Recovery Manager for Active Directory Disaster Recovery Edition 10.3.2 - What is new and resolved (4379541)

Recovery Manager for Active Directory Disaster Recovery Edition 10.3.2 - What is new and resolved

10.3.2 New Features:

• Enhanced logging of actions in RMAD Console and Forest Recovery Console 
  
  • Event logging has been enhanced for actions that are performed in the RMAD console and Forest Recovery Console. Using the event viewer, actions on computer collections, forest recovery projects and much more can be audited.
• Create virtual machines in Microsoft Hyper-V and VMWare ESXi 
  
  • New ability to create virtual machines in Microsoft Hyper-V or VMWare ESXi and use the Restore Active Directory® to Clean OS recovery method or the Install Active Directory recovery method. To configure Microsoft Hyper-V or VMWare ESXi, new infrastructure templates are available.
• Security Guide 
  
  • With the 10.3.2 release, a new guide is available detailing all security information for Recovery Manager for Active Directory. This guide contains details on network communications, encryption algorithms, protection of data and much more
• Microsoft Windows Server 2025 
  
  • Recovery Manager for Active Directory version 10.3.2 now supports the operating system Microsoft Windows Server 2025 for product installation, backups and recovery.
• Support Virtual Machine Creation for Install from Media and Install Active Directory recovery methods 
  
  • Ability to create virtual machines in Azure, Microsoft Hyper-V and VMWare ESXi when using Install AD and Install from Media recovery methods. RMAD automatically creates the virtual machine and installs the Operating System using the provided image and settings from the Forest Recovery project and metadata in the backup.
• Run Phase 2 (Repromotion) of Recovery without Phase 1 
  
  • Using the phased recovery feature in Recovery Manager for Active Directory, you can now run the phase 2 (repromotion) without phase 1 to recover domain controllers directly through Repromotion method, providing even more flexibility to your forest recovery project.
• Promote Standalone Servers to Domain Controllers in Bulk 
  
  • Using the forest recovery project, manage your Active Directory by automating the promotion of domain controllers. New feature allows you to use the recovery process to promote standalone servers to domain controllers either as an operational task in a healthy environment or as part of the AD recovery.

10.3.2 Enhancements:

• Salting mechanism for forest recovery project password hashes - 412667
• Increase event viewer logging for console actions - 234185
• INTEGRITY CHECKS: Backups on remote storage must be checked by the backup agent - 445485 
• Allow multi-select when using "Register Backup File" in RMAD and FR consoles - 463748 
• Password Complexity Check on Backup Encryption Password - 473827 
• Replication engine should enforce backup retention policy - 500287 
• DNS forwarder zone information is lost when reading backup computer info - 533935 
• Allow for blank backup access credentials when backup is located on DC - 539083 
• User should be able to recovery on second phase (Repromotion) without running Phase 1 - RMADFE2618 / 242096 
• Reinstall DC on 2nd phase may fail if DC metadata retained in AD - RMADFE2642 / 242099 
• Reuse (cache) backup already copied to DC between several Verify attempts, and especially between Verify and Recovery - 253786 
• Allow user to specify the Replication DC used to Promote DC or join the domain from FR Console - 260108 
• Ability to provision a new DC in Forest Recovery Project (using IFM or Install AD for provisioning a new DC) - 364379 
• Add last modified date for computer collections - 386967 
• Show console configuration backups stored on secure storage server in RMAD console - 413892 
• Assign registry forwarder to primary forest root DNS server for all other DNS servers in forest - 493179 
• Allow forest recovery without prior project verification - 514577 
• Azure VM Creation: Support Azure Zone restrictions with Virtual machine size selection - 436655 
• Support VMWare vSphere with Restore CleanOS - 443708 
• Clean OS restore to Azure: Install only required Az Powershell modules - 455726 

10.3.1 Hotfix 3 Enhancements:

• Use different method other than SMB for "Get information about computer from backup" during recovery  - 506275 
• Support restore from backup in no NTLM environment when backup stored on DC  - 506551 

10.3.1 Hotfix 1 Enhancements:

• Validate version of Secure Storage agent from Secure Storage node - 473444
• Restore NETBIOS name during Clean OS recovery - 264188 

10.3.1 Enhancements:

• Create new PowerShell cmdlet - Remove-RMADSession cmdlet - 370687
• Email notifications during integrity checks - 395979
• Allow to add a folder path for Forest Recovery projects to be included in backup - 396047 
• Add support for US government GCC high accounts in exchange Oauth2 notifications - 402135
• Add collection Name/Id to PowerShell script parameters - 410125
• Allow to ignore missing/malfunctioning VSS writers - 412323
• Deprecate SCOM - 416078
• Diagnostic log BackupAgent64 - Allow for threshold on file size and overwrite - 418052
• Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller - 421517
• Add an option to disable automatic checking of manual and scheduled backups - 429365 
• Remove Support for 2012 and 2012 R2 from supported operating systems and SQL Server 2012 - 437548
• Support using of LocalSystem account in scheduled backup - 437699 
• Verify setting should warn if target windows version doesn't match backup windows version - 370842
• FR Console - Allow Integrity Check to be optional for backups during Verify Settings - 400616
• Deprecate ADVL - 414943
• Extend Collect Diagnostic Data Feature: Usage of Forest Recovery Agent instead of Separate Process - 417491 
• Avoid install DNS server in case of external DNS used for Restore to Clean OS - Multi Tree Forest - RMADFE2413 / 242083
• Azure VM Creation: Do not create VMs with Public IPs - 352419
• Warning and information about required workaround: MSFT issue: BMR recovery on 2019 may fail with WinRE crash - 378305
• PreInstall windows features required for Clean OS - 408824
• Have restore Clean OS option to use Domain account for accessing clean machine if possible - 420196
• Send email notifications (alerts) on a failed backup upload to the cloud storage - 428425
• Support credentials that have access to multiple tenants - 437052
• Add support for Secure Storage agent on Windows Server Core - 444928 

10.3.2 Resolved Issues:

• Performance difference between local and remote storage - 370691
• IFM method store temporary extracted backup on C:\ drive instead of Temp folder - 488677
• Log rotation interval not working as expected with logs found in root log folder - 515418
• Intermittent backup failures with error: Failed to connect to backup agent: Access is denied - 532286
• The DIT Database component cannot be backed up because the NTDS VSS writer is unavailable or does not work properly - 539934 
• Console configuration backup fails when password contains double quotes. - 443231
• Scheduled verify task succeeds when frproj has validation issues - 476407
• Open-RMADFEProject cmdlet does not work with relative path - 523257
• Console configuration backups do not support passwords containing spaces - 539417 
• "Cannot index into a null array" error on adding secure storage server. Secure storage server status when SMB registry configuration is corrupted. - 316435
• Secure Storage: Blank FRConsoleSettings.xml causes "The type initializer for 'QuestSoftware.RecoveryManager.FR.Settings.Settings' threw an exception." - 443993 
• Verify for "Restore from BMR backup" recreate ISO for every new backup - 476409
• Restore on Clean OS fails if DSRM password contains special characters - 476438
• Any backup on Secure Storage that was created while the Secure Storage server was added by Name, will not appear if you remove the Secure Storage Server and add it again by IP address - 480487
• Command injection is possible when adding secure storage server - 482729
• Previous backups are not shown when secure storage server name has been changed - 499695
• Secure Storage Agent version check ignores build number - 501169 
• Validate user input for Secure Storage Host name to mitigate command injection risks - 520906
• RMAD console crashes after migrating product databases and re-entering the cloud storage connection string - 540068 

10.3.1 Hotfix 3 Resolved Issues:

• Change "Full" to "AD" in "Retain recent backups" - 513320 
• Domain recovery deletes DNS conditional forwarder to root domain - 519110 
• RMAD Console "The server threw an exception" when accessing computer collection settings Advanced Run Scripts after moving database to a new host - 523958 
• Invalid password. Cannot decrypt data at GetComputerInfoFromBackup step - 490646
• Forest Recovery should reset GC occupancy level to original value - 505147
• FRAgent crashes on DSRM reboot step - 510813
• Recovery report doesn't show quarantined files if the recovery was crashed/interrupted - 511476
• Error on FR console open: Unable to sort because the IComparer.Compare() method returns inconsistent results - 511477
• Recovery Report: Data retrieval fail for the subreport, 'DCReport', located at: DCReport. Please check the log files for more information - 518248
• Remove obsolete NS records for forest replicated zones - 520205 
• When FR project was created from a backup (BMR or CleanOS), FSMO role owners after recovery do not reflect original FSMO roles distribution - RMADFE1997 / 242050 
• Correct User Guide around Secondary Storage and Secure Storage/Cloud Storage - 477761 
• Remove confusing message about excessive network traffic when copying backups to secure storage - 513325
• "Failed to negotiate key exchange algorithm." error when automatically booting iDrac server - 517423 
• Insecure SSL/TLS: bad certificate verifier - CWE-295, CWE-296, CWE-300 - 498948

10.3.1 Hotfix 2 Resolved Issues:

• DNS should cleanup all non-relevant NS records - 487775
• Handle null values which can be returned from Change Auditor database query - 498663
• Static Analysis Security Issue: Out-of-bounds read/access for ud3convert - 498947
• Hybrid Restore Service: Time zone settings set to UTC - (negative offset) causes ODR restore objects fail with "No results received from the agent". - 504110
• Hybrid Restore Service: Issue with database upgrade when upgrading RMAD product - 505343 
• Recovery project verification may fail with "Invalid password. Cannot decrypt data" error - 506570
• Hyper-V: Blue screen during Bare Metal Recovery at Restart domain controller in normal mode step if D: volume contains AD files such as NTDS.dit Stop code: 0xc00002e2 - 286589
• Cloud-Storage AWS: Console does not accept IAM user without access to all containers. - 490737
• Registering backups from secure storage server corrupts backup paths if PowerShell profile script contains custom output - 495345
• Replicated Secure Storage backups disappear on subsequent replications - 501520
• "Failed to connect to backup agent: Unable to perform request (101)." error when copying backup to secure storage - 504006
• Cloud Storage all stuck in Queued state and sending out massive amounts of failure emails - 504712
• Secure Storage engine should not use the FE/DRE Fault Tolerance connection strings - 509301 

10.3.1 Hotfix 1 Resolved Issues:

• Hybrid Restore Service: Timezone and region settings set to UTC+ causes ODR Diff restore objects to hang on "Synchronizing object changes with Azure AD" N/A 444355
• Expand-RMADBackup crashes when it's executed simultaneously for multiple backups - 465177
• Poor performance of backup replication in Full Mode - 472789
• Invalid Version String in the rmad.db3 crashes the Console - 478037 
• Correct User Guide about permissions required for online restore - 480678
• Disable IPv6 loopback for AD integrated DNS server - 487979
• Child domain forest-wide DNS zone gets wrong IP address - 487991 
• Azure VM Creation: Unable to verify settings on the cloned Azure infrastructure template - 483661
• LSA protection enabled and online restore gets access denied on Windows 2022 - 486528
• Selected network adapter is not applied during HyperV/VMWare VM creation - 492184
• Invalid default subnetwork selected when configuring new resource group for Azure VM creation - 493636
• Unable to connect Azure to configure the infrastructure with Az 12.0 or Az.Accounts 3.0 modules - 494885
• "The term Get-AzLocation is not recognized…" error is displayed when configuring Azure infrastructure template - 495398 

10.3.1 Resolved Issues:

• FSMO roles doesn't removed from non-recovered DC - 408607
• OnlineRestoreAgent.msi uninstalls Backup agent on DC if Backup agent exists. Backup agent also uninstalls ORA on DC if exists before install Backup Agent. - 421201
• Perform integrity check after scheduled backup' option works incorrectly - 430626
• GPO Comparison Report error: "Uncaught Reference Error: Enumerator is not defined" - 431908
• Using Online Restore Wizard, any GPO Comparison Reports do not show the changes/differences because the information is hidden - 434960
• Do not store user account credential in the task for scheduled console config backup - 437559
• Too long replication in full mode - 438621
• Restore-RMADDeletedObject cmdlet throws "Invalid Password Cannot decrypt data" when backup is not accessible - improve error message - 440174
• DC side PowerShell script account requires SeInteractiveLogonRight, or the logon will fail. - 444542
• Get information about computer from Backup takes too long to fail if backup access credentials are incorrect - 448638
• When forest domain is forest-wide replicated all DCs in forest should use its DC as primary DNS server - 468637
• Email notifications: SMTP authentication long password truncated after saving and reopening Recovery Manager Settings dialog - 470665 
• Avoid install DNS server in case of external DNS used for Restore to Clean OS - Multi Tree Forest - RMADFE2413 / 242083 
• Unable to Retry All operation for failed DC after FRC process restarted - 422083
• Backup access failed with user unfriendly error message - 422251
• Verify setting and recovery should show error if target windows version older than version in the backup - 432655
• Domain Removal during recovery leaves Trust account - 449224
• "Do Not Recover" checkbox state is not synced between "Advanced Actions" and "Configure Advanced Actions" dialogs - 450812
• Retry last fails with: "Object reference not set to an instance of an object" after canceling DC on SetPrefferedDns then close/reopen FR console to resume recovery - 456538
• Forest Recovery Console crashes after project verification or forest recovery if email notification throws an error - 467130
• FR console crashes with Alerts configured after Verify Settings or Recovery if notification "From address" is invalid - 467637 
• Backup file might be failed to be copied when secure storage option is set for collection - 375340
• "Last Integrity Check" column doesn't get updated in secure storage node - 425603
• Improve error message for verify settings Clean OS - 438269
• Fix integrity check settings for BMR backups - 445484
• Pulling backups from servers in NTLM restriction environment is not supported. - 447207
• Clean OS recovery failed when Sysvol path match NTDS path - 461548
• Cloud Storage: For some reason the backup/upload process doesn't cleanup the shares it maps every once in a while - 464935