Chat now with support
Chat mit Support

Recovery Manager for AD 10.3.1 - Release Notes

Release Notes

These release notes provide information about the Quest® Recovery Manager for Active Directory 10.3.1 release.

About Quest® Recovery Manager for Active Directory 10.3.1

Recovery Manager for Active Directory enables fast, online recovery. Comparison reports highlight what objects and attributes have been changed and deleted in Active Directory enabling efficient, focused recovery at the object or attribute level. Accurate backups and a quicker recovery enable you to reduce the time and costs associated with AD outages and reduce the impact on users throughout your organization.

Recovery Manager for Active Directory is based on patented technology.

Recovery Manager for Active Directory 10.3.1 is a release with new features and functionality. See New Features and Enhancements.

 

New Features and Enhancements

This section covers new features and enhancements in Quest® Recovery Manager for Active Directory 10.3.1.

Major Features

Updated Cryptographic Algorithms

Recovery Manager for Active Directory Version 10.3.1 has updated and validated all cryptographic algorithms used within each component of the product. RMAD 10.3.1 is using FIPS 140-2 validated algorithms and functions. Encryption is used within the product for encryption of backups, encryption of forest recovery project files, and encryption of all user entered passwords. For all encryption, the product uses AES-256 algorithms.

Enhanced Secure Storage Server

To support copying backups to Secure Storage Servers in environments where NTLM is disabled, Recovery Manager for Active Directory Version 10.3.1 has enhanced the implementation of Secure Storage Servers.

When NTLM is disabled, a standalone, non-domain joined Secure Storage Server cannot pull the backup from remote primary storage. With Version 10.3.1, RMAD now copies backups over a secure RPC channel that is protected by public/private key pairs and does not rely on either NTLM or Kerberos authentication.

End of Support of Active Directory Virtual Lab (ADVL)

The Active Directory Virtual Lab (ADVL) is a component of Recovery Manager for Active Directory that helps you create virtual test environments. This component has been deprecated in RMAD 10.3.1 and is no longer available. To continue to create virtual test environments the restore active directory to clean OS method can be utilized. Using the Restore Active Directory on Clean OS method you can restore on a freshly installed Windows virtual machine using an available AD backup to create a test environment for your disaster recovery plans.

End of Support for Management Pack for Microsoft System Center Operations Manager (SCOM)

Recovery Manager for Active Directory Management Pack for Microsoft System Center Operations Manager (SCOM) allows you to monitor the backup and restore operations performed by RMAD. There are two editions of RMAD Management Packs for SCOM: Regular and Limited. With the release of version 10.3.1 both Management Packs have been deprecated and will no longer be available.

Added support for US Government GCC High accounts in Exchange Online OAuth2 notifications

Support has been added for US Government GCC High accounts when using Exchange OAuth2 authentication for email notifications.

New Options for Backup Integrity Checks

Recovery Manager for Active Directory supports integrity checks for Active Directory backups. To ensure the integrity of your backup prior to a restore operation, integrity checks are completed by default.

In RMAD version 10.3.1, multiple options have been introduced to select if integrity checks will be performed. Active Directory backup integrity checks are very quick, while BMR and larger backups can take a long time to complete. As a result integrity checks are now optional. Options are available in Computer Collection Advanced properties and during Verify Settings.

Email notifications during integrity checks

After a Scheduled or Manual backup, if Alerts is enabled from the Computer Collection properties, the email notification sent to the user will now include the Integrity check success/failure status. The email notification can contain all integrity check messages or only warnings and errors. You can also configure emails to be sent always or only on warnings and errors.

Preinstall Windows Features with Restore to Clean OS method

During the Restore to Clean OS method, the following services will be installed, AD-Domain-Services, DNS, FS-FileServer, RSAT-AD-AdminCenter.

Collect Diagnostic Data available with a new operation of Forest Recovery Agent

The logic for collecting logs on a domain controller has been moved from a separate service to an operation on the Forest Recovery Agent. RPC Pipes are used to send the collected logs from the domain controller to the Forest Recovery Console.

Ability to set up password complexity rules

The password requirements can be modified via the Set-RMADFEGlobalOptions cmdlet with the two new parameters, FRPasswordComplexity and FRPasswordLength.

Support for Private IPs for Azure VM creation

When creating Azure virtual machines a new option has been introduced to specify private or public IP.

Send email notifications (alerts) on a failed backup upload to the cloud storage

New email notifications (alerts) available for the upload of a backup to cloud storage. Notifications will be sent if a cloud upload fails and backup email notifications are enabled.

Enhancements

General

Enhancement ID (old) Azure DevOps
Recovery Manager for Active Directory 10.3.1
Create new PowerShell cmdlet - Remove-RMADSession cmdlet N/A 370687
Email notifications during integrity checks N/A 395979
Allow to add a folder path for Forest Recovery projects to be included in backup N/A 396047
Add support for US government GCC high accounts in exchange Oauth2 notifications N/A 402135
Add collection Name/Id to PowerShell script parameters N/A 410125
Allow to ignore missing/malfunctioning VSS writers N/A 412323
Deprecate SCOM N/A 416078
Diagnostic log BackupAgent64 - Allow for threshold on file size and overwrite N/A 418052
Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller N/A 421517
Add an option to disable automatic checking of manual and scheduled backups N/A 429365
Remove Support for 2012 and 2012 R2 from supported operating systems and SQL Server 2012 N/A 437548
Support using of LocalSystem account in scheduled backup N/A 437699
Recovery Manager for Active Directory 10.3
Salting mechanism for forest recovery project password hashes N/A 412667
Show AD tombstone lifetime settings somewhere in a product UI N/A 353685
Allow for password complexity N/A 253917
BackupAgent does not respect global logging setting 'Create a new set of log files: Never' on the DC side. N/A 381957
TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand N/A 384624
Recovery Manager for Active Directory 10.2.2 Hotfix 2
Support for OAuth2 authentication method for email notifications. Required due to deprecation of basic authentication for Exchange Online N/A 384541
Recovery Manager for Active Directory 10.2.2
Improve message the error while creating remote DCOM object failed because "Access is denied" N/A 263396
Cannot restore a user from a backup that requires credentials for accessing it N/A 267022
Support GMSA account type to run PS custom script (Agent side only) N/A 317648
Installation option for hybrid service in the main product setup N/A 346507
New hybrid configuration Powershell API N/A 346513
Installer check updated for .NET 4.8 N/A 349988
Full support for GMSA accounts for RMAD DRE/FE/Standard N/A 352707
Support for Windows 2022 with exceptions. See User Guide N/A 363862
Recovery Manager for Active Directory 10.2.1
Usability improvements to the Computer Collections Properties dialog including removal of Logging tab and introduction of new tab for Secondary Storage N/A 283362
Creation of Management Shell Guide which lists all available PowerShell® cmdlets, with examples. Appendix removed from User Guide N/A 275100
Recovery Manager for Active Directory 10.2
Rename system state backups to Active Directory® backups RMADFE-3009 218405
Hide the "Components" tab in computer collection settings RMADFE-3042 218415
SCOM 2019 support N/A 219783
Pass through Synchronize across time zones from windows task scheduler to RMAD RMADFE-952 220703
Create Logs Daily to be on by default N/A 223980
Display operating system version for all backups N/A 228741

 

Resolved Issues

General Resolved Issues

Resolved Issues ID (old) Azure DevOps
Recovery Manager for Active Directory 10.3.1
FSMO roles doesn't removed from non-recovered DC N/A 408607
OnlineRestoreAgent.msi uninstalls Backup agent on DC if Backup agent exists. Backup agent also uninstalls ORA on DC if exists before install Backup Agent. N/A 421201
Perform integrity check after scheduled backup' option works incorrectly N/A 430626
GPO Comparison Report error: "Uncaught Reference Error: Enumerator is not defined" N/A 431908
Using Online Restore Wizard, any GPO Comparison Reports do not show the changes/differences because the information is hidden N/A 434960
Do not store user account credential in the task for scheduled console config backup N/A 437559
Too long replication in full mode N/A 438621
Restore-RMADDeletedObject cmdlet throws "Invalid Password Cannot decrypt data" when backup is not accessible - improve error message N/A 440174
DC side PowerShell script account requires SeInteractiveLogonRight, or the logon will fail. N/A 444542
Get information about computer from Backup takes too long to fail if backup access credentials are incorrect N/A 448638
When forest domain is forest-wide replicated all DCs in forest should use its DC as primary DNS server N/A 468637
Email notifications: SMTP authentication long password truncated after saving and reopening Recovery Manager Settings dialog N/A 470665
Recovery Manager for Active Directory 10.3 Hotfix 2
Online Restore Agent attempts to connect to a wrong domain controller when trying to perform an online recovery N/A 431481
Integrity checks of collections with backups to be stored in Azure Files (SMB share) fail. N/A 435383
RMAD console crashes during Online Restore Wizard for AD LDS (ADAM) due to large number of objects. N/A 437753
Online restore is failing with the error: Failed to create a remote object. DCOM configuration required. N/A 440746
Support gMSA accounts for scheduled collections when "Network access: Do not allow storage of passwords and credentials for network authentication" is enabled. N/A 444925
Recovery Manager for Active Directory 10.3 Hotfix 1
Cleanup CNAME DC record RMADFE-2746 242105
Hybrid Restore selection is not being verified in installer when remote SQL and windows creds are being used. N/A 359203
Online Restore Wizard: "Objects to Be Processed" Add button browse not working properly N/A 411383
New-RMADSchedule cmdlet doesn't support several weeks trigger N/A 414124
Read zone info from inconsistent/partial registry key N/A 419904
Hybrid restore may fail with the 'database is locked' error when restoring 50..100 objects N/A 424314
Apply Group Policy step hangs if root domain DNS zone is forest-wide replicated N/A 427816
Recovery Manager for Active Directory 10.3
Online Restore Wizard: Reporting on Unchanged Objects N/A 377277
Incorrect email subject message after unsuccessful/incomplete recovery N/A 406720
Computer Column - Timing column for the backup jobs to assist users in estimating job lengths N/A 351058
When the Additional path is offline, then a job that's only using local-storage completes with a warning. With Remote Storage, the job fails with an error. N/A 370690
ISO boot fails with a BSOD on Windows 2022 lab. To fix the issue, you need to add the latest cumulative update (any update after 7C-KB5015879) into WinRE.wim. Download the LCU September 13, 2022 — KB5017316 (OS Build 20348.1006) (microsoft.com). See the Quest Knowledge Base article KB4368806 for commands that need to be run. N/A 376632
Online Restore Wizard Directory object not found when restoring with old 2012 R2 backup to 2019 DC N/A 380226
Issue with install - invalid SQL hostname during install/upgrade N/A 388182
FSMO Roles are not displayed in the recovery report after restore N/A 376235
Tab order on SQL Installer page is wrong N/A 397266
Recovery Manager for Active Directory 10.2.2 Hotfix 3
RMAD fails to perform backups when using GMSA account after Microsoft Patch applied KB5022289 \ KB5022286 N/A 406231
Recovery Manager for Active Directory 10.2.2 Hotfix 2
Include product name and version to the self-extracted installation package N/A 367930
Remove Autorun from build, CD package N/A 380288
Email notifications to O365 email is not supported when Basic Authentication disabled on tenant N/A 386176
RMAD Console crashes when recovering SYSVOL from a backup using Repair Wizard N/A 388796
SCOM: computer collection and RMAD instances are in not monitored health state N/A 393392
Option to "Repair" an installation is grayed out N/A 383571
Online restore wizard does not work on Windows 2016 with LSA protection and Secure Boot enabled N/A 226670
Online restore wizard does not work on Windows 2022 with agent based restore and with LSA protection enabled N/A 367163
Recovery Manager for Active Directory 10.2.2 Hotfix 1
Restore-RMADDeletedObject cmdlet crashes when it's used without explicitly specified credentials N/A 382646
Domains that are not synced with Azure AD should be present in the list of discovered domains but should not cause error (require credentials) while saving the configuration N/A 380628
Cannot save ODR integration settings in RMAD due to an old forest/dc listed in discovered domains N/A 380625
Offline Restore Wizard fails with Access Denied to install Offline Restore Agent N/A 375451
Setup folder does not include .NET 4.8 after changing product requirement N/A 373180
Full replication between two consoles is failing with 'The given key was not present in the dictionary' error N/A 322095
Recovery Manager for Active Directory 10.2.2
RMAD replication doesn't work with Group Managed Service Account (gMSA) configured for console connection RMADFE-2594 242195
gMSA cannot be used when setting up replication RMADFE-2519 242560
Use a gMSA account from one domain as the agent account for backing up DCs in a different domain does not work N/A 265197
RMAD not finding backups requested by ODR in different timezones N/A 316404
BackupAgent does not respect global logging setting "Create a new set of log files: Never" N/A 322747
Update DisksInfoProvider to be more current and ignore unnecessary drive types N/A 323924
ERDiskAD.mdb does not get imported, gets overwritten by blank rmad.db3 when installing the new version. N/A 352421
A v10.2.1 pre-installed backup agent fails when backup is requested by a v10.1.1 console N/A 353765
Updating backup agent fails if custom port is configured. N/A 354851
Global settings dialog has a slightly broken layout on several tabs N/A 358457
RMAD Console - Replication: Backup information is not being cleaned out of the console when it no longer exists on source N/A 359553
RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection N/A 363140
Installer log messages are truncated N/A 364258
Recovery Manager for Active Directory 10.2.1 Hotfix 2
RMAD Console Replication error (XML error) during replication when backup runs on master console N/A 351462
Cleanup of metadata during restore of an unprotection object failed from accidental deletion N/A 354567
RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection N/A 363140
RMAD build 10.2.1.36279 will not install and triggers MS Defender notification N/A 366313
Recovery Manager for Active Directory 10.2.1 Hotfix1
Error with diagram explaining Change Auditor integration N/A 323348
GMSA workflow in the documentation is reportedly missing steps N/A 325726
Cannot retry a snapshot if certain errors occurred while creating a backup N/A 330733
Recovery Manager for Active Directory 10.2.1
Allow to unselect Console storage immediately as alternative has been configured N/A 220573
Large number of scheduled tasks can cause Console, Replication and PowerShell cmdlets to be extremely slow RMADFE-1837 242166
Remove a BOM prefix from the script file N/A 257798
Unpacking the backup and the retention policy may fail if the DC cannot be accessed via LDAP from the RMAD console machine N/A 279431
RPC calls to Backup Agent are not retried on RPC_S_SERVER_TOO_BUSY error N/A 314812
Misleading 'Unable to map the network share IPC$ on the computer' error message on attempt to map UNC share N/A 316902
Installation fails with an invalid error message when using a local windows credential to connect to the remote SQL server N/A 317818
Online Restore Wizard cannot undelete an object using a non-administrative
account. Restoring an object in Online Restore Wizard using a
non-administrative account may result in the following error for NT-Security-Descriptor attribute: "Cannot retrieve attribute value(s) from Active Directory. Possible reason: Insufficient access rights." To ignore this error, the NT-Security-Descriptor attribute can be excluded from the list of restored attributes.
N/A 293311
Recovery Manager for Active Directory 10.2 Hotfix 1
Installation of Quest personal certificates to the local certificate store failed. Receive error message to install Quest certificates later. This should not be required. N/A 274643
Computer Collection scheduled tasks removed after upgrade to 10.2 if gMSA used as the scheduled task account N/A 280854
rmad.db3 file gets overwritten during an uninstall -> install of version 10.2 N/A 283069
Cannot retain the uncheck "Global Catalog Servers" option in the Advanced tab of the Computer Collection properties window N/A 230397
It will display 'Network access is denied' error in Win2016/2019 if specify account to restore GPO with "domain\username" format N/A/ 233623
Cannot see some advanced objects in the object picker in Online Restore Wizard N/A 275027
Recovery Manager for Active Directory 10.2
Security Vulnerability - Sensitive comments embedded within client-side code sent to an end user machine RMADFE-3244 218142
Security Vulnerability - Runtime hardening (SEP, ASLR and other) RMADFE-3248 218146
Full replication fails when a DC is selected for the option 'Unpack each backup upon its creation' in the master console RMADFE-1858 218500
Storage agent settings are not applied on install N/A 219910
No progress/wait indication after clicking 'OK' on the 'Add Console…' dialog N/A 224321
Backup fails if the Domain Controllers OU has a AzureADKerberos computer object in it as part of Azure AD FIDO deployment N/A 227903
Improve documentation with information on number of scheduled computer collections for optimal performance N/A 232614
Access Violation in the ProcessRequest function and crashes service N/A 232682
Remove mutual exclusion mechanism between replication process and restore process RMADFE-1575 237972
Display correct backup info and support restore for Collections with containers (not DCs) N/A 240580
Retriable VSS error causes undefined behavior in Backup Agent on retry N/A 241825
Modify the configuration to remove collision problems with SHA1, moved to SHA256 N/A 253913
Retention policy ignores collection and consider backups of all collections N/A 259645

 

Security

Recovery Manager for Active Directory fully supports Transport Layer Security (TLS) 1.2. It is recommended that you upgrade to TLS 1.2 for secure communications.

Security Resolved Issue ID (old) Azure DevOps
Recovery Manager for Active Directory 10.3
Salting mechanism for forest recovery project and ADVL project password hashes N/A 412667
Enforce password complexity on Forest Recovery project N/A 253917
TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand N/A 384624
Recovery Manager for Active Directory 10.2.1
Do not use SHA1 for key derivation function to generate hash for creation of
AES-256 key for backup encryption
--- ---

 

Self-Service-Tools
Knowledge Base
Benachrichtigungen und Warnmeldungen
Produkt-Support
Software-Downloads
Technische Dokumentationen
Benutzerforen
Videoanleitungen
RSS Feed
Kontakt
Unterstützung bei der Lizenzierung
Technische Support
Alle anzeigen
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen