Recovery Manager for AD Forest Edition 10.3 latest build (Full Hotfix Release) (4373128)

Recovery Manager for AD Forest Edition 10.3 latest build (Full Hotfix Release)

This solution contains the latest full build of RMADFE 10.3 (currently 10.3.0.40816)

This Full Maintenance Release is HERE  and addresses the issues described in the attached Release Notes. Please review the problem descriptions included to ensure your issue criteria is met prior to installing this Full Maintenance Release.
This build addresses the issues noted in the attached Release Notes which were found since the release of 10.3.0.39876 and can be installed directly on top of that build or older builds including 10.0, 10.0.1, 10.1, 10.1.1, 10.2, 10.2.1, 10.2.2 and 10.3 as per the included documentation.
Please download the RMADFE 10.3.0.40816 Full Maintenance Release by Clicking Here  and installing according to the "...\Documentation\RecoveryManagerForAD_ForestEdition_ReleaseNotes_en-us.pdf"
The latest full build of RMAD 10.3 (10.3.0.40816) includes the following:

10.3 Hotfix 2 New Features:

• Support of SQL Server 2022
  • Recovery Manager for Active Directory has been tested and fully functions with SQL Server 2022.
• Allow to ignore missing/malfunctioning VSS writers
  • If DFSR writer is unavailable, RMAD will create a backup with a warning that SYSVOL was not backed up. To change this behavior, a new registry for the Recovery Manager Console has been created.
• Use remote storage credentials for integrity check against backups located on a domain controller
  • Use the Remote Storage credentials instead of the logged on user or scheduled task account, to run the integrity check when creating a backup from the console, or the scheduled task.

10.3 Hotfix 1 New Features:

• PowerShell cmdlets to Manage Password Complexity
  • New PowerShell cmdlets to manage password complexity requirements for forest recovery project files. Ability to modify password requirements via the Set-RMADFEGlobalOptions cmdlet.
• Select Region for Amazon S3 Cloud Storage
  • Ability to specify a region for Amazon S3 cloud storage.

10.3 Hotfix 2 Enhancements:

• Allow to ignore missing/malfunctioning VSS writers – 412323
• INTEGRITY CHECKS: Use remote storage credentials to access the backup storage when running integrity check for backups located on a domain controller – 421517

10.3 Hotfix 1 Enhancements:

• Allow for password complexity on forest recovery project files - 253917
• Soften default FR project password complexity rules; make them customizable via config file - 422735

10.3 Enhancements:

• Salting mechanism for forest recovery project password hashes - 412667
• Show AD tombstone lifetime settings somewhere in a product UI - 353685
• BackupAgent does not respect global logging setting 'Create a new set of log files: Never' on the DC side - 381957
• TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand - 384624
• Forest level option to Resume all DC's without selecting them during recovery while paused in DSRM mode - 367808\Have the Forest project files replicated using the RMAD replication feature - 374869
• Malware Remediation button to also include global malware scanning option - 369597
• Detect DNS server based on server capabilities - RMADFE-2242, 242068
• Implement primary DNS approach as default option for Automatic DNS selection - 358394
• Support multizone DNS delegation restore - 363514
• Automatic DNS selection on Repromotion phase should select restored DNS server on Recovery phase - 259424

10.2.2 Hotfix 2 Enhancements:

• Support for OAuth2 authentication method for email notifications. Required due to deprecation of basic authentication for Exchange Online - 384541
• Option for pre-installed online recovery agent - 358029
• Support for agent based restore with LSA protection for Windows 2022 - 318168

10.2.2 Enhancements:

• Improve message the error while creating remote DCOM object failed because "Access is denied" - 263396
• Cannot restore a user from a backup that requires credentials for accessing it - 267022
• Support GMSA account type to run PS custom script (Agent side only) - 317648
• Installation option for hybrid service in the main product setup - 346507
• New hybrid configuration Powershell API - 346513
• Installer check updated for .NET 4.8 - 349988
• Full support for GMSA accounts for RMAD DRE/FE/Standard - 352707
• Support for Windows 2022 with exceptions. See User Guide – 363862

10.2.1 Enhancements:

• Usability improvements to the Computer Collections Properties dialog including removal of Logging tab and introduction of new tab for Secondary Storage – 283362
• Creation of Management Shell Guide which lists all available PowerShell® cmdlets, with examples. Appendix removed from User Guide - 275100
• Automatically enable File and Printer Sharing on the clean OS machine when installing FR agent - RMADFE-2778, 242106
• RMAD Console and Forest Recovery Agent cannot read AD configuration with more than 1000 sites - 274279

10.2 Enhancements:

• Rename system state backups to Active Directory® backups - RMADFE-3009, 218405
• Hide the "Components" tab in computer collection settings - RMADFE-3042, 218415
• SCOM 2019 support – 219783
• Pass through Synchronize across time zones from windows task scheduler to RMAD - RMADFE-952, 220703
• Create Logs Daily to be on by default – 223980
• Display operating system version for all backups – 228741
• Forest Recovery simulation mode available - RMADFE-920, 218277
• The 'View Recovery Report' action should be available as one of the post recovery dialog actions - RMADFE-3034, 218413
• Encrypt credentials in Forest Recovery project using AESCryptoServiceProvider instead of TripleDESCryptoServiceProvider - RMADFE-2199, 220948
• Allow RMAD backup to continue if forest recovery agent cannot be installed - 221433
• Set default global catalog handling option to "Keep GC Intact" - 223871
• Show 'object's tombstone is expired' detailed warning in the Online Restore Wizard - RMADFE-1613, 223987
• Default recovery method to the Repromotion phase should be "Install AD", not "ReinstallAD" - 234195
• Tool to update backup creation date in simulation projects - 234197
• Keep previous recovery methods when changing recovery mode like Forest Recovery --> Repromotion --> Forest Recovery - 234201
• Every DC in simulation project should have a backup created for this domain controller so all recovery methods are available - 234203

10.3 Hotfix 2 Resolved Issues:

• Online Restore Agent attempts to connect to a wrong domain controller when trying to perform an online recovery. – 431481
• Integrity checks of collections with backups to be stored in Azure Files (SMB share) fail. – 435383
• RMAD console crashes during Online Restore Wizard for AD LDS (ADAM) due to large number of objects. – 437753
• Online restore is failing with the error: Failed to create a remote object. DCOM configuration required. – 440746
• Support gMSA accounts for scheduled collections when "Network access: Do not allow storage of passwords and credentials for network authentication" is enabled. – 444925
• Automatic DNS configuration for forest replicated root domain zone – 423045
• Automatic Backup selection criteria always chooses remote backup even if local backup is newer. – 433601
• Inform user about the issues with DNS selection. – 440127

10.3 Hotfix 1 Resolved Issues:

• Cleanup CNAME DC record - RMADFE-2746, 242105
• Hybrid Restore selection is not being verified in installer when remote SQL and windows creds are being used - 359203
• Online Restore Wizard: "Objects to Be Processed" Add button browse not working properly - 411383
• New-RMADSchedule cmdlet doesn't support several weeks trigger - 414124
• Read zone info from inconsistent/partial registry key - 419904
• Hybrid restore may fail with the 'database is locked' error when restoring 50..100 objects - 424314
• Apply Group Policy step hangs if root domain DNS zone is forest-wide replicated - 427816
• Alternate paths are not provided to FR agent if UNC server name contains some special characters - 420386
• Last Integrity Check shows wrong time - 422094
• Custom action RemoveDllReference fails if no dll references are present in FRConsole.exe.config file - 422727
• Console Configuration Backup: unable to create backup on remote share with remote share credential specified - 422883

10.3 Resolved Issues:

• Online Restore Wizard: Reporting on Unchanged Objects - 377277
• Incorrect email subject message after unsuccessful/incomplete recovery - 406720
• Computer Column - Timing column for the backup jobs to assist users in estimating job lengths - 351058
• When the Additional path is offline, then a job that's only using local-storage completes with a warning. With Remote Storage, the job fails with an error - 370690
• ISO boot fails with a BSOD on Windows 2022 lab. To fix the issue, you need to add the latest cumulative update (any update after 7C-KB5015879) into WinRE.wim. Download the LCU September 13, 2022 — KB5017316 (OS Build 20348.1006) (microsoft.com). See the Quest Knowlege Base article KB4368806 for commands that need to be run - 376632
• Online Restore Wizard Directory object not found when restoring with old 2012 R2 backup to 2019 DC - 380226
• Issue with install - invalid SQL hostname during install/upgrade - 388182
• FSMO Roles are not displayed in the recovery report after restore - 376235
• Tab order on SQL Installer page is wrong - 397266
• No warning when accounts are missed on password reset - 302503
• Issues occur with Forest recovery if Administrator and Guest builtin accounts have been renamed - 273145
• The "DC for auth restore of Sysvol" dropdown is empty in the FR project settings - 412284
• Cannot access the recovery plan if no printer exists, or printer is not functioning properly - 375548
• Persistence restore session can become "stuck" - 365894
• Verify operation should check FSMO owners consistency in frproj - 370975
• Date format used to display date/time on progress screen in Forest Recovery Console does not follow the configured date/time format on the server - 374429
• Same domain name appears twice with different letter cases on project settings dialog - 252242
• iLO access password is logged in clear text - 317963
• 'Configure the domain controller as global catalog server' option is shown on FR console when the 'Restore Active Directory on Clean OS' recovery method is used - RMADFE-2830, 242200
• DNS is not working correctly after BMR recovery with multiple DNS domains hosted in one zone - RMADFE-2173, 242184
• Do not show skipped "Apply group policy" step on progress tab - 414312

10.2.2 Hotfix 3 Resolved Issues:

• RMAD fails to perform backups when using GMSA account after Microsoft Patch applied KB5022289 \ KB5022286 - 406231

10.2.2 Hotfix 2 Resolved Issues:

• Include product name and version to the self-extracted installation package - 367930
• Remove Autorun from build, CD package - 380288
• Email notifications to O365 email is not supported when Basic Authentication disabled on tenant - 386176
• RMAD Console crashes when recovering SYSVOL from a backup using Repair Wizard - 388796
• SCOM: computer collection and RMAD instances are in not monitored health state - 393392
• Option to "Repair" an installation is grayed out - 383571
• Online restore wizard does not work on Windows 2016 with LSA protection and Secure Boot enabled - 226670
• Online restore wizard does not work on Windows 2022 with agent based restore and with LSA protection enabled – 367163
• Forest recovery step Configure DNS server slow - 355113
• Forest recovery failed at Apply group policy step - 384999
• Loopback address is duplicated in DNS client settings - 364187
• Apply Group Policy step should not restart DC if not required - 381177
• Skip removing deletion protection from domain controller objects when doing metadata cleanup - 395989

10.2.2 Hotfix 1 Resolved Issues:

• Restore-RMADDeletedObject cmdlet crashes when it's used without explicitly specified credentials - 382646
• Domains that are not synced with Azure AD should be present in the list of discovered domains but should not cause error (require credentials) while saving the configuration - 380628
• Cannot save ODR integration settings in RMAD due to an old forest/dc listed in discovered domains - 380625
• Offline Restore Wizard fails with Access Denied to install Offline Restore Agent - 375451
• Setup folder does not include .NET 4.8 after changing product requirement - 373180
• Full replication between two consoles is failing with 'The given key was not present in the dictionary' error - 322095
• Check Forest Health uses the local credentials to create a test user - 374940
• Manage Domain Controller Tools allow to manage agents for "Do not recover" domain controllers using "invisible" credentials - 372411
• Forest Recovery projects are not loaded automatically after upgrade if they were created by the prior version - 322930

10.2.2 Resolved Issues:

• RMAD replication doesn't work with Group Managed Service Account (gMSA) configured for console connection - RMADFE-2594, 242195
• gMSA cannot be used when setting up replication - RMADFE-2519, 242560
• Use a gMSA account from one domain as the agent account for backing up DCs in a different domain does not work - 265197
• RMAD not finding backups requested by ODR in different timezones - 316404
• BackupAgent does not respect global logging setting "Create a new set of log files: Never" - 322747
• Update DisksInfoProvider to be more current and ignore unnecessary drive types - 323924
• ERDiskAD.mdb does not get imported, gets overwritten by blank rmad.db3 when installing the new version - 352421
• A v10.2.1 pre-installed backup agent fails when backup is requested by a v10.1.1 console - 353765
• Updating backup agent fails if custom port is configured - 354851
• Global settings dialog has a slightly broken layout on several tabs - 358457
• RMAD Console - Replication: Backup information is not being cleaned out of the console when it no longer exists on source - 359553
• RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection - 363140
• Installer log messages are truncated - 364258
• Installing Forest Recovery agent hangs if SMB shares are disabled - 285225
• Antivirus scanning failed with 'Path too long' error - 324610
• FRConsole broken due to undocumented new System Requirements for FR Console - 325287
• FR Console Crashes after recovery cancellation - 363341

10.2.1 Hotfix 2 Resolved Issues:

• RMAD Console Replication error (XML error) during replication when backup runs on master console - 351462
• Cleanup of metadata during restore of an unprotection object failed from accidental deletion - 354567
• RMAD Console: Diagnostic Logging drop-down reverts to Global Settings when enabled within Advanced settings of Computer Collection - 363140
• RMAD build 10.2.1.36279 will not install and triggers MS Defender notification - 366313
• Install AD/IFM operation may fail unable to bind replicationPartner parameter - 356459

10.2.1 Hotfix 1 Resolved Issues:

• Error with diagram explaining Change Auditor integration - 323348
• GMSA workflow in the documentation is reportedly missing steps - 325726
• Cannot retry a snapshot if certain errors occurred while creating a backup - 330733
• Forest Recovery Console takes a long time to apply backup selection criteria - 322570
• Online Restore Wizard cannot connect to Change Auditor database if the agent-based method is selected - 325775
• Verify Setting may fail at pre-recovery checking DSRM password - 328446
• Protect object from accidental deletion prevents Metadata Cleanup from removing DC computer object - 330979

10.2.1 Resolved Issues:

• Allow to unselect Console storage immediately as alternative has been configured - 220573
• Large number of scheduled tasks can cause Console, Replication and PowerShell cmdlets to be extremely slow - RMADFE-1837, 242166
• Remove a BOM prefix from the script file - 257798
• Unpacking the backup and the retention policy may fail if the DC cannot be accessed via LDAP from the RMAD console machine - 279431
• RPC calls to Backup Agent are not retried on RPC_S_SERVER_TOO_BUSY error - 314812
• Misleading 'Unable to map the network share IPC$ on the computer' error message on attempt to map UNC share - 316902
• Installation fails with an invalid error message when using a local windows credential to connect to the remote SQL server - 317818
• Online Restore Wizard cannot undelete an object using a non-administrative account. Restoring an object in Online Restore Wizard using a non-administrative account may result in the following error for NT-Security-Descriptor attribute: "Cannot retrieve attribute value(s) from Active Directory. Possible reason: Insufficient access rights." To ignore this error, the NT-Security-Descriptor attribute can be excluded from the list of restored attributes - 293311
• Check Forest Health can get stuck on the second step - RMADFE-3041, 218559
• New recovery project, selecting a Backup display the adding time in the Backup Age column instead of backup age - 237971
• 'There is no PREFERRED_DNS value' error occurs, if no DNS server is found on installing Active Directory - RMADFE-2437, 242191
• Feature loss in Forest Edition: Cannot skip a backup for non-authoritative DCs in Sysvol recovery mode - 245551
• 'There is no PREFERRED_DNS value' error when a 'Select preferred DNS' agent operation did not return a result it causes product to halt and cannot be skipped or aborted - 253457
• Resume Forest Recovery show 'Password is incorrect' - 254788
• Installing Forest Recovery agent hangs if SMB shares are disabled - 285225

10.2 Hotfix 1 Resolved Issues:

• Installation of Quest personal certificates to the local certificate store failed. Receive error message to install Quest certificates later. This should not be required - 274643
• Computer Collection scheduled tasks removed after upgrade to 10.2 if gMSA used as the scheduled task account - 280854
• rmad.db3 file gets overwritten during an uninstall -> install of version 10.2 - 283069
• Cannot retain the uncheck "Global Catalog Servers" option in the Advanced tab of the Computer Collection properties window - 230397
• It will display 'Network access is denied' error in Win2016/2019 if specify account to restore GPO with "domain\username" format - 233623
• Cannot see some advanced objects in the object picker in Online Restore Wizard - 275027
• During upgrade a DBImport error occurs when antimalware status data exists. Caused by debug logging on by default - 274622
• GPO Comparison Report is not working - 278211

10.2 Resolved Issues:

• Security Vulnerability - Sensitive comments embedded within client-side code sent to an end user machine - RMADFE-3244, 218142
• Security Vulnerability - Runtime hardening (SEP, ASLR and other) - RMADFE-3248, 218146
• Full replication fails when a DC is selected for the option 'Unpack each backup upon its creation' in the master console - RMADFE-1858, 218500
• Storage agent settings are not applied on install - 219910
• No progress/wait indication after clicking 'OK' on the 'Add Console…' dialog - 224321
• Backup fails if the Domain Controllers OU has a AzureADKerberos computer object in it as part of Azure AD FIDO deployment - 227903
• Improve documentation with information on number of scheduled computer collections for optimal performance - 232614
• Access Violation in the ProcessRequest function and crashes service - 232682
• Remove mutual exclusion mechanism between replication process and restore process - RMADFE-1575, 237972
• Display correct backup info and support restore for Collections with containers (not DCs) - 240580
• Retriable VSS error causes undefined behavior in Backup Agent on retry - 241825
• Modify the configuration to remove collision problems with SHA1, moved to SHA256 - 253913
• Retention policy ignores collection and consider backups of all collections - 259645
• Email notification template contains invalid text and status message - 252659
• Verification email contains incorrect backup data - 252866
• Creating ADVL fails when unable to access VConverter error - 253382
• Wrong replication partner is selected in IFM recovery on second phase. IFM failed - 253681
• IFM script does not automatically reboot DC after installed AD DS tools. IFM failed - 253778
• Install AD method on second phase may fail with "Unable to connect to the replication source" - 225791
• IPSec isolation policy was not removed successfully when previous forest recovery is aborted and left dirt data - 237004
• IPSec isolation policy was not removed successfully during restore - 237049
• The "Reset computer account" operation fails when some other recovery operation failed and retried earlier - RMADFE-2659, 242197
• After upgrade from 10.1 to 10.1.1, the Verify Settings in Forest Recovery console send emails with some kind of strange status messages - 242679

10.3 Security Resolved Issues:

• Salting mechanism for forest recovery project and ADVL project password hashes - 412667
• Enforce password complexity on Forest Recovery project - 253917
• TLS 1.2 - Enforce in Hybrid Connect Service for communication to On Demand - 384624

10.2.1 Security Resolved Issues:

• Do not use SHA1 for key derivation function to generate hash for creation of AES-256 key for backup encryption