This Full Maintenance Release is HERE and addresses the issues described in the attached Release Notes. Please review the problem descriptions included to ensure your issue criteria is met prior to installing this Full Maintenance Release.
This build addresses the issues noted in the attached Release Notes which were found since the release of 10.2.2.36571 and can be installed directly on top of that build or older builds including 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1 and 10.2.2 as per the included documentation.
Please download the RMAD 10.2.2.38943 Full Maintenance Release by Clicking Here and installing according to the "...\Documentation\RecoveryManagerForAD_ReleaseNotes_en-us.pdf"
The latest full build of RMAD 10.2.2 (10.2.2.38943) includes the following:
IMPORTANT NOTIFICATION: Recovery Manager for Active Directory has deprecated support for a group managed service account (gMSA) to be specified as the account to connect to the backup agent for manually triggered backups. Managed service accounts will continue to be supported for scheduled backup tasks. In accordance with Microsoft®, it is recommended to not use a group managed service account (gMSA) for interactively initiated network connections such as Recovery Manager for Active Directory manually triggered backups. To enforce this recommendation and to address the vulnerability CVE-2023-21524 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21524), Microsoft has limited the usages of managed service accounts with a Windows Update.
By removing support for a gMSA to connect to the backup agent, this ensures an attacker does not exploit the RMAD backup agent to perform actions or access resources over the network. To utilize the benefits and security provided by a group managed service account (gMSA), we highly recommend that a gMSA account is used for the scheduled backup task.
When upgrading to Recovery Manager for Active Directory 10.2.2 Hotfix 3, if a gMSA is currently configured in computer collection properties as an account to connect to the backup agent (see Agent tab), it will automatically be removed to ensure security of the backup agent and your installation of RMAD. You can then configure a standard domain account in the computer collection properties as the account to connect to the backup agent. If not configured, the scheduled backup task account or the logged on user account will be used instead.
For information about managed service accounts and their usage in Recovery Manager for Active Directory see the section [Using Managed Service Accounts] in the Recovery Manager for Active Directory User Guide.
You can also configure Recovery Manager for Active Directory (RMAD) to back up data in an Active Directory® domain under a least-privileged user account and create a group named RMAD Backup Operators that will automatically grant the necessary permissions to back up data. See [Using a least-privileged user account to backup data] in the User Guide.
10.2.2 Hotfix 3 Resolved Issues:
- RMAD fails to perform backups when using GMSA account after Microsoft Patch applied KB5022289\KB5022286 - 406231
10.2.2 Hotfix 2 Enhancements:
- Support for OAuth2 authentication method for email notifications. Required due to deprecation of basic authentication for Exchange Online - 384541
10.2.2 Enhancements:
- Improve message the error while creating remote DCOM object failed because "Access is denied" - 263396
- Cannot restore a user from a backup that requires credentials for accessing it - 267022
- Support GMSA account type to run PS custom script (Agent side only) - 317648
- Installation option for hybrid service in the main product setup - 346507
- New hybrid configuration Powershell API - 346513
- Installer check updated for .NET 4.8 - 349988
- Full support for GMSA accounts for RMAD DRE/FE/Standard - 352707
- Support for Windows 2022 with exceptions. See User Guide - 363862
10.2.1 Enhancements:
- Usability improvements to the Computer Collections Properties dialog including removal of Logging tab and introduction of new tab for Secondary Storage - 283362
- Creation of Management Shell Guide which lists all available PowerShell® cmdlets, with examples. Appendix removed from User Guide - 275100
10.2 Enhancements:
- Rename system state backups to Active Directory® backups - RMADFE-3009, 218405
- Hide the "Components" tab in computer collection settings - RMADFE-3042, 218415
- SCOM 2019 support - 219783
- Pass through Synchronize across time zones from windows task scheduler to RMAD - RMADFE-952, 220703
- Create Logs Daily to be on by default - 223980
- Display operating system version for all backups - 228741
10.2.2 Hotfix 2 Resolved Issues:
- Include product name and version to the self-extracted installation package - 367930
- Remove Autorun from build, CD package - 380288
- Email notifications to O365 email is not supported when Basic Authentication disabled on tenant - 386176
- RMAD Console crashes when recovering SYSVOL from a backup using Repair Wizard - 388796
- SCOM: computer collection and RMAD instances are in not monitored health state - 393392
- Option to "Repair" an installation is greyed out - 383571
- Online restore wizard does not work on Windows 2016 with LSA protection and Secure Boot enabled - 226670
- Online restore wizard does not work on Windows 2022 with agent based restore and with LSA protection enabled - 367163
10.2.2 Hotfix 1 Resolved Issues:
- Restore-RMADDeletedObject cmdlet crashes when it's used without explicitly specified credentials - 382646
- Domains that are not synced with Azure AD should be present in the list of discovered domains but should not cause error (require credentials) while saving the configuration - 380628
- Cannot save ODR integration settings in RMAD due to an old forest/dc listed in discovered domains - 380625
- Offline Restore Wizard fails with Access Denied to install Offline Restore Agent - 375451
- Setup folder does not include .NET 4.8 after changing product requirement - 373180
- Full replication between two consoles is failing with 'The given key was not present in the dictionary' error - 322095
10.2.2 Resolved Issues:
- RMAD replication doesn't work with Group Managed Service Account (gMSA) configured for console connection - RMADFE-2594, 242195
- gMSA cannot be used when setting up replication - RMADFE-2519, 242560
- Use a gMSA account from one domain as the agent account for backing up DCs in a different domain does not work - 265197
- RMAD not finding backups requested by ODR in different timezones - 316404
- BackupAgent does not respect global logging setting "Create a new set of log files: Never" - 322747
- Update DisksInfoProvider to be more current and ignore unnecessary drive types - 323924
- ERDiskAD.mdb does not get imported, gets overwritten by blank rmad.db3 when installing the new version - 352421
- A v10.2.1 pre-installed backup agent fails when backup is requested by a v10.1.1 console - 353765
- Updating backup agent fails if custom port is configured - 354851
- Global settings dialog has a slightly broken layout on several tabs - 358457
- RMAD Console - Replication: Backup information is not being cleaned out of the console when it no longer exists on source - 359553
- RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection - 363140
- Installer log messages are truncated – 364258
10.2.1 Hotfix 2 Resolved Issues:
- RMAD Console Replication error (XML error) during replication when backup runs on master console - 351462
- Cleanup of metadata during restore of an unprotection object failed from accidental deletion - 354567
- RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection - 363140
- RMAD build 10.2.1.36279 will not install and triggers MS Defender notification – 366313
10.2.1 Hotfix 1 Resolved Issues:
- Error with diagram explaining Change Auditor integration - 323348
- GMSA workflow in the documentation is reportedly missing steps - 325726
- Cannot retry a snapshot if certain errors occurred while creating a backup – 330733
10.2.1 Resolved Issues:
- Allow to unselect Console storage immediately as alternative has been configured - 220573
- Large number of scheduled tasks can cause Console, Replication and PowerShell cmdlets to be extremely slow - RMADFE-1837, 242166
- Remove a BOM prefix from the script file - 257798
- Unpacking the backup and the retention policy may fail if the DC cannot be accessed via LDAP from the RMAD console machine - 279431
- RPC calls to Backup Agent are not retried on RPC_S_SERVER_TOO_BUSY error - 314812
- Misleading 'Unable to map the network share IPC$ on the computer' error message on attempt to map UNC share - 316902
- Installation fails with an invalid error message when using a local windows credential to connect to the remote SQL server - 317818
- Online Restore Wizard cannot undelete an object using a non-administrative account. Restoring an object in Online Restore Wizard using a non-administrative account may result in the following error for NT-Security-Descriptor attribute: "Cannot retrieve attribute value(s) from Active Directory. Possible reason: Insufficient access rights." To ignore this error, the NT-Security-Descriptor attribute can be excluded from the list of restored attributes – 293311
10.2 Hotfix 1 Resolved Issues:
- Installation of Quest personal certificates to the local certificate store failed. Receive error message to install Quest certificates later. This should not be required - 274643
- Computer Collection scheduled tasks removed after upgrade to 10.2 if gMSA used as the scheduled task account - 280854
- rmad.db3 file gets overwritten during an uninstall -> install of version 10.2 - 283069
- Cannot retain the uncheck "Global Catalog Servers" option in the Advanced tab of the Computer Collection properties window - 230397
- It will display 'Network access is denied' error in Win2016/2019 if specify account to restore GPO with "domain\username" format - 233623
- Cannot see some advanced objects in the object picker in Online Restore Wizard – 275027
10.2 Resolved Issues:
- Security Vulnerability - Sensitive comments embedded within client-side code sent to an end user machine - RMADFE-3244, 218142
- Security Vulnerability - Runtime hardening (SEP, ASLR and other) - RMADFE-3248, 218146
- Full replication fails when a DC is selected for the option 'Unpack each backup upon its creation' in the master console - RMADFE-1858, 218500
- Storage agent settings are not applied on install - 219910
- No progress/wait indication after clicking 'OK' on the 'Add Console…' dialog - 224321
- Backup fails if the Domain Controllers OU has a AzureADKerberos computer object in it as part of Azure AD FIDO deployment - 227903
- Improve documentation with information on number of scheduled computer collections for optimal performance - 232614
- Access Violation in the ProcessRequest function and crashes service - 232682
- Remove mutual exclusion mechanism between replication process and restore process - RMADFE-1575, 237972
- Display correct backup info and support restore for Collections with containers (not DCs) - 240580
- Retriable VSS error causes undefined behavior in Backup Agent on retry - 241825
- Modify the configuration to remove collision problems with SHA1, moved to SHA256 - 253913
- Retention policy ignores collection and consider backups of all collections - 259645