Recovery Manager for AD Disaster Recovery Edition (DRE) 10.3.1 latest build (Full Hotfix Release) (4376002)

This solution contains the latest full build of RMAD DRE 10.3.1 (currently 10.3.1.43711) Hotfix 3

This Full Maintenance Release is HERE and addresses the issues described in the attached Release Notes. Please review the problem descriptions included to ensure your issue criteria is met prior to installing this Full Maintenance Release.
This build addresses the issues noted in the attached Release Notes which were found since the release of 10.3.1.43009 and can be installed directly on top of that build or older builds including 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2, and 10.3 as per the included documentation.
Please download the RMAD DRE 10.3.1.43711 Full Maintenance Release by Clicking HERE  and installing according to the "...\Documentation\RecoveryManagerForAD_DisasterRecoveryEdition_ReleaseNotes_en-us.pdf"
The latest full build of RMAD DRE 10.3.1 (10.3.1.43711) includes the following:

10.3.1 Hotfix 3 Enhancements:

• Use different method other than SMB for "Get information about computer from backup" during recovery - 506275
• Support restore from backup in no NTLM environment when backup stored on DC - 506551

10.3.1 Hotfix 1 Enhancements:

• Validate version of Secure Storage agent from Secure Storage node - 473444
• Restore NETBIOS name during Clean OS recovery - 264188

10.3.1 Enhancements:

• Create new PowerShell cmdlet - Remove-RMADSession cmdlet - 370687
• Email notifications during integrity checks - 395979
• Allow to add a folder path for Forest Recovery projects to be included in backup - 396047
• Add support for US government GCC high accounts in exchange Oauth2 notifications - 402135
• Add collection Name/Id to PowerShell script parameters - 410125
• Allow to ignore missing/malfunctioning VSS writers - 412323
• Deprecate SCOM - 416078
• Diagnostic log BackupAgent64 - Allow for threshold on file size and overwrite - 418052
• Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller - 421517
• Add an option to disable automatic checking of manual and scheduled backups - 429365
• Remove Support for 2012 and 2012 R2 from supported operating systems and SQL Server 2012 - 437548
• Support using of LocalSystem account in scheduled backup - 437699
• Verify setting should warn if target windows version doesn't match backup windows version - 370842
• FR Console - Allow Integrity Check to be optional for backups during Verify Settings - 400616
• Deprecate ADVL - 414943
• Extend Collect Diagnostic Data Feature: Usage of Forest Recovery Agent instead of Separate Process - 417491
• Avoid install DNS server in case of external DNS used for Restore to Clean OS - Multi Tree Forest - RMADFE[1]2413, 242083
• Azure VM Creation: Do not create VMs with Public IPs - 352419
• Warning and information about required workaround: MSFT issue: BMR recovery on 2019 may fail with WinRE crash - 378305
• PreInstall windows features required for Clean OS - 408824
• Have restore Clean OS option to use Domain account for accessing clean machine if possible - 420196
• Send email notifications (alerts) on a failed backup upload to the cloud storage - 428425
• Support credentials that have access to multiple tenants - 437052
• Add support for Secure Storage agent on Windows Server Core - 444928

10.3 Hotfix 1 Enhancements:

• Allow for password complexity on forest recovery project files - 253917
• Soften default FR project password complexity rules; make them customizable via config file - 422735
• Allow to specify a region for Amazon S3 cloud storage - 423903

10.3 Enhancements:

• Salting mechanism for forest recovery project password hashes - 412667
• Show AD tombstone lifetime settings somewhere in a product UI - 353685
• Allow for password complexity - 253917
• BackupAgent does not respect global logging setting 'Create a new set of log files: Never' on the DC side - 381957
• TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand - 384624
• Forest level option to Resume all DC's without selecting them during recovery while paused in DSRM mode - 367808
• Have the Forest project files replicated using the RMAD replication feature - 374869
• Malware Remediation button to also include global malware scanning option - 369597
• Detect DNS server based on server capabilities - RMADFE-2242, 242068
• Implement primary DNS approach as default option for Automatic DNS selection - 358394
• Support multizone DNS delegation restore - 363514
• Automatic DNS selection on Repromotion phase should select restored DNS server on Recovery phase - 259424
• Display status of secure storage server when hardened with exceptions - 372705
• Azure VMs created in different Resource Group to Network Infrastructure - 352418
• Support shared Access Signature (SAS) for accessing Azure Storage - 388808
• Provide ability to export list of cloud storage and list of secure storage servers - 318697

10.3.1 Hotfix 3 Resolved Issues:

• Change "Full" to "AD" in "Retain recent backups" - 513320
• Domain recovery deletes DNS conditional forwarder to root domain - 519110
• RMAD Console "The server threw an exception" when accessing computer collection settings Advanced Run Scripts after moving database to a new host - 523958
• Invalid password. Cannot decrypt data at GetComputerInfoFromBackup step - 490646
• Forest Recovery should reset GC occupancy level to original value - 505147
• FRAgent crashes on DSRM reboot step - 510813
• Recovery report doesn't show quarantined files if the recovery was crashed/interrupted - 511476
• Error on FR console open: Unable to sort because the IComparer.Compare() method returns inconsistent results - 511477
• Recovery Report: Data retrieval fail for the subreport, 'DCReport', located at: DCReport. Please check the log files for more information - 518248
• Remove obsolete NS records for forest replicated zones - 520205
• When FR project was created from a backup (BMR or CleanOS), FSMO role owners after recovery do not reflect original FSMO roles distribution - 242050
• Correct User Guide around Secondary Storage and Secure Storage/Cloud Storage - 477761
• Remove confusing message about excessive network traffic when copying backups to secure storage - 513325
• "Failed to negotiate key exchange algorithm." error when automatically booting iDrac server - 517423

10.3.1 Hotfix 2 Resolved Issues:

• DNS should cleanup all non-relevant NS records - 487775
• Handle null values which can be returned from Change Auditor database query - 498663
• Static Analysis Security Issue: Out-of-bounds read/access for ud3convert - 498947
• Hybrid Restore Service: Time zone settings set to UTC - (negative offset) causes ODR restore objects fail with "No results received from the agent". - 504110
• Hybrid Restore Service: Issue with database upgrade when upgrading RMAD product - 505343
• Recovery project verification may fail with "Invalid password. Cannot decrypt data" error - 506570
• Hyper-V: Blue screen during Bare Metal Recovery at Restart domain controller in normal mode step if D: volume contains AD files such as NTDS.dit Stop code: 0xc00002e2 - 286589
• Cloud-Storage AWS: Console does not accept IAM user without access to all containers. - 490737
• Registering backups from secure storage server corrupts backup paths if PowerShell profile script contains custom output - 495345
• Replicated Secure Storage backups disappear on subsequent replications - 501520
• "Failed to connect to backup agent: Unable to perform request (101)." error when copying backup to secure storage - 504006
• Cloud Storage all stuck in Queued state and sending out massive amounts of failure emails - 504712
• Secure Storage engine should not use the FE/DRE Fault Tolerance connection strings - 509301

10.3.1 Hotfix 1 Resolved Issues:

• Hybrid Restore Service: Timezone and region settings set to UTC+ causes ODR Diff restore objects to hang on "Synchronizing object changes with Azure AD" - 444355
• Expand-RMADBackup crashes when it's executed simultaneously for multiple backups - 465177
• Poor performance of backup replication in Full Mode – 472789
• Invalid Version String in the rmad.db3 crashes the Console – 478037
• Correct User Guide about permissions required for online restore – 480678
• Disable IPv6 loopback for AD integrated DNS server – 487979
• Child domain forest-wide DNS zone gets wrong IP address – 487991
• Azure VM Creation: Unable to verify settings on the cloned Azure infrastructure template - 483661
• LSA protection enabled and online restore gets access denied on Windows 2022 - 486528
• Selected network adapter is not applied during HyperV/VMWare VM creation - 492184
• Invalid default subnetwork selected when configuring new resource group for Azure VM creation - 493636
• Unable to connect Azure to configure the infrastructure with Az 12.0 or Az.Accounts 3.0 modules - 494885
• "The term Get-AzLocation is not recognized…" error is displayed when configuring Azure infrastructure template - 495398

10.3.1 Resolved Issues:

• FSMO roles doesn't removed from non-recovered DC – 408607
• OnlineRestoreAgent.msi uninstalls Backup agent on DC if Backup agent exists. Backup agent also uninstalls ORA on DC if exists before install Backup Agent – 421201
• Perform integrity check after scheduled backup' option works incorrectly – 430626
• GPO Comparison Report error: "Uncaught Reference Error: Enumerator is not defined" – 431908
• Using Online Restore Wizard, any GPO Comparison Reports do not show the changes/differences because the information is hidden – 434960
• Do not store user account credential in the task for scheduled console config backup – 437559
• Too long replication in full mode – 438621
• Restore-RMADDeletedObject cmdlet throws "Invalid Password Cannot decrypt data" when backup is not accessible - improve error message – 440174
• DC side PowerShell script account requires SeInteractiveLogonRight, or the logon will fail – 444542
• Get information about computer from Backup takes too long to fail if backup access credentials are incorrect – 448638
• When forest domain is forest-wide replicated all DCs in forest should use its DC as primary DNS server – 468637
• Email notifications: SMTP authentication long password truncated after saving and reopening Recovery Manager Settings dialog – 470665
• Avoid install DNS server in case of external DNS used for Restore to Clean OS - Multi Tree Forest - RMADFE[1]2413, 242083
• Unable to Retry All operation for failed DC after FRC process restarted - 422083
• Backup access failed with user unfriendly error message - 422251
• Verify setting and recovery should show error if target windows version older than version in the backup - 432655
• Domain Removal during recovery leaves Trust account - 449224
• "Do Not Recover" checkbox state is not synced between "Advanced Actions" and "Configure Advanced Actions" dialogs - 450812
• Retry last fails with: "Object reference not set to an instance of an object" after cancelling DC on SetPrefferedDns then close/reopen FR console to resume recovery - 456538
• Forest Recovery Console crashes after project verification or forest recovery if email notification throws an error - 467130
• FR console crashes with Alerts configured after Verify Settings or Recovery if notification "From address" is invalid – 467637
• Backup file might be failed to be copied when secure storage option is set for collection - 375340
• "Last Integrity Check" column doesn't get updated in secure storage node - 425603
• Improve error message for verify settings Clean OS - 438269
• Fix integrity check settings for BMR backups - 445484
• Pulling backups from servers in NTLM restriction environment is not supported - 447207
• Clean OS recovery failed when Sysvol path match NTDS path - 461548
• Cloud Storage: For some reason the backup/upload process doesn't cleanup the shares it maps every once in a while - 464935

10.3 Hotfix 2 Resolved Issues:

• Online Restore Agent attempts to connect to a wrong domain controller when trying to perform an online recovery. – 431481
• Integrity checks of collections with backups to be stored in Azure Files (SMB share) fail. – 435383
• RMAD console crashes during Online Restore Wizard for AD LDS (ADAM) due to large number of objects. – 437753
• Online restore is failing with the error: Failed to create a remote object. DCOM configuration required. – 440746
• Support gMSA accounts for scheduled collections when "Network access: Do not allow storage of passwords and credentials for network authentication" is enabled. – 444925
• Automatic DNS configuration for forest replicated root domain zone – 423045
• Automatic Backup selection criteria always chooses remote backup even if local backup is newer. – 433601
• Inform user about the issues with DNS selection. – 440127
• Replicate FSMO owners retry during recovery when step is run on child domain dc "Replication don't work. Error#" – 428528
• Reset computer account password operation fails during BMR recovery. – 433325
• Verify Settings fails on Check Free Space if ComputerName or DomainName is not provided in Backup Access Credentials. – 437727
• Reset Trust Password step hangs when GC configured to rebuild – 445231

10.3 Hotfix 1 Resolved Issues:

• Cleanup CNAME DC record - RMADFE-2746, 242105
• Hybrid Restore selection is not being verified in installer when remote SQL and windows creds are being used - 359203
• Online Restore Wizard: "Objects to Be Processed" Add button browse not working properly - 411383
• New-RMADSchedule cmdlet doesn't support several weeks trigger - 414124
• Read zone info from inconsistent/partial registry key - 419904
• Hybrid restore may fail with the 'database is locked' error when restoring 50..100 objects - 424314
• Apply Group Policy step hangs if root domain DNS zone is forest-wide replicated - 427816
• Alternate paths are not provided to FR agent if UNC server name contains some special characters - 420386
• Last Integrity Check shows wrong time - 422094
• Custom action RemoveDllReference fails if no dll references are present in FRConsole.exe.config file - 422727
• Console Configuration Backup: unable to create backup on remote share with remote share credential specified - 422883

10.3 Resolved Issues:

• Online Restore Wizard: Reporting on Unchanged Objects - 377277
• Incorrect email subject message after unsuccessful/incomplete recovery - 406720
• Computer Column - Timing column for the backup jobs to assist users in estimating job lengths - 351058
• When the Additional path is offline, then a job that's only using local-storage completes with a warning. With Remote Storage, the job fails with an error - 370690
• ISO boot fails with a BSOD on Windows 2022 lab. To fix the issue, you need to add the latest cumulative update (any update after 7C-KB5015879) into WinRE.wim. Download the LCU September 13, 2022 — KB5017316 (OS Build 20348.1006) (microsoft.com). See the Quest Knowlege Base article KB4368806 for commands that need to be run - 376632
• Online Restore Wizard Directory object not found when restoring with old 2012 R2 backup to 2019 DC - 380226
• Issue with install - invalid SQL hostname during install/upgrade - 388182
• FSMO Roles are not displayed in the recovery report after restore - 376235
• Tab order on SQL Installer page is wrong - 397266
• No warning when accounts are missed on password reset - 302503
• Issues occur with Forest recovery if Administrator and Guest builtin accounts have been renamed - 273145
• The "DC for auth restore of Sysvol" dropdown is empty in the FR project settings - 412284
• Cannot access the recovery plan if no printer exists, or printer is not functioning properly - 375548
• Persistence restore session can become "stuck" - 365894
• Verify operation should check FSMO owners consistency in frproj - 370975
• Date format used to display date/time on progress screen in Forest Recovery Console does not follow the configured date/time format on the server - 374429
• Same domain name appears twice with different letter cases on project settings dialog - 252242
• iLO access password is logged in clear text - 317963
• 'Configure the domain controller as global catalog server' option is shown on FR console when the 'Restore Active Directory on Clean OS' recovery method is used - RMADFE-2830, 242200
• DNS is not working correctly after BMR recovery with multiple DNS domains hosted in one zone - RMADFE-2173, 242184
• Do not show skipped "Apply group policy" step on progress tab - 414312
• When overwrite VM if exists is not selected, event says creating VM when VM already exists - 318198
• Cloud Storage: AWS S3 upload fails with error after retention enabled on immutable bucket - 397464
• GC option does not work for Restore AD on clean OS - 384398
• Email notification feature new dependencies incompatible with latest Azure VM PowerShell Commandlets and causes issues with Azure VM Provisioning - 406811
• Azure VM creation fails with "Cannot boot Hypervisor Generation 1… errror" - 409019
• Target Virtual Machine populates with the word fake - 368647
• Cloud Storage: Default Add Storage dialog window size causes issues reading all content when adding AWS immutable cloud storage - 374915
• Update permissions required for AWS list operations required in UI - 396392
• PowerShell Module does not auto-import for SS agent - 373608
• Backup may be missing on secure storage server after collection backup completed – 372682
• Cloud Upload Session order keeps changing - 397267

10.3.1 Hotfix 3 Security Resolved Issues:

• Insecure SSL/TLS: bad certificate verifier - CWE-295, CWE-296, CWE-300 - 498948

10.3 Security Resolved Issues:

• Salting mechanism for forest recovery project and ADVL project password hashes - 412667
• Enforce password complexity on Forest Recovery project - 253917
• TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand - 384624