These release notes provide information about the Quest® Recovery Manager for Active Directory Disaster Recovery Edition release.
Recovery Manager for Active Directory Disaster Recovery Edition is designed to recover the entire Active Directory forest or specific domains in the forest.
The use of Recovery Manager for Active Directory Disaster Recovery Edition helps you minimize the downtime caused by the corruption or improper modification of Active Directory forest and data.
Recovery Manager for Active Directory Disaster Recovery Edition simplifies and automates the process of Active Directory forest or domain recovery: It automates the manual tasks involved in the recovery, remotely quarantines corrupt domain controllers, and restores domain controllers to speed up the overall recovery and restore business operation quickly.
Recovery Manager for Active Directory Disaster Recovery Edition is based on patented technology.
Recovery Manager for Active Directory Disaster Recovery Edition 10.0.1 is a maintenance release with new features and functionality. See New features.
New features and enhancements in Recovery Manager for Active Directory Disaster Recovery Edition 10.0.1:
|Support for Microsoft Windows Server 2019 |
This release can be installed on computers running Windows Server 2019, and domain controllers running Windows Server 2019 can be targets for backup and restore operations.
|Continuous recovery (Change Auditor integration) |
Recovery Manager for Active Directory restores a deleted object and the last change (if any) that was made to the object properties after the backup creation using data from the Change Auditor database.
|Support for restore of Group Policy Objects in non-trusted domains |
Domain access credentials can be explicitly specified in Group Policy Restore Wizard.
|Support for Azure Files as a backup storage |
Recovery Manager for Active Directory Disaster Recovery Edition can work with backups stored in the Azure Files share.
|Separate accounts to access the backup storage and the Backup agent |
Now a user can access backup storage share under specified account, which is not the same as an account used to access the backup agent.
|Install AD recovery method supports RODC |
Now the Install Active Directory recovery method supports promoting read-only domain controllers (RODC).
|Independent DC verification workflow |
Now verification of DC1 does not wait for verification of DC2.
|New verification step "Check if promoting paths are valid" for the 'Install Active Directory' and 'Install from Media' recovery methods |
On this step Recovery Manager for Active Directory Disaster Recovery Edition checks whether the specified 'DIT database path", "Log files path" and "SYSVOL path" are available.
|Configure as Global Catalog option for the Install from Media recovery method |
Now the Install from Media recovery method has the "Configure as Global Catalog" option.
|Checking the System State backup password |
Now the Verify Settings operation checks the System State backup password for the "second stage" scenario.
|NAT Settings for Bare Metal Recovery |
The "NAT settings" option lets you access recovered domain controllers that are located outside the network where Recovery Manager for Active Directory Disaster Recovery Edition is installed.
|Custom port for Forest Recovery Agent in Windows Recovery Environment |
Now you can connect to the FR agent in Windows Recovery Environment using a custom port.
|BMR project verification in a live environment |
BMR project settings can be verified in a live environment, without additional blank hosts.
|Creating Quest Recovery Media with third-party drivers |
Third-party drivers can be added to the Quest Recovery Media image using the new options in Forest Recovery Console. For details, see Custom Quest Recovery Media with Additional Drivers in User Guide.
|Including additional (non-critical) disks in a RMAD BMR backup |
We have added an option to include additional volumes to a BMR backup. For details, see the Including additional volumes in a BMR backup section in User Guide.
|UEFI boot mode on SCVMM |
Active Directory Virtual Lab: Support for source machines with the UEFI boot mode on System Center Virtual Machine Manager (SCVMM).
Table 1: General resolved issues
|Resolved Issue||Issue ID|
|Now the "Windows Server Backup" feature is installed automatically during the backup process if the feature is missing.||RMADFE-1874|
|Now Backup Agent retries to connect to the LDAP server if it is not functional during start of the backup creation process.||RMADFE-1954|
|RMAD console may hang during startup on Windows Server 2016 with some updates.||RMADFE-2006|
|Now log information about backup creation sessions is written to the text file specified on the Alerts tab of the collection properties.||RMADFE-2025|
|Recovery Manager Console could show misleading "agent is up to date" message when the version of Backup agent did not match the console version.||RMADFE-2054|
|Recovery Manager for Active Directory can open a DIT database as Read/Write from backups made on other versions of operating system.||RMADFE-2091|
|Now we show the warning during the backup session if the agent is not up to date.||RMADFE-2096|
|Now Recovery Manager Console starts with no MMC errors.||RMADFE-2097|
|Now the error is shown if an AD component is copied incompletely from the VSS snapshot.||RMADFE-2127|
|MSA/gMSA accounts now can be used for scheduled backups on localized Windows operating systems.||RMADFE-2145|
|Support for RMAD backup and restore operations for Windows Server 2019 domain controllers.||RMADFE-2168|
|Unable to uncheck two options on the Components tab of the collection properties: "When backing up Global Catalog servers, collect group membership information from all domains within the Active directory forest" and "Collect Forest recovery metadata".||RMADFE-2183|
|Support for RMAD backup and restore operations for Windows Server 2019 Core domain controllers.||RMADFE-2211|
|In some cases, a license violation warning may appear in Recovery Manager Console.||RMADFE-2249|
|Unable to change access credentials during the Agent-less Online Restore when the "Require trusted path for credential entry" policy is enabled.||RMADFE-2259|
|Unable to change access credentials during the Agent-based Online Restore when the "Require trusted path for credential entry" policy is enabled.||RMADFE-2306|
|Now 'Boot Files' and 'IIS Metabase' backup components are hided.||RMADFE-2343|
|Recovery Manager cannot process large .dit files.||RMADFE-2349|
|When specifying the port for the Offline Restore Agent on the Ports tab of the Recovery Manager Console Settings, Recovery Manager for Active Directory Disaster Recovery Edition still connects via a random port.||RMADFE-2289|
|Recovery Manager for Active Directory Disaster Recovery Edition does not restore some attributes in the hybrid configuration because of incorrect attribute matching.||RMADFE-2499|
|The Online Restore Wizard did not accept long paths to the Change Auditor database.||RMADFE-2567|
|Recovery Manager cannot backup a DC if SYSVOL is placed on a deduplicated volume.||RMADFE-2582|
Table 2: Forest Recovery Console and Forest Recovery Agent resolved issues
|Resolved Issue||Issue ID|
|Now the firewall service is not enabled on the Forest Recovery Agent start.||RMADFE-872|
|Now you can configure Recovery Media and Drivers locations in Forest Recovery Console using the following command: Set-RMADFEGlobalOptions -RecoveryMediaPath "mediaDir" -CustomDriversPath "driverDir" -Save.||RMADFE-1906|
|Third-party drivers from the source machine backup can be added to the WinRE image.||RMADFE-1914|
|In rare cases, the Verify settings could fail with the wrong error message "A conflict detected in the recovery project settings".||RMADFE-1898|
|"Insufficient configuration information" warning appeared prior to the BMR recovery. This happened because the version of operating system was not read from the backup.||RMADFE-1878|
|Now the forest recovery step "Reset computer account password" is performed in parallel for all domain controllers.||RMADFE-1926|
|The password was asked two times during creation of the FR Project from backup and registration of encrypted backup.||RMADFE-1983|
|Forest recovery could fail with the exception "ThereIsAnotherWorkingSessionException" if a user abort the forest recovery procedure, reopen Forest Recovery Console and then start the recovery session again.||RMADFE-1990|
|Bare Metal Recovery Console could show the "Waiting for connection from the Forest Recovery Console" message being already connected.||RMADFE-1978|
|Agent operations may fail on canceling timeout expiration.||RMADFE-2187|
|"Disk already detached" error may occur when creating and registering the BMR backup.||RMADFE-2007|
|BMR backup could not be completed on Windows Server 2008 R2 because of insufficient size of VHD container.||RMADFE-2008|
|Could not apply the changed System State backup password.||RMADFE-2010|
|Wrong DNS server might be selected during the forest recovery process (Install from Media recovery method).||RMADFE-2019|
|Could not create a backup on the restored machine in case of corrupted backup catalog.||RMADFE-2026|
|Now the "Restore DNS delegation" operation removes obsolete IP addresses.||RMADFE-2027|
|Now the Forest Health Check tool successfully performs "Active Directory replication" and "Domain trusts" checks.||RMADFE-2040|
|Now Recovery Manager for Active Directory Disaster Recovery Edition cleans up duplicated DNS server IP addresses during the forest recovery.||RMADFE-2048|
|If a user changes some settings after the failed restore operation and then restarts the restore operation, new settings will be applied successfully.||RMADFE-2056|
|Now the project verification successfully updates the project file settings.||RMADFE-2066|
|You may get an error when retrying to reboot Windows Recovery Environment to DSRM mode.||RMADFE-2073|
|Forest Recovery Agent tried to configure network adapter only once after reboot from WinRE to DSRM mode.||RMADFE-2074|
|We add an option that lets you specify the target IP address and port to connect to Recovery Environment.||RMADFE-2080|
|If you need to schedule FR project verification, click the drop-down toggle next to Verify Settings on the tool bar and select Schedule Verify Settings.||RMADFE-2084|
|Now the email notification that is generated during the "Scheduled Verify Settings" procedure contains more detailed information.||RMADFE-2085|
|Now the Manage FSMO Roles tool correctly determines current role owner.||RMADFE-2087|
|Recovery report could contain obsolete IP addresses after the Disaster recovery is completed.||RMADFE-2109|
|Bare Metal Recovery Console could show wrong IP address when it was manually changed.||RMADFE-2110|
|The "Unable to rename backup media file..." error occurred on attempt to create the BMR backup.||RMADFE-2118|
|Now the backup criteria is automatically applied to BMR backups.||RMADFE-2122|
|Bare Metal Recovery Console can automatically select a network adapter that is physically connected to the network.||RMADFE-2129|
|Bare Metal Recovery Console might crash on start up when there are several disconnected network adapters.||RMADFE-2150|
|Now Bare Metal Recovery Console shows correct subnet mask/gateway addresses for disconnected network adapters.||RMADFE-2151|
|Bare Metal Recovery Console could fail to configure the second network adapter with the "The object already exist" error in the log.||RMADFE-2152|
|Bare Metal Recovery Console could hang on quickly switching of network adapters.||RMADFE-2159|
|The BMR backup path field in the Forest Recovery Console contained some backup path in case of selection of multiple domain controllers. Now this field is empty.||RMADFE-2166|
|Invalid DNS server could be selected.||RMADFE-2175|
|Now the Manage FSMO Roles tool allows a user to seize or move FSMO roles to a running domain controller.||RMADFE-2179|
|Forest Recovery Console fails to send an e-mail notification after the project verification or recovery process has been completed with the following exception "Cannot compile template: RazorEngine.Templating.TemplateCompilationException: Unable to compile template."||RMADFE-2181|
|Cancel of agent operation may hang on canceling timeout expiration.||RMADFE-2187|
|The "Reset computer account password" operation could report successful result even if some DC passwords were not reset.||RMADFE-2206|
|Now the "Configure DNS server" operation is waiting for the DNS server to become available.||RMADFE-2208|
|Bare Metal Recovery Console might fail on the Initializing step with the error "Failed to wait for network to become available".||RMADFE-2237|
|Bare Metal Recovery Console might fail to initialize a network adapter for an unknown reason with the "Waiting for connection on 0.0.0.0..." message.||RMADFE-2277|
|Recovery Manager for Active Directory Disaster Recovery Edition cannot extract files from the BMR backup if the file path is too long (exceeds 260 characters) with the error "System cannot find the file specified".||RMADFE-2290|
|Now the Quest Recovery Media image file is recreated when the Forest Recovery Agent version has changed, for example, because of the installation of the product update.||RMADFE-2309|
|BMR recovery hangs on the 'Restart DC in DSRM mode' recovery step when DHCP is enabled on NIC cards.||RMADFE-2335|
|Bare Metal Recovery Console crashed on Windows Recovery Environment for Windows Server version 2008 R2 Build 7600.||RMADFE-2401|
|Forest Recovery may hang in some cases when BitLocker is enabled.||RMADFE-2420|
|The BMR backup process might fail with the "bad allocation" error.||RMADFE-2435|
|Blue Screen with the 0xc00002e2 error could occur after Bare Metal recovery and restore from the System State backup.||RMADFE-2495|
|The 'authoritative sysvol restore' flag is ignored during Bare Metal recovery.||RMADFE-2530|
|SYSVOL replication does not work on a domain controller that is restored by using the Bare Metal Active Directory Recovery method with the "Restore from System State Backup" option.||RMADFE-2533|
|Forest Recovery may hang at the "Restart domain controller in normal mode" step with the disabled network adapter.||RMADFE-2546|
|Forest Recovery using the "Install Active Directory" or "Install Active Directory from Media" method may fail with the error "Unable to check forest upgrade status" at the "Install Active Directory" step. To resolve this problem, the "Replicate FSMO role owners" step is added to the following recovery methods "Bare Metal Active Directory Recovery" and "Restore from backup".||RMADFE-2552|
|Cannot manually change NIC adapter settings from the Bare Metal Recovery Console.||RMADFE-2563|
|The recovery process may fail on the "Get information about computer from backup" step with the "Invalid IP address" error when static DNS is configured for the DHCP-enabled network adapter.||RMADFE-2641|
|Bare Metal Recovery Console cannot be upgraded from version 10.0.1 to version 10.0.1 HF1 due to the "improper version" error.||RMADFE-2652|
|RMAD Backup Agent should be able to collect Windows Server Backups if any third-party Anti-Spyware software is installed on the domain controller.||RMADFE-2653|
Table 3: Active Directory Virtual Lab resolved issues
|ADVL project could fail with the "Timeout expired" error.||RMADFE-2125|
|Now ADVL can work with VMWare agents deployed with self-signed certificates.||RMADFE-2227|
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Table 4: Forest Recovery Console and Forest Recovery Agent known issues
|Known Issue||Issue ID|
Unexpected behavior of the Forest Recovery Console when you update a recovery project created from a backup file: The "FSMO Roles" column in the right pane remains empty, although it should display information about FSMO roles of the DCs in the project.
WORKAROUND: Update the project: On the "Menu Bar", click Tools, and then click "Update Project with Changes in Active Directory".
Unexpected behavior in the Forest Recovery Console: When you group domain controllers by recovery method, some domain controllers may be included in the wrong group. This issue only occurs when you perform the following steps:
WORKAROUND: Change the grouping criteria for the domain controllers, and then again group the domain controllers by recovery method.
Unexpected behavior when you print out the Recovery Plan or Recovery Report: Your attempt to use the Portrait page orientation may have no effect, and the plan or report is printed out in the Landscape orientation.
WORKAROUND: This is a limitation in the Microsoft Report Viewer. Use the Landscape orientation since this is the orientation where everything fits.
Unexpected result of a forest recovery operation: Some member servers may erroneously appear as domain controllers in Active Directory. This issue may occur if the backups you used for the recovery were made before the computers in subject were demoted from domain controllers to member servers.
WORKAROUND 1: Run metadata cleanup to remove the unnecessary domain controllers from Active Directory.
WORKAROUND 2: Recover your forest by using more recent backups that correctly reflect the forest topology.
|SYSVOL may not work correctly if a domain controller that was selected for the authoritative SYSVOL restore cannot be restored.||RMADFE-1111|
|Recovery Manager for Active Directory Disaster Recovery Edition does not check version of Forest Recovery Agent inside the ISO image file.||RMADFE-2220|
|The start type of Windows Defender Firewall service cannot be restored in Windows Server 2019.||RMADFE-2228|
Table 5: Active Directory Virtual Lab known issues
|Known Issue||Issue ID|
Your attempt to install the SCVMM agent on a source computer by using the Active Directory Virtual Lab console may fail with the error "<ComputerName> has an unsupported version of the Virtual Machine Manager agent installed." This behavior may occur if a virtual machine was previously created from the source computer by using some other Microsoft SCVMM server, and the SCVMM agent remained on the source computer after that.
WORKAROUND: Uninstall the SCVMM agent, and then install the agent by using the Active Directory Virtual Lab console.
The Active Directory Virtual Lab console may erroneously state that the SCVMM agent is installed on a source computer added to the virtual test lab project, when in fact the agent is not installed. This behavior may occur if a virtual machine was previously created from the source computer by using some other Microsoft SCVMM server.
WORKAROUND: In the Active Directory Virtual Lab console, use the shortcut menu on the source computer to uninstall the SCVMM agent, and then install it back again.
The "Select preferred DNS server" recovery step may fail with the error "The process terminated unexpectedly." This issue only occurs on domain controllers that:
WORKAROUND: Retry last operation on the target domain controller.
Unexpected behavior: The Active Directory Virtual Lab may not automatically delete an unusable virtual machine whose creation has failed from the target virtual host.
WORKAROUND: Delete the virtual machine manually. To do so, you can use the native tools supplied with the third-party virtualization software with which you attempted to create the virtual machine.
When creating or opening a virtual lab project, you may encounter the error "Converter does not support agents of this version (<VersionNumber>)." This error shows up if any of the source computers in the virtual lab project have a VMware agent preinstalled and the agent version is earlier than the VMware vCenter Converter version you are using.
WORKAROUND: Update the VMware agent on the source computer to the latest version:
The verify settings operation does not check whether the target virtual host supports the number of CPUs specified in the virtual lab project settings. As a result, if the number of CPUs is not supported, the virtual lab creation may fail with the error "The destination you selected does not support <Number> CPUs."
WORKAROUND: Before creating your virtual lab, ensure that the target virtual host supports the number of CPUs you have specified in the virtual lab project.
Active Directory Virtual Lab on SCVMM 2012 R2 may fail on domain controllers running Windows Server 2008 R2 Core.
WORKAROUND: This issue arises due to lack of vssapi.dll and vsstrace.dll in the %SystemRoot%\SysWOW64 folder. You should copy these DLL files from a machine running Windows Server 2008 Standard Edition.
Table 6: Recovery Manager for Active Directory known issues
|Known Issue||Issue ID|
|Online Restore Wizard (agent-based restore) does not work on Windows Server 2019 with Local Security Authority (LSA) protection enabled.||RMADFE-2182|
|Online Restore Wizard (agent-based restore) does not work on Windows Server 2016 with Local Security Authority (LSA) protection and Secure Boot enabled.||RMADFE-1996|
|Cannot perform RMAD upgrade if the SQL Server Always On group is enabled for the reporting database.||RMADFE-1146|
You may encounter the following unexpected behavior on the Backup Data Preparation step of the Online Restore Wizard: The wizard may not respond to any user action while it is processing a backup.
WORKAROUND: Wait until the backup processing is finished.
When you select the "Backup Agent Management" node in the Recovery Manager Console, you may observe the following issue: The Recovery Manager Console stops responding, showing the status "Discovering Backup Agent instances, please wait".
WORKAROUND: Wait until the Backup Agent discovery completes.
Unexpected behavior on the Reporting Options step in the Online Restore Wizard: When you select the "Include ChangeAuditor data in reports" check box, select a ChangeAuditor database, and click Next, you may encounter the error "Unable to connect to the ChangeAuditor database: <database>. Details: Login failed for user '<current user>'."
This error shows up if the current user account does not have sufficient permissions to access the ChangeAuditor database. The expected behavior in the described situation is that the Online Restore Wizard should prompt you for credentials to access the ChangeAuditor database.
WORKAROUND: Run the Online Restore Wizard under an account that has sufficient permissions to access the target ChangeAuditor database.
You may encounter the following unexpected behavior while using the "Backup Agent Management" view in the Recovery Manager Console to view a list of Backup Agents: The list of Backup Agents may be incomplete. The cause of this behavior is that when you apply a filter on one or more columns in the "Backup Agent Management" view, there is no indication that the filter is applied.
WORKAROUND: Check to see if a filter is applied on any columns in the "Backup Agent Management" view. Remove the filter if necessary.
A compare operation performed in the Online Restore Wizard may take a significant time to complete (30+ minutes). Also, the compare operation may consume a significant amount of RAM. This issue only occurs if the number of objects being compared is 100,000+.
WORKAROUND: Wait for the compare operation to complete.
The Online Restore Wizard cannot find an object if the object name contains 1-9 digits when searching by the full object name, but can find it by the common mask, for example: 'u01' object can be found by 'u' and cannot by 'u01'.
This issue may arise if the operating system version of a domain controller is greater or different from the RMAD Console machine operating system.
WORKAROUND: Copy the esent.dll file from the domain controller where the backup was created to the product installation folder on the Recovery Manager Console machine.
You may receive the "ASR Error: Fail to exclude disk#1" error when performing the Backup or Restore operation on Windows Server 2008/2008R2-based domain controller.
WORKAROUND: This error can be safely ignored because it does not affect the backup or restore process.
After the upgrade on the network isolated machine, the Recovery Manager Console is loaded too slowly.
WORKAROUND: Uncheck the Check for publisher's certificate revocation option on the Advanced tab in the Internet Option dialog in Microsoft Internet Explorer.
Pre-installed Backup Agent can be upgraded during the backup creation.
WORKAROUND: Do not upgrade Backup Agent if the backup operation is not finished.
|When a user cancels the data replication process by Ctrl + C, by logoff, etc, the status of the replication session is stuck at "Running".||RMADFE-1271|
|Customer can add a few instances of the same RMAD console (by domain name and by IP).||RMADFE-1276|
Cannot disable replication schedule when there is no replication console (the replication console was deleted).
Group Policy restore might fail with the error "Network access is denied” if you run the RMAD console under a local account, and this account has the same username and password as the domain account you use to restore Group Policy in the domain.
Table 7: Recovery Manager Portal known issues
|Known Issue||Issue ID|
Unexpected behavior when you use the Recovery Manager Portal to delegate restore or undelete permissions to a user or group that is not assigned any role in the Recovery Manager Portal: The delegation operation completes successfully. The expected behavior in this situation is that the Recovery Manager Portal should not allow you to delegate permissions to a user or group that has not been assigned any role in the portal.
WORKAROUND: Before delegating restore or undelete permissions, ensure that the target user or group is assigned the appropriate role in the Recovery Manager Portal. For more information about assigning roles to portal users, see the "Using Recovery Manager Portal" chapter in the User Guide.
The Recovery Manager Portal fails to show the result of a restore or undelete operation if while the restore or undelete is still running you switch to some other tab, and then return to the Recovery tab.
To ensure that all objects have been successfully restored or undeleted:
When selecting a backup the Recovery Manager Portal, you may encounter the error "No backup found for the last backup session." This issue occurs if the backup is located on the domain controller and in the Recovery Manager Console its storage location is specified using a UNC path.
WORKAROUND: Select a backup stored locally on the Recovery Manager for Active Directory computer.
Cannot access the Recovery Manager Portal if the portal is installed in the child domain.
WORKAROUND: In the portal settings file C:\Program Files (x86)\Quest\Recovery Manager Portal\Enterprise.Portal.Console\bin\EnterprisePortalSettings.xml <add key="SimulateLogonForWebDelegation" value="false" /> (default = true)