Jump to content
Dogwood

10 *still* requires users to be logged in for backup to work.

Recommended Posts

I just upgraded from 8 to 10. I was hoping that one persistently annoying bug might have been addressed, but it hasn't yet.

 

Retrospect (since 8, still with 10) for Mac requires a user to be logged in on the client computer in order to perform a scheduled backup.

 

If no user is logged in, the backup fails with "error -1101 ( file/directory not found)".

 

We would very much prefer for users to log out at the end of their day for both security and ease of maintenance reasons; but we have been keeping them logged in for the last 2 years specifically because of this bug. The backup scripts are run at 6PM.

 

This is with Retrospect 10.0.1 and client version 10.0.0.174.

Share this post


Link to post
Share on other sites

I only back up a single client, but there's almost never a user logged in on the client when I back it up.

 

Is the problem perhaps that the clients are asleep and Wake On LAN isn't waking them?

Share this post


Link to post
Share on other sites

We would very much prefer for users to log out at the end of their day for both security and ease of maintenance reasons;

As a security workaround: Set the screen saver to start in a "hot corner" and require a password to exit the screen saver. At the end of the workday, you start the screen saver.

Share this post


Link to post
Share on other sites

We have worked with Apple to understand why backups fail when users are logged out and the issue is a limitation within the operating system. When you log out, Apple makes some disks unavailable to Retrospect. Apple says that this is expected and normal behavior. The only solution is to log into the system for a backup.

  • Like 1

Share this post


Link to post
Share on other sites

Hi Robin,

 

Thank-you for your response.

 

However, I don't believe that's acceptable. Being forced to have leave a user logged in as I said creates security & maintenance problems.

 

It seems improbable to me that there is no way for retrospect to actively run on a system with no logged in user. FTP, AFP file sharing, and numerous other background processes can continue running.

Share this post


Link to post
Share on other sites

As a security workaround: Set the screen saver to start in a "hot corner" and require a password to exit the screen saver. At the end of the workday, you start the screen saver.

 

We do have the screensaver with password required start up after a minute of inactivity; but the preference would be to have the users completely logged out.

Share this post


Link to post
Share on other sites

So, FWIW -- we've been looking at CrashPlan here. This seems to have the same issue. The script will run at the prescribed time, but if the client is logged out (this is on a 10.8.2 mac), then no files are backed up... I'm sure this is an Apple issue, so direct your irritation at them, I think...

Share this post


Link to post
Share on other sites

I think this method stopped working with 10.7. It still does not work in 10.8. I believe this is intentional by Apple for security reasons...

Share this post


Link to post
Share on other sites

Oh, *&^$#*&^. I need that capability too, for other reasons. I just upgraded a machine to a new Mini. I have not yet been bitten. Thanks for the heads up.

Share this post


Link to post
Share on other sites

Quick look in Apple discussions yielded this:

 

Re: External hard drive ejects on sleep

 

It works.

 

The relevant snippet is to do this:

 

sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool YES

 

It's a global change that requires a reboot to take effect. It does not appear to interfere with dynamic mounting of removable disks, but keeps things like firewire disks mounted from boot to shutdown.

 

I'll report back if it does anything "bad" to me.....

  • Like 1

Share this post


Link to post
Share on other sites

Quick look in Apple discussions yielded this:

 

Re: External hard drive ejects on sleep

 

It works.

 

The relevant snippet is to do this:

 

sudo defaults write /Library/Preferences/SystemConfiguration/autodiskmount AutomountDisksWithoutUserLogin -bool YES

 

It's a global change that requires a reboot to take effect. It does not appear to interfere with dynamic mounting of removable disks, but keeps things like firewire disks mounted from boot to shutdown.

 

I'll report back if it does anything "bad" to me.....

 

Thanks for your directions iCompute! Awaiting your further feedback & report back on your try!

Share this post


Link to post
Share on other sites

I hit a glitch today. If the server (engine) stays up, and the server (AFS) goes down, Retro won't reconnect. My setup is netatalk, which is not quite up to Apple spec, so the reconnection may work OK with other AFS servers. I have not tried that yet.

  • Like 1

Share this post


Link to post
Share on other sites

We have worked with Apple to understand why backups fail when users are logged out and the issue is a limitation within the operating system. When you log out, Apple makes some disks unavailable to Retrospect. Apple says that this is expected and normal behavior. The only solution is to log into the system for a backup.

 

Robin, I'm months late commenting on this, but I have to ask:

 

The issue is Client connectivity, not disk accessibility. While non-Server OS X does unmount externally attached volumes, one would assume the boot drive would remain available even without any instance of loginwindow running.

 

And for most folks, Retrospect OS X Client is in place to _read/backup_ the contents of volumes on the client computer. A limitation that Retrospect can only access internal physical-drive-hosted volumes when no user is logged in would be a bummer, but better then what appears to be the case that the entire client machine is unresponsive to network traffic.

 

And if in fact it's "normal behavior" for Retrospect to be blind to a client computer without a user logged into the Finder, why is this fact not in the online documentation (or in the tech specs, for that matter)? 

 

http://retrospect.com/en/documentation/user_guide/mac10

 

 

  • Like 2

Share this post


Link to post
Share on other sites

OK, so if it's a given that we can't back up a Mac without an active user logged in (and please note I'm referring to backing up the primary/boot drive, not external drives), how does everyone deal with this?

 

What I've been doing is having a scheduled backup at 6PM, after users have left; but that requires users not logging out. I'd prefer if users did log out, to ease maintenance and for general security. 

 

Do you schedule backups during the day?

 

Just use proactive? (But if a client isn't backed up via proactive, you don't get a warning email, like you do when a scripted backup fails). 

 

So what solutions is everyone using?

 

Thanks!

Share this post


Link to post
Share on other sites

I just use proactive backups -- what usually happens is that users get backed up as soon as they log in in the morning and that's sufficient.

 

I back up my servers, etc (which stay logged in) at night.

Share this post


Link to post
Share on other sites

Is this issue still present in Retrospect Client for Mac 11.5.0.137?

In other words, can Retrospect 11.5 backup up a client Mac when no user is logged in?

Share this post


Link to post
Share on other sites

It does not appear so.   From what I can tell, there really hasn't been a lot of functional difference in the Mac Retrospect client (apart from the Instant Scan stuff) related to this.

 

I think this is more an Apple issue than anything else...

Share this post


Link to post
Share on other sites

I think this is more an Apple issue than anything else...

 

I don't think so since Time Machine does perform whole system volume backups even if no users are logged in.

What is worth is that there isn't any reference to this on the product page or in the documentation (or, at least, I haven't found it).

Share this post


Link to post
Share on other sites

I don't think so since Time Machine does perform whole system volume backups even if no users are logged in.

 

Time Machine is part of the OS. It isn't an application or preference pane.

Share this post


Link to post
Share on other sites

Time Machine is part of the OS. It isn't an application or preference pane.

 

Are you telling me that on OS X it isn't possible for a third party to install a daemon in /Library/LaunchDaemons that runs as root to perform full system volume backup when no users are logged in?

If that's the case, I think that you should have a look at this link:

Technical Note TN2083: Daemons and Agents

Share this post


Link to post
Share on other sites

We have worked with Apple to understand why backups fail when users are logged out and the issue is a limitation within the operating system. When you log out, Apple makes some disks unavailable to Retrospect. Apple says that this is expected and normal behavior. The only solution is to log into the system for a backup.

 

 

Are you telling me that on OS X it isn't possible for a third party to install a daemon in /Library/LaunchDaemons that runs as root to perform full system volume backup when no users are logged in?

If that's the case, I think that you should have a look at this link:

Technical Note TN2083: Daemons and Agents

 

One paragraph in that technical note reflects what Mayoff wrote:

"For example, consider something as simple as accessing a preference file in the user's home directory. It's not possible for a daemon to reliably do this. If the user has an AFP home directory, or their home directory is protected by FileVault, the volume containing the home directory will only be mounted when the user is logged in. Moreover, it is not possible to mount the that volume without the user's security credentials (typically their password). So, if a daemon tries to get a user preference when the user is not logged in, it will fail."

(My emphasis. Hmmm... interesting wording.)

Share this post


Link to post
Share on other sites

One paragraph in that technical note reflects what Mayoff wrote:

...or their home directory is protected by FileVault...

 

This was an issue in the past, but home directories are no longer protected by FileVault; that changed several years ago. FileVault now protects the entire hard drive. Once the drive has been unlocked, it is accessible, even after logout.

 

Time Machine is part of the OS. It isn't an application or preference pane.

 

If you want a third-party example: FileMaker Server is able to host databases for network access when no user is logged in.

 

Perhaps more on point, FileSharing also works with no user logged in. If I can mount a network volume and copy all of its files to my hard drive, why can't Retrospect back up those same files?

Share this post


Link to post
Share on other sites

why can't Retrospect back up those same files?

I hope some Retrospect developer can (and will) answer that question.

I'm just a user, just like you and most others on this forum.

Share this post


Link to post
Share on other sites

"When you log out, Apple makes some disks unavailable to Retrospect."

 

Respectfully, while that type of edge case may understandably cause problems, this isn't specifically about network-mounted home directories or external USB drives, or FileVault protected drives.

 

This is about being able to back up the primary system hard drive when the computer is powered on, but no users are logged in.

 

FTP can provide access to any/all directories on the drive, with no Mac users logged in.

 

AFP can provide access to any/all directories on the drive, with no Mac users logged in.

 

At the system level, the main drive doesn't need to be mounted because it already is mounted.

 

To my mind, there are functions of the Mac OS X Retrospect client that *should* be running in user-space: the toolbar icon, notifications of backups, setting preferences.

 

However, there should also be a system daemon as someone else mentioned, running with administrator privileges, which is active whether or not a user is logged in. In fact, the Retrospect client currently IS running when no user it logged in. It just doesn't work as it should. Since FTP and AFP can provide access to any/all files (per configuration) to network clients without users being logged in, I believe it's reasonable to expect that retroclient should be able to as well.

 

For the moment I've moved to using proactive backups. But what I or any Mac admin should be able to do is tell Retrospect to wake all my Macs up at 6PM, run a full backup of all users, logged out or not, and then send me a summary email of any failures.

  • Like 1

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×