Jump to content

Nigel Smith

Members
  • Content count

    304
  • Joined

  • Last visited

  • Days Won

    22

Everything posted by Nigel Smith

  1. Finally got around to having a play with this. While RS17 still treats tags as "OR" when choosing which clients to back up in script and you can't use tags within a rule, you can use "Source Host" as part of a rule to determine whether or not a client's data is backed up by a particular Remote-enabled script. It involves more management, since you'd have to build and update the "Source Host" rules for each script, but there's a bigger problem: Omitting by Rule is not the same as not backing up the client. That's worth shouting -- the client is still scanned, every directory and file on the client's volume(s) or Favourite Folder(s) will be matched, a snapshot will be stored, and the event will be recorded as a successful backup. It's just that no data will be copied from client to server. (TBH that's the behaviour I should have expected from my own answers in other threads about how path/directory matching is applied in Rules.) So if you have 6 Proactive scripts, each backing up 1 of 6 groups of clients daily to 1 of 6 backup sets, every client will be "backed up" 6 times with just 1 resulting in data being copied. That's a lot of overhead, and may not be worth it for the resulting reduced (individual) catalog size. Also note: a failed media set or script will not be as obvious since it won't result in clients going into the "No backup in 7 days" report, since the "no data" backups from the other scripts are considered to be successful. For me, at least, Remote Backups is functionality that promises much but delivers little. Which is a shame -- if Remote Backup was a script or client option rather than a tag/group attribute, or if tag/group attributes could be evaluated with AND as well as OR logic, I think it would work really well.
  2. Nigel Smith

    Retrospect Management Console

    I don't think that would help -- you'd still have to VPN in separately to each "organisation" to check/monitor, just what Malcolm was trying to avoid by using RMC. Doubly annoying since, last time I looked, iOS VPN settings weren't available to Shortcuts. Assuming Malcolm has "control" of the remote RS servers and routers he might be able to do something with a proxy server at his end which ssh-tunnelled to the remote servers. Quite how you'd set that up is well beyond me though 😞
  3. Nigel Smith

    Retrospect Management Console

    ? My point is that if the only requirement is monitoring, you could use Script Hooks to generate your own data to parse into the on-prem engine of your choice and not use RMC at all. I can't speak for Malcolm, but the vast majority of my RS interactions are for monitoring so having to VPN into each site when active management is required wouldn't be a hardship.
  4. Nigel Smith

    Retrospect Management Console

    Late to the party, since RMC holds no interest for me. So I won't comment on most of the thread. However... I can see how RMC would be very appealing, especially if it presents as "single pane of glass" rather than you having to go to one site, then the next, then the next. But if your main requirement is monitoring, maybe look at using Script Hooks to send data to your Zabbix instance so it's of a part with your other stats reports/alerts. I don't know how much you can do within Zabbix, eg to show machines which haven't been backed up in X days. But you've got FileMaker available -- it wouldn't take much to parse the backup reports or any other info sent via Script Hooks into a custom database with any functionality you wanted, including a dashboard, automated email alerting, etc. (I used to do that back when v6 had AppleScript support, so I could monitor things like weekly churn on individual machines, generate summaries of Group backup storage usage for cross-charging, and similar.)
  5. Nigel Smith

    Backup set located on site to site VPN

    Never one to resist sticking an oar in... Again, details are important -- different OS X versions have different SMB implementations so, if you do file a bug report, you'll need to include that info. But I wouldn't bother -- as Lennart says, performance when using a NAS-stored catalog (especially when you add the VPN in too!) will be absolutely dire, and you'll save yourself a lot of grief simply storing it locally. To follow on from David's last point -- it's nice to store catalog and set "together", especially for disaster recovery of the RS server, but in cases like this it isn't really practical. Perhaps a better solution is to store the backup set on the NAS, the catalog locally, and to also back up the catalog to the NAS (doesn't need to be a full-on incremental RS backup, you could just copy it over every night). That way you'll have little or nothing to do in the way of catalog rebuilding in a DR scenario, just picking up those few (if any) sessions that happened between the last catalog backup and the disaster.
  6. Nigel Smith

    Scanning incomplete, error -1101 (file/directory not found)

    Retrospect doesn't do a UNIXy tree-walk, not bothering to look at anything "/backup/FileMaker/Progressive/" or lower. Instead it scans *every* file of a volume and applies its selectors to decide what to do. I'd assume from the errors that it is getting partway through scanning those directories' contents when, suddenly, they vanish. Whilst annoying in a simple case like you describe, it's also part of what makes the selectors so powerful -- for example, being able to exclude files on a path *unless* they were modified in the last 2 hours -- and why all the metadata needs to be collected via the scan before a decision can be made. Two ways round this. If you want to exclude most paths, define the ones you want as volumes and only back those up -- we only back up "/Users" so that's what we do, which also greatly reduces scan time. If you want to back up most but not all, which I guess is what you're after, use the "Privacy" pane in the client to designate those paths to exclude.
  7. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    Only think left I can think of is an indexing issue with the set's database -- and that's assuming that there's a database, that the database is indexed, and the index is used when searching... I'm guessing all the "missing" .nef files were backed up in the same session? You could always try a catalog rebuild and see if the problem persists -- but make sure your original catalog is safe and you don't overwrite it in the process!
  8. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    So "Watercolor" is on your D:\ drive, contains "*.nef" files, but those files don't appear when you search your backups for them. Almost sounds as if they haven't been backed up -- have you checked for any exclusions in your backup scripts? You can also browse the entire Backup set by doing a search with no criteria -- IIRC, on Windows it defaults to "Include everything" and "Exclude nothing" -- then browsing the results. It'll probably be a long list, you'll get every backed version of every document, but you'll at least be able to drill down to "2016-04-01 - Watercolor" and see what's in there. If you still don't see the .nef files that strongly suggests they were never backed up for some reason. I'd be inclined to do a quick test. Duplicate the backup script you've been using, define "2016-04-01 - Watercolor" as a volume, change the duplicate script to back up only that volume and ideally the destination to be somewhere new (stick, HD, share, cloud -- doesn't matter, it just pays to play safe and keep it separate from your "real" backups). Run it and see what happens -- do the .nef files get backed up?
  9. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    If I were you, I'd start again from scratch, but coming from the opposite direction. And remember that it pays to be as explicit as possible with selectors -- so files don't end with "nef", they end in ".nef". So start with only the "filename ends with .nef" selector. If that picks up all you expect, add "and Windows file or folder path starts with D:\Greg\" (remember -- explicit! Include the trailing backslash). Then, maybe a "Windows path of folder contains..." to get just your subfolder. But you may not need to even go that far if you can manually remove/select what you want from the results of the first filter. Selectors can be tricky beasts, which don't always behave the way you'd expect -- or the way selectors anywhere else would! But they work well once you master their own particular logic. If they then don't show what you expect it's usually a wrongly-chosen snapshot or similar, so search the whole set.
  10. Nigel Smith

    'Restore --> Find Files' yields 0 files found

    Change that first match to "path starts with D:\Greg\" <- note the trailing slash, and see if that helps. Previous testing showed that exact folder matching required that terminating backslash, and I suspect that "path starts with" does too, as implied in the "Tip" under where you type the path for the selector.
  11. Nigel Smith

    Proactive Backups and Background Running

    My apologies, I'd assumed that: ...was a detail, in that RS was installed on a machine that was just lying around in your office rather than a secured server room. In such situations we've used lockable security enclosures and hard-wired power so cleaners/users/random passers-by can't "accidentally" power cycle the machine after "accidentally" plugging in a bootable USB, etc. And I agree, requiring a login is a major minus for RS on Windows.
  12. Nigel Smith

    Proactive Backups and Background Running

    Totally agree with all you wrote -- which is why I asked, since our Win RS server is in a locked and alarmed server room to which access is tightly controlled and so it isn't such an issue. We've also been burnt enough times by "auto-restarts" (on both Win and Mac) that we stop them wherever possible -- we'll control when updates are applied thank-you-very-much, and if a machine gets shut down because of power loss we both want to know why and to make sure it has come back up cleanly -- so having to log in isn't an issue, we're doing it anyway. I would add that there are plenty of ways to physically secure a machine in a more open situation such as yours, and that having RS run as a background process wouldn't solve any of the many other security issues that arise from physical access to a computer. It's obvious from the length of time this has been an issue that Windows's security features make switching the RS Engine to background daemon a non-trivial exercise, else it would have been done already. Until it does happen we'll just have to find workarounds -- and, being a Mac guy, I'm particularly partial to your idea of repurposing that old Mac Mini 🙂
  13. Nigel Smith

    Proactive Backups and Background Running

    What's the issue with running a desktop session all the time, especially on a headless machine? OK, as a mainly Mac guy it grinds my gears that it is necessary on Windows -- but my Windows-administering colleague assures me there are no particular implications assuming the box is properly secured (and he'd slap me silly if it wasn't 😉 ). Serious question in case there's something he's missed, or our particular situation mitigates an issue that would be truly serious in the outside world (in which case I should stop advising people to do similar!).
  14. Which freezes -- the Console app or Retrospect Engine (or both)? Do you have access to a second Mac you could run the console app from instead? If so, what happens? Is there time to disable some or all of your scripts? If so, turn all scripts off (you may need to crashed/restart a few times to get this done if you have a lot) and see if the crash happens even when the Engine is "idle". OS Console logs would be useful here -- probably the easiest way, since we don't know what we're looking for, is to note the time you launch the RS Console app and the time everything crashes, then filter to between those times and look for anything relevant. As David says, if v17 is a recent purchase/upgrade then raise a support case and let them do the hard work! But the more information you can provide the quicker the resolution.
  15. Nigel Smith

    No Proactive scripts running

    Start with the clients on your internal network -- are they getting backed up Proactively? Are the remote clients connecting to your network over a VPN, and you're then catching them with the Proactive script? Or are they truly outside -- check your server is still available on ports 497 and 22024 to the outside world.
  16. Nigel Smith

    Yet another -530 client not found error

    Totally agree, with both this and your previous post. We never static just for Retrospect, simply restart the client when needed (though the occasional missed backup can be annoying, it isn't the end of the world, and "moving" clients often miss backups anyway). But on a relatively "fixed" home or small business network, where IPs are only usually DHCPed because it's the default option, b'n'b helps with problems caused by... let's say "less compliant"... DHCP servers.
  17. Nigel Smith

    Yet another -530 client not found error

    Smart move, IMO! These are deep waters, best left unrippled. Especially when you remember that network communication is not directly via IP address, but is next-hop routing via the mapping of IP addresses to gateway/MAC address in ARP tables. Table updates aren't instant, which is why I can quite easily see why my guess might happen -- step 5 is based on the MAC address of the previously detected client, obviously still "valid" since the interface used wasn't changed (just the IP address). But when we get to step 7 it's aged out/replaced, the IP address is no longer valid, and you get a comms fail.
  18. Nigel Smith

    Yet another -530 client not found error

    Not so fast... This is what I think might be happening (and why a WireShark run would help): Client is on "Automatic" location -- x.x.x.202 You switch to "Retrospect Priority", client address now x.x.x.201, and immediately run the server script Server multicasts to all devices, asking for client Client responds, but we know the client doesn't instantly reflect a network change, so says "Yay! Me! Here and ready on x.x.x.202!" Scan gets done By now, the client is listening is on x.x.x.201:497 (or, rather, is no longer listening on x.x.x.202:497) Server initiates the backup "Hey, x.x.x.202, give me all these things!" Silence... More silence... Server assumes network communication has failed and throws -519 Step 4 is total guesswork from me -- all we know is that there must be some mechanism for a multicasted client to tell the server its IP address. If I'm right, they might be able to fix this on the client, though it may dependent on the OS promptly informing all network-using services of an IP change (the client unnecessarily spamming the OS for updates would be horribly inefficient). Or they might be able to fix this on the server, with a re-multicast after step 8's failure to pick up the new address. But, even in these days of devices often changing networks, I doubt the above crops up very often and probably isn't worth fixing (directly, at least). x509's "binding to a bogus address" is much more common, and if solving that solves other issues too -- bonus!
  19. Nigel Smith

    Yet another -530 client not found error

    You're viewing the Piton protocol too narrowly. It's the protocol(s) by which server and client communicate and includes discovery, access and data transfer (amongst other things) and is used in the unicast (defined IP client, as above), broadcast and multicast "location" (using that since "discovery" usually means "first time ever finding a client" in RS) of a client on the network and all subsequent communication. You'll have to do a lot more digging with eg WireShark to know exactly why you saw what you saw -- I'd expect it to throw a -530 (because the client was still listening on x.x.x.202:497) or just work, not throw a -519 -- but I suspect that permanently binding the client to x.x.x.201 with "ipsave" might eliminate the issue. -530 is quite clear -- the client couldn't be found. That -519 is separate implies that the client could be found but then there was a problem, but I'm probably reading to much into it. All we really know is that "network communication failed", for whatever reason.
  20. Nigel Smith

    Yet another -530 client not found error

    Would just warn that different routers' DHCP servers behave in different ways. Some treat the address blocks reserved for statics as inviolate, some will continue to offer those addresses when no MAC address has been set, etc. I always belt-and-brace, putting MAC addresses in the router's table and setting static IPs on the clients, when I need a definitely-fixed IP. Also, some routers force a certain (often limited) range for statics and others let you do as you will, so check your docs before planning.
  21. There are pros and cons to both approaches. But consider this first -- how will you restore your system disk if there's a disaster, have you tested it, and does splitting it into separate "Favourite" folders result in way more work than the benefits are worth?
  22. Nigel Smith

    Yet another -530 client not found error

    Of course -- would I offer anything simple? 😉 More seriously, if the client is "confused" by network interfaces when it starts up, can we guarantee it won't also be "confused" on a restart? While it should be better, since it is restarting when there is (presumably) an active interface, it might be safer to explicitly tell the client what to do rather than hoping it gets it right. And a batch script triggered by double-click is a lot easier for my users than sending them to the command prompt. As always, horses for courses -- what's best for me isn't best for a lot of people here, but might nudge someone to their own best solution.
  23. Nigel Smith

    Yet another -530 client not found error

    Not just statics -- you can also use it for DHCP clients. And it wouldn't take much work to write a script that would find the current active IP and do a temporary rebind. On a Mac you can even tie it in to launchd using either NetworkState, or with WatchPaths on /private/var/run/resolv.conf (although, in my experience, Mac clients do get there eventually and rebinding is only necessary if you are in a hurry to do something after a network change).
  24. From my earlier back-of-an-envelope calculations, both D2D and D2T should fit in overnight. More importantly, because he isn't backing up during the day, the "to tape" part can happen during the day as well (my guess is that he was assuming nightlies would take as long as the weekend "initial" copy, rather than being incremental), so he should have bags of time. I know nothing about Veeam's file format, only that it's proprietary (rather than eg making a folder full of copies of files). It may be making, or updating, single files or disk images -- block level incrementals may be the answer. Or it may be that Veeam is actually set to do a full backup every time... It is a snapshot, in both computerese and "normal" English -- a record of state at a point in time. I don't think the fact that it is different to a file system snapshot, operating system snapshot, or ice hockey snap shot 😉 requires a different term -- the context makes it clear enough what's meant, IMO.
  25. Nigel Smith

    Yet another -530 client not found error

    No, no, and no 😉 Long time since I've seen Norton firewall, but make sure that you are opening port 497 on both TCP and UDP protocols (direct connection only need TCP, discovery uses UDP). Windows also has a habit of changing your network status after updates, deciding your "Home/Private" network is "Public" instead, if Norton makes use of those distinctions (Windows Firewall does). Easiest way to check for discovery is Configure->Devices->Add... and click Multicast -- is the device listed? Also try Subnet Broadcast. I have no particular problems with DHCPed PCs at work, so it's something about your setup. As David says, you could get round it by assigning static IPs -- check your router documentation first, some "home" routers supplied by ISPs have severely limited ranges that can be reserved for static mapping -- which can also make life easier for other things, eg just use "\\192.168.1.x" to access a share instead of hoping Windows network browsing is having a good day... Question: Are client and server both on the wired network, or is one (or both) wireless?
×