the backup job must be entered. You can find this in the .sel file from the restore Job -r Restore target (Please note the slash "/") -l The "s" is used for selective restore -S The hostname of the SEP sesam servers -v 1 increase the log levels -V To suppress output to the background -c Hostname of the client to be restored -d Disk drive entry of the drive where the SEP sesam aedia is kept, e.g. "1"

How do I restore all the data from a tape media without the SEPsesam DB?

To restore the data without a current license from SEP sesam the following restore procedure should be followed (SESAM DB Restore). Change directories to <SESAM_ROOT>/bin/sesam start the program sm_recover. In the first response you will see all known devices currently active on the system. It is possible to choose one of these drives.

azurix:~ # sm_recover num device name typ 1 disk1 Drive-1 DISK_HARD 2 /dev/nst0 Drive-2 DLT Enter drive number, (r) to repeat list, (q) to quit:

By entering "2" sm_recover will look for the desired data on the physical tape drive. The next question should be answered with yes "y" if no other backups or restores are active

Analyse media: restore data or listings of savesets

Restoring data while SEP sesam is active may cause conflicts due to concurrently running tasks on the drive. If you're sure that there are no activities scheduled during recover you don't need to block SEP sesam. Blocking SEP sesam during recovery prevents execution of backup activities scheduled for the other devices.

Do you want to block SEP sesam ? (y|n] >

Verity with "y"

wait until SEPuler - the timecontrol of SEPsesam - finishes its current work ... SEPuler is blocked ...

The next question should be answered with no "n" unless the search for data should continue with a desired filter.

Do you wish to enter label, saveset-name and segment-number directly ( no searching on media ) (y/n) > n

The next response will be that the tape is rewinding.

The tape will now rewind and scanned to the end EOT...

In the next response you may choose the desired savesets. By entering the saveset number you can insert further instructions to restore the data. After finishing please restart all SEP sesam services, if desired.

How can I restore a backup that has errors? The backup log file reported that the backup was partially successful.

If a backup has failed but some or most of the data was in fact backed up you can update the sesam database manually to show the backup in the restore wizard. First the saveset ID is required. This can be found in the GUI under backups by status-> failed backup> Properties> saveset (p. ..). Then on the command line use the following commands:

1 Source the sesam profile from $SESAM_ROOT/var/ini/sesam2000.ini 2 Modify the entry in the DB. The saveset has to be changed below. 3 sm_db "update results set state='1',blocks=1 where saveset='SC20060101121314'"

After this change the saveset for this backup should show in green on the status display and appear in the recovery wizard. Despite this sucessfull appearance you should check whether data was backed up sucessfully.

Microsoft Windows Restore

How can I Restore Active Directory Subtrees in a Clustered Environment?

1. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this during the normal boot menu (Please select the operating system to start) while restarting the computer notice the message at the bottom of the screen: For troubleshooting and advanced startup options for Windows 2000, press F8. Do this and then select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.

2. Restore the "System_State" Backup with the SEP sesam GUI.

3. To authoritatively restore Active Directory data you need to run the Ntdsutil utility - Example with Subtree organizational unit Marketing in domain Anitpodes.com:

#> ntdsutil ntdsutil: authoritative restore authoritative restore: restore subtree OU=Marketing,DC=Antipodes,DC=COM

Refer to Microsoft Publication "Windows 2000 Server Disaster Recovery Guidelines-recovery.doc"

Databases

Determine the number of SID for Oracle

Take a look at the list of processes in the operating system

If an Oracle-instance is running the system monitor (amongst others) is also running. The names of the Oracle-processes always contain part of the name of the instance. The common form is ora_<process_name>_<sid>

Example

oracle@myhost:/ ps -ef | grep smon oracle 23557 11596 0 Dec 19 ? 0:22 ora_smon_rac1

In this case the SID is rac1.

Check the oratab

Open the oratab in /var/opt/oracle. There you'll find the name of the instance and the Oracle-home for automatically starting Oracle instances.

Example

oracle@myhost:cat /var/opt/oracle/oratab rac1:/opt/app/oracle/product/10.2.0/db_1:N

Take a look at the parameter-file

In the Oracle-home under dbs or database you'll find either init<sid>.ora or the according SPFile. Here the parameterization of the instance is stored. The parameters db_name and instance_name give information about the database name and SID.

Sign in on the instance as DBA and query the according views

In SQL*Plus as DBA-User: SQL

1. SHOW parameter db_name 2. SHOW parameter instance_name

The following statements can be used from every tool

1. SQL> SELECT instance_name FROM v$instance; 2. SQL> SELECT [name] FROM v$database;

For more information on the topic of SID, see: http://www.ordix.de/ORDIXNews/1_2004/db_1.html (German)

What's the difference of a Novell Groupwise Backup with the SEP sesam Online Extension and without the Extension?

There are two ways to backup a Novell Grpupwise Server with SEP sesam. You can use the SEP sesam Groupwise Extension or the Admin can perform a file level backup of the Groupwise Server.

In general the backup of a Novell Groupwise Server is always performed via the TSA Interface of Novell. Either via tsagw or via tsafs (gw enabled). There is no difference between the two backup options. The difference is in the management of the Backup and Restore Jobs.

To find out more about the backup principles of SEP sesam in a Novell Netware / OES environment, please read Backup Principles of SEP in a Novell OES environment.

Summary:

For the file based backup and restore you need qualified knowledge of the Groupwise environment and the management of Groupwise systems. With the SEP sesam Groupwise Online Extension, a backup and - even more important - a restore of a Groupwise Systems can be performed from any administrator, no Groupwise knowledge is required.

Backup with SEP sesam Groupwise Agent

During the definition of a new backup job for a Client. The SEP sesam agent automatically recognizes there is a groupwise running on this client and offers the Admin a Groupwise backup.

The admin does not has to know where the Groupwise data are stored and which files are important to backup and which files not.

The backup process is started as a Groupwise backup process. The process is clearly identified as a Groupwise backup. The SEP sesam Server knows, this is a Groupwise backup and not just a normal file backup. This makes the management and problem location (in case there are problems) much more easier.

Technical it's only a file backup. But the SEP sesam agent ensures to backup the right files from the right directories.

For the restore we have a similar scenario. The SEP sesam Groupwise extension knows the backup (technical a file backup), is aware that all the files belong together to a Groupwise system. And the SEP agent now restores all the required files to the Groupwise Restore area on the Groupwise Server. Based on this data in the Groupwise Restore area Groupwise can start a recover process to restore the data (Mails or Mailboxes).

The Admin doesn't have to know, which files are the right ones and what the right place to restore is.

Backup without SEP sesam Groupwise Agent

Without the SEP sesam Groupwise Agent the backup of a Groupwise system is performed like a regular file backup. The Groupwise is shown as a regular NSS volume in the filesystem. With it's volume name. The Admin has to know - Which volume is the Groupwise volume - Which files within the volume he has to backup

The backup process itself starts as a file backup process.

For the restore the admin - has to know which files he has to restore - where is the restore directory of Groupwise

Media

How do I set up a backup to disk?

* In the SEP sesam GUI check that loader 0 (in newer versions virtual loader) can be found in the menu selection Components/ Loader. * Locate the local disk storage. It is also possible to do the backup using a UNC path on a NAS Device, however the settings and user rights must be established on the NAS System. * A Diskpool of over 1TB in size requires an additional license. * If the Disk Media Pool to be utilized for backup lies on a 2nd or remote system (i.e. not enough storage on the SEP sesam Server) you will need to install a Remote Device Server License.

Create a 'Pool' in the GUI under Components/Media pools. You can identify this pool with any recognizable name.

* The first setting that must be changed is the option "Drive Group". Set this to Disk Drives. * The next step is to enter the directory name where SEP sesam can enter the Virtual Tape Drive. * Next enter the maximum size the Media Pool for the Virtual Loader will be allowed to access. Enter this in MB using the conversion factor 1 GB = 1024. * After this has been stored you can now enter media into the Media Pool (New Media) * At the line "Media Type" you can set varying sizes for the media, e.g. DISK_100 sets the size of this media to 100 MB.

For example, if a Media Pool had a limitation of 1000MB it is possible to select 10 DISK_100 media types.

* Now select 'Start' to begin the initialization process. Repeat this step until the maximum capacity has been reached. Experience tells us the number of media for a pool should be between 10 and 20 whereas the size of these media is not important. The initializaiton (recognition) of the new media can be automatically accomplished using "Archive Adjustment" (GUI->Components->Loader->Loader0-> Archive Adjustment).

For 10 media the first would be Slot 0, the last slot 9. Automatic initialization must be activated. When the above steps have been performed successfully you can select 'Immediate Backup' on the new pool (Disk) to start the backup process.

How do I set up automatic Archive Adjustment?

• Go to Schedule and establish a new schedule.
• Enter the desired time.
• Enter an event in this schedule and make the following edits:

Priority: Standard set to 1. Name: Enter a description that is easily recognizable. Command: Example for Tape Loader 1, Drive 2 and 10 Slots: sm_robot –l 1 –d 2 –s 0-9 Client: Choose the desired SEP sesam Server Name User: If this for a Unix System enter: root. For Windows: system.

Note: For the simple activation of SEP sesam commands no explicit permissions are required. Also see How do I schedule a backup task?

I have found a tape without a label and I want to know whether it is a SEP sesam tape or not.

Put the tape into the drive, select the drive in the GUI under Components > drives and execute the drive action "identify label". In the display "Current Messages" the label, if found, will be displayed under the drive.

Alternatively you may go to the command line, change into the directory <SESAM_ROOT>/bin/sms and execute:

For Unix

./sm_sms_interface getlabel -d /dev/nst0

For Windows

sm_sms_interface getlabel -d Tape0

you will find the necessary device (switch -d) in GUI under Components >drives.

How can you manually write a label on a tape?

Go to the command line, change into the '<SESAM_ROOT>/bin/sms' directory and execute:

For Unix

./sm_sms_interface init -d /dev/(z.B. nst0) -t testpool00001:1

For Windows

sm_sms_interface init -d Tape0 -t testpool00001:1

Attention: The tape will be overwritten without any warnings!!

The media label consists of three parts:

1. Name of the pool (here testpool), 2. The tape ID, a number of 5 characters 3. A number after the ':', which complies to the number before

How do I automatically remove the tape after the backup is finished?

The best way to accomplish tape removal after backup is by using sm_notify interface. You can find a complete description of this command interface with examples of how to unload tapes following backups in the SysAdmin Guide.

The standard command to unload is as follows:

sm_drive dismount 2 unload

This command refers to selected or desired drive, in this case drive 2.

Where do I install the cleaning tape?

At the current time a cleaning tape will not be explicitly identified. When selecting an "Archive Adjustment" the cleaning tape will be automatically loaded in sequence and an unwanted cleaning operation may be initiated.

To prevent an unwanted cleaning operation from starting it is recommended that you select the last (highest numbered) slot for the cleaning tape and reduce the number of slots by one (1).

Cleaning may take place by manually entering the cleaning tape or by using the manufacturer's instructions.

SEP sesam locks tapes after a backup, which were not involved

This has to do with full->diff or full->inc->inc->inc->... backups.

A little example is shown to explain this problem.
full-backup -> needed three tapes (backup00001, backup00002, backup00003)
inc-backup -> needed one tape (backup00004)
inc-backup -> needed one tape (backup00005)
inc-backup -> needed one tape (backup00006)

The first backup just changes the EOL (end of lifetime) for the three tapes (backup00001 to backup00003), the second backup changes the EOL for the first four tapes (backup00001 to backup00004), the third backup changes the EOL for the first five tapes (backup00001 to backup00005), and so on...<p>
If the next full backup fails, the following incremental backup will use the chain from the last successful backup(s) and so the chain expands.
This is necessary for a generation restore, because an incremental backup just includes the changes from the last backup, no matter, whether this was full, differential or incremental. All tapes are needed to perform a successful restore.
With backup type differential instead of incremental sesam just locks the tapes from full backup and the tapes, which were used by the differential itself.

Get information of oldest tape in a pool before backup starts

Sometimes it's very handy to know the next free medium of a pool, before a backup starts. To get this information just type this command:

sm_arch_getoldest 1 full-disk

This command tells the next free medium of pool full-disk in drive 1.

SEP sesam GUI

SEP sesam Master GUI

• To administrate more that one SEP sesam servers you can enable the master GUI functionality

Configuration

• !!! Important !!! All SEP sesam Servers must have the same version to use this functionality
• There is no special license necessary
• Use the switch -M1 to enable this function.

On a Windows system edit the SEP sesam desktop short cut and add the parameter <b>-M1</b> to the target (i.e. "C:\Program Files\Java\jre6\bin\java.exe" -classpath sm_gui.jar;sm_lib.jar; de.sep.sesam.gui.client.Frame -ucr -sbackupserver -lwindows -p11401 -P local -v2 -ren -M1).

On a Linux system start the GUI executable /opt/sesam/bin/gui/sesam_gui with the parameter <b>-M1</b> (i.e. ./opt/sesam/bin/gui/sesam_gui -M1)

Setting permissions for a GUI Client

Every GUI client must be allowed access to the SEP sesam Server using sm_setup allow_gui {GUI-client} {user}

Example:

sm_setup allow_gui pc1 Miller

Problems when adding a new client

The following error messages may appear when adding new clients to the SEP sesam Server.

Error:

No Access for Computer pc2 - please enter for pc1

or

There is no SEP sesam installed on computer pc2, please install it.

Possible Problems:

1. There might be no SEP sesam Client software installed; 2. A wrong system name has been entered in the SEP sesam GUI; 3. A firewall between the two computers is active.

A firewall is active on Windows XP with SP2 and SuSE Linux after 9.1. by default!

Solution:

* Install the SEP sesam software on the target client * If the name was entered incorrectly, delete and re-enter it * Deactivate the firewalls or install the SEP sesam Firewall option

Error Message:

Rights Restriction - [pc1.domain.de system] in pc2:<SESAM_VAR>/var/ini/sm_ctrld.auth

Problem: The SEP sesam Server has no privileges to access the client

Solution: Enter the value in the [___] into the client's <SESAM_VAR>/var/ini/sm_ctrld.auth

Error Message:

Test backup from pc2 does not restore to pc1 - please verify ( ping, DNS, local STPD)

Problem: The connection between client and server is not functioning.

Solution: Check with the help of the nslookup command if the name resolution "Forward" with and without FQDN as well as "Reverse" is correct.

Attention: Check on the SEP sesam Server AND on the SEP sesam Client:

nslookup {client} nslookup {IP-Address of client} # important reverse lookup nslookup {SEPsesam Server name} nslookup {IP-Address of SEPsesam Server} # important reverse lookup

Example - check mysesam name resolution and reverse lookup:

#>nslookup mysesam Server: dns.domaine.de Address: 192.168.1.254

Name: mysesam.domaine.de Address: 192.168.1.1

#>nslookup 192.168.1.1 Server: dns.domaine.de Address: 192.168.1.254

Name: mysesam.domaine.de Address: 192.168.1.1

If DNS is not being used and the verification is taking place over the etc/hosts file use ping to verify individual clients.

How can I enter a backup source with more than 256 Characters? Avoid length limitations of complete filenames (incl. path)

To define a backup source with more than 256 characters in the complete filename (path and filename) it is possible to use file with a list of all paths as backup source. Create the text file with a list of all paths (e.g. /opt/sesam/var/ini/large_source.txt). Each path must be written under the previous one which means you'll have a fully qualified file or directory name on each line.

In the properties of the backup task is a flag called Option 1 in the lower portion of the Expert Options. There, enter the backup option -f {file} e.g.

-f /opt/sesam/var/ini/large_source.txt

The SEP sesam Server reads this file during the backup and stores the additional files and directories named in the source directories.

How can you specify an exclude list that's longer than 150 characters?

Exclude patterns may be entered into a file. Create a text file where all pathes are listed one below the other (e.g. /tmp /opt/sesam/var/ini/large_exclude.txt/......) and save this file in a folder of your choice. During the creation of a backup enter the folowing statement.

-X /example/directory/text file.txt

During the backup all directorys in .txt file be excluded also.

See also Windows Exclude with file patterns

Request Status or Daily Protocol (Log Files) returns 'Host SEPsesam is not allowed to connect or security problem for user'. What is going on?

This is usually a problem with CTRLD privileges. The error message:

scd-1136: Error: Host [{SEPsesam}] is not allowed to connect or security problem for user: [{user}].

There is a problem with the RMI GUI Server on SEPsesam Server. The system requires CTRLD privileges to complete SEP sesam commands. Look in the directory <SESAM_VAR>/var/ini/sm_ctrld.auth. It is possible that there has been a change the computer name, the domain name or the entry in sm_ctrld.auth.

Please check these directories and if necessary run 'sm_setup set_client {SEPsesam}'.

For example: If SEPsesam Server 'backup_1 is called:

sm_setup set_client backup_1

If the server name has been changed it has to be reset.

The data lists do not appear in the Restore Wizard.

Please check if the CTRLD switch permission is set to <on>, if not please activate.

I can't type anything into the GUI.

This may occur if Java 1.3 is installed. If this is the case, please install SUN JRE Java version 1.4.2. After the installation the Java link must be changed. In the <SESAM_ROOT>/bin/sesam directory the link java still refers to the old Java path. Change it to the new Java version and restart server portion of the SEP sesam GUI by entering:

./sm_main reload rmi

After SLES9 Unicode is the Standard Character Setting/Coding for SuSE Linux. All SEP sesam Versions for SLES9 and higher are in Unicode. Reset you system to Unicode or install a new toolkit.

Can the Master schedule be changed by a user?

Essentially, no. The most efficient method to handle this is for the user to convey his needs to the System Administrator. Upon initial installation the backup periods are established and entered by the Master GUI, this would be an appropriate time to have input from the users when any special backup and restore commands are required and have them administered centrally. If necessary a SEP sesam Server license could be added.

The sesam Master GUI can be installed on the client but this would give the client/user all privileges. Another solution that requires more overhead is to install a GUI with restricted privileges. Obviously this requires more work on the part of the administrator.

How do I set permissions for GUI Client after Version 3.x?

To set the GUI permission for a GUI client you can use the program <SESAM_ROOT>/bin/sesam/sm_setup with the syntax

sm_setup allow_gui -u (User) -c (Hostname of GUI client} -m (Permission: "admin" - all, "operator" - configure and start backups, "restore" - start restores)

Example for a Windows client with the hostname "ruoffnix". User "cr" will get all permissions for SEP sesam.

<SESAM_ROOT>/bin/sesam/sm_setup allow_gui -u cr -c ruoffnix -m admin

After this call the RMI server receives the changes and restarts. It should now be possible to restart the GUI. Start the GUI from the host "ruoffnix" user "cr".

Please be careful with upper and lower case and check FQDN or NOFQDN.

In case of an error you may get information of missing entries in "Current Messages" in an active SEP sesam GUI or by using <SESAM_ROOT>/bin/sesam/sm_info p

Every GUI Client must have permissions entered on the SEP sesam Server. Move to the directory <SESAM_ROOT>/bin/sesam and enter sm_setup. After this command you will receive information regarding all possible combinations.

The complete command should be as follows:

sm_setup allow_gui -u (System user that will be GUI administrator) -c (Hostname of server/client where the GUI will be opened) -m (Sets privileges for individual GUI users): "admin" - all, "operator" - creation and start of backups, "restore" - initiate restores)

SuSE LINUX 10.0 Prof. Community Version

How can I install the freeware version of SEP sesam?

The installation can be accomplished using YasT. If there is no SUN Java currently running on your computer it will be automatically selected by YasT. In addition, SEP sesam can be installed using the rpm -U <sesam serverpackage>.

Problems that may appear after installation with SEP sesam RPM Packets.

The following error messages appear when starting the SEP sesam GUI:

Connection to the Server sesamserver is denied. The last message reads:

java.rmi.RemoteException: Connection refused to host: [SEPsesam-Server]; nested exeption is: java.net.Connect.Exception: Connection refused

Please verify if the SEP sesam RMI Server component is active and if the Port being used is correct.

Program is closing.

If this message appears, first check the Java Version with the following command:

/opt/sesam/bin/sesam/java -version

If the Java Version is not 1.4.2 or greater you will need to update the Java files.

SBC_SMDR

Tape drives

I have an Exabyte single tape drive. But when I try to initialize it I can't find it in the list of devices. What's wrong"?

First, look at the media pool where you tried to enter the tape drive if there is no (X) number, (e.g. 0,1,2, etc.) behind 'Tape' it means the drive was not detected by SEP sesam. You can also do this by moving to a command line prompt and enter slu scan. If the device is not listed the driver is not installed correctly. Go to the manufacturer's site or look for the appropriate driver on the Internet. When you find it, download it to your computer's desktop. Then run the program to install the driver. Look at the media pool and you should now see Tape (0). Now begin to initialize tapes as described in the User Manual.

I have an Exabyte VXA172, and I have configured my backup per the standard instructions. When I try to perform a SEP sesam backup I get the error message: skipping blocks. What does that mean?

Some manufacturers often require a different driver for each tape model they manufacture. In this case the VXA tape you initialized is not recognized by SEP sesam in the Exabyte tape drive. Go to the GUI to tape type selection and change [VXA] to [EXA]. This will fix the problem.

SEP sesam does not write to my LTO drive on my x86 system

The OS enables PAE (Physical Address Extension) automatically on x86 system, if more than 3.25GB RAM are in use and with PAE the OS cannot write more than 32KB to a tape drive, SEP sesam needs 64KB in case of LTO. The most efficient way is to switch to an x64 OS, otherwise decreasing RAM to max 3.25GB should solve the problem, too. Furhter information can be found here: http://support.microsoft.com/kb/289261/en-us

Encryption

When encryption is selected before transferring data to the server, does sesam do a compression before it encrypts the data? Does it compress after it encrypts the data?

Data encrypted by the system and transferred to the server will be compressed if stored to tape using the manufacturer's compression algorithms. If it is stored to disk data can either be encrypted or compressed but not both.

Multiple Files

Will SEP sesam recognize the fact that several users have saved the same file on separate clients and only backup one file and various changes?

For example, if members of a workgroup are all sent the same Power Point Presentation and store it on their respective desktops, does it make separate copies or one with pointers to changes?

SEP sesam stores separate files for each user. We have thought about the alternative and unless there is a very large amount of data being stored in the files, any changes that might be made to the main data array would have to be stored in multiple areas or tapes and, if a restore was required, more overhead would be required to restore the data.

Open Files - Will SEP sesam backup open files?

Yes, SEP sesam can backup open files for both Linux and Windows.

Linux

SEP sesam for Linux does backup open files.

For Windows

Open files can be backed up with the Volume Shadow Copy Service by Microsoft. To do an open file backup a Windows Snapshot of the data and partition that are to be backed up is made and then the partition is backed up. Databases should be backed up using the appropriate SEP sesam database module.

System Requirements:

Client O/S: Windows 2003 SEP sesam Server after Version 3.0 SEP sesam Client after Version 3.0

Data Storage - Methodology

Is data that is collected for backup stored in a flat file or a database?

Data is stored in a flat file but information about the backup is stored in the SEP sesam database including index pointers for fast and easy data recovery.

Reporting

Can special reports be generated regarding backups, time of backups, restores performed, etc.?

Yes. Specialized scripts may be written and inserted for execution both pre and post operations utilizing the commands execute_pre or execute_post. Due to stringent EU requirements for reporting, data security and data restore, many desired reports may already be included without additional effort by the administrator.

I would like to generate reports for both summary and detail for backups. Does SEP sesam provide this extra granularity I require?

SEP sesam provides both a summary and detailed information about every backup run. In addition, the system can send a summary report over the SEP sesam notify interface to an email account after finishing the last backup. This is possible because SEP sesam summarizes the backup information daily. The time schedule and sequence is selectable by the user or system manager and may be set to any 24-hour period. For example, if you specify a backup time of Monday 11 p.m. to 8 a.m. on Tuesday all backups performed within this window will be recorded as Monday.

How can I send a SEP sesam Daily Protocol to an email account?

We recommend to configure Support Accounts and to use sm_notify templates from

{sesam_Root}\skel\templates\sm_notify.cmd

resp.

{sesam_Root}/skel/templates/sm_notify

Please copy into

{sesam_Root}/bin/sesam

and modify to your needs, especially in the line:

sm_smtp -A sesam -M gv_dayfile: -a gv_prot: -s "Sesam backup status: "+%1+" "+%2+

-A {account} must be modified to the required email account that was configured with the GUI.

After the execution of the last backup or command event the sm_notify interface is called with the module "ALL_JOBS_DONE" and the SEP sesam Daily Protocol will be sent to the specified email account.

Licensing problems

W008-License Licensed TCPIP adress does not match the local adress 127.0.0.2

This problem usually occurs on SLES-based Linux systems. Here you need to check the file

/etc/hosts

and change the according entry for the loopback-adress "127.0.0.2" or remove it from the /etc/hosts file entirely.