These release notes provide information about the Quest® Recovery Manager for Active Directory Forest Edition release.
Recovery Manager for Active Directory Forest Edition is designed to recover the entire Active Directory forest or specific domains in the forest.
The use of Recovery Manager for Active Directory Forest Edition helps you minimize the downtime caused by the corruption or improper modification of Active Directory forest and data.
Recovery Manager for Active Directory Forest Edition simplifies and automates the process of Active Directory forest or domain recovery: It automates the manual tasks involved in the recovery, remotely quarantines corrupt domain controllers, and restores domain controllers to speed up the overall recovery and restore business operation quickly.
Recovery Manager for Active Directory Forest Edition is based on patented technology.
Recovery Manager for Active Directory Forest Edition 10.0.1 is a maintenance release with new features and functionality. See New features.
New features and enhancements in Recovery Manager for Active Directory Forest Edition 10.0.1:
|Support for Microsoft Windows Server 2019 |
This release can be installed on computers running Windows Server 2019, and domain controllers running Windows Server 2019 can be targets for backup and restore operations.
|Continuous recovery (Change Auditor integration) |
Recovery Manager for Active Directory restores a deleted object and the last change (if any) that was made to the object properties after the backup creation using data from the Change Auditor database.
|Support for restore of Group Policy Objects in non-trusted domains |
Domain access credentials can be explicitly specified in Group Policy Restore Wizard.
|Support for Azure Files as a backup storage |
Recovery Manager for Active Directory Forest Edition can work with backups stored in the Azure Files share.
|Separate accounts to access the backup storage and the Backup agent |
Now a user can access backup storage share under specified account, which is not the same as an account used to access the backup agent.
|Install AD recovery method supports RODC |
Now the Install Active Directory recovery method supports promoting read-only domain controllers (RODC).
|Independent DC verification workflow |
Now verification of DC1 does not wait for verification of DC2.
|New verification step "Check if promoting paths are valid" for the 'Install Active Directory' and 'Install from Media' recovery methods |
On this step Recovery Manager for Active Directory Forest Edition checks whether the specified 'DIT database path", "Log files path" and "SYSVOL path" are available.
|Configure as Global Catalog option for the Install from Media recovery method |
Now the Install from Media recovery method has the "Configure as Global Catalog" option.
|UEFI boot mode on SCVMM |
Active Directory Virtual Lab: Support for source machines with the UEFI boot mode on System Center Virtual Machine Manager (SCVMM).
Table 1: General resolved issues
|Resolved Issue||Issue ID|
|Now Backup Agent retries to connect to the LDAP server if it is not functional during start of the backup creation process.||RMADFE-1954|
|RMAD console may hang during startup on Windows Server 2016 with some updates.||RMADFE-2006|
|Now log information about backup creation sessions is written to the text file specified on the Alerts tab of the collection properties.||RMADFE-2025|
|Recovery Manager Console could show misleading "agent is up to date" message when the version of Backup agent did not match the console version.||RMADFE-2054|
|Recovery Manager for Active Directory can open a DIT database as Read/Write from backups made on other versions of operating system.||RMADFE-2091|
|Now we show the warning during the backup session if the agent is not up to date.||RMADFE-2096|
|Now Recovery Manager Console starts with no MMC errors.||RMADFE-2097|
|Now the error is shown if an AD component is copied incompletely from the VSS snapshot.||RMADFE-2127|
|MSA/gMSA accounts now can be used for scheduled backups on localized Windows operating systems.||RMADFE-2145|
|Support for RMAD backup and restore operations for Windows Server 2019 domain controllers.||RMADFE-2168|
|Unable to uncheck two options on the Components tab of the collection properties: "When backing up Global Catalog servers, collect group membership information from all domains within the Active directory forest" and "Collect Forest recovery metadata".||RMADFE-2183|
|Support for RMAD backup and restore operations for Windows Server 2019 Core domain controllers.||RMADFE-2211|
|In some cases, a license violation warning may appear in Recovery Manager Console.||RMADFE-2249|
|Unable to change access credentials during the Agent-less Online Restore when the "Require trusted path for credential entry" policy is enabled.||RMADFE-2259|
|Unable to change access credentials during the Agent-based Online Restore when the "Require trusted path for credential entry" policy is enabled.||RMADFE-2306|
|Now 'Boot Files' and 'IIS Metabase' backup components are hided.||RMADFE-2343|
|Recovery Manager cannot process large .dit files.||RMADFE-2349|
|When specifying the port for the Offline Restore Agent on the Ports tab of the Recovery Manager Console Settings, Recovery Manager for Active Directory Forest Edition still connects via a random port.||RMADFE-2289|
|Recovery Manager for Active Directory Forest Edition does not restore some attributes in the hybrid configuration because of incorrect attribute matching.||RMADFE-2499|
|The Online Restore Wizard did not accept long paths to the Change Auditor database.||RMADFE-2567|
|Recovery Manager cannot backup a DC if SYSVOL is placed on a deduplicated volume.||RMADFE-2582|
Table 2: Forest Recovery Console and Forest Recovery Agent resolved issues
|Resolved Issue||Issue ID|
|Now the firewall service is not enabled on the Forest Recovery Agent start.||RMADFE-872|
|Now the forest recovery step "Reset computer account password" is performed in parallel for all domain controllers.||RMADFE-1926|
|The password was asked two times during creation of the FR Project from backup and registration of encrypted backup.||RMADFE-1983|
|Forest recovery could fail with the exception "ThereIsAnotherWorkingSessionException" if a user abort the forest recovery procedure, reopen Forest Recovery Console and then start the recovery session again.||RMADFE-1990|
|Agent operations may fail on canceling timeout expiration.||RMADFE-2187|
|Wrong DNS server might be selected during the forest recovery process (Install from Media recovery method).||RMADFE-2019|
|Now the Forest Health Check tool successfully performs "Active Directory replication" and "Domain trusts" checks.||RMADFE-2040|
|Now Recovery Manager for Active Directory Forest Edition cleans up duplicated DNS server IP addresses during the forest recovery.||RMADFE-2048|
|If a user changes some settings after the failed restore operation and then restarts the restore operation, new settings will be applied successfully.||RMADFE-2056|
|Now the project verification successfully updates the project file settings.||RMADFE-2066|
|If you need to schedule FR project verification, click the drop-down toggle next to Verify Settings on the tool bar and select Schedule Verify Settings.||RMADFE-2084|
|Now the email notification that is generated during the "Scheduled Verify Settings" procedure contains more detailed information.||RMADFE-2085|
|Now the Manage FSMO Roles tool correctly determines current role owner.||RMADFE-2087|
|Invalid DNS server could be selected.||RMADFE-2175|
|Now the Manage FSMO Roles tool allows a user to seize or move FSMO roles to a running domain controller.||RMADFE-2179|
|Forest Recovery Console fails to send an e-mail notification after the project verification or recovery process has been completed with the following exception "Cannot compile template: RazorEngine.Templating.TemplateCompilationException: Unable to compile template."||RMADFE-2181|
|Cancel of agent operation may hang on canceling timeout expiration.||RMADFE-2187|
|The "Reset computer account password" operation could report successful result even if some DC passwords were not reset.||RMADFE-2206|
|Now the "Configure DNS server" operation is waiting for the DNS server to become available.||RMADFE-2208|
|Forest Recovery may hang in some cases when BitLocker is enabled.||RMADFE-2420|
|Forest Recovery using the "Install Active Directory" or "Install Active Directory from Media" method may fail with the error "Unable to check forest upgrade status" at the "Install Active Directory" step. To resolve this problem, the "Replicate FSMO role owners" step is added to the following recovery methods "Bare Metal Active Directory Recovery" and "Restore from backup".||RMADFE-2552|
Table 3: Active Directory Virtual Lab resolved issues
|ADVL project could fail with the "Timeout expired" error.||RMADFE-2125|
|Now ADVL can work with VMWare agents deployed with self-signed certificates.||RMADFE-2227|
The following is a list of issues, including those attributed to third-party products, known to exist at the time of release.
Table 4: Forest Recovery Console and Forest Recovery Agent known issues
|Known Issue||Issue ID|
Unexpected behavior of the Forest Recovery Console when you update a recovery project created from a backup file: The "FSMO Roles" column in the right pane remains empty, although it should display information about FSMO roles of the DCs in the project.
WORKAROUND: Update the project: On the "Menu Bar", click Tools, and then click "Update Project with Changes in Active Directory".
Unexpected behavior in the Forest Recovery Console: When you group domain controllers by recovery method, some domain controllers may be included in the wrong group. This issue only occurs when you perform the following steps:
WORKAROUND: Change the grouping criteria for the domain controllers, and then again group the domain controllers by recovery method.
Unexpected behavior when you print out the Recovery Plan or Recovery Report: Your attempt to use the Portrait page orientation may have no effect, and the plan or report is printed out in the Landscape orientation.
WORKAROUND: This is a limitation in the Microsoft Report Viewer. Use the Landscape orientation since this is the orientation where everything fits.
Unexpected result of a forest recovery operation: Some member servers may erroneously appear as domain controllers in Active Directory. This issue may occur if the backups you used for the recovery were made before the computers in subject were demoted from domain controllers to member servers.
WORKAROUND 1: Run metadata cleanup to remove the unnecessary domain controllers from Active Directory.
WORKAROUND 2: Recover your forest by using more recent backups that correctly reflect the forest topology.
|SYSVOL may not work correctly if a domain controller that was selected for the authoritative SYSVOL restore cannot be restored.||RMADFE-1111|
|Recovery Manager for Active Directory Forest Edition does not check version of Forest Recovery Agent inside the ISO image file.||RMADFE-2220|
|The start type of Windows Defender Firewall service cannot be restored in Windows Server 2019.||RMADFE-2228|
Table 5: Active Directory Virtual Lab known issues
|Known Issue||Issue ID|
Your attempt to install the SCVMM agent on a source computer by using the Active Directory Virtual Lab console may fail with the error "<ComputerName> has an unsupported version of the Virtual Machine Manager agent installed." This behavior may occur if a virtual machine was previously created from the source computer by using some other Microsoft SCVMM server, and the SCVMM agent remained on the source computer after that.
WORKAROUND: Uninstall the SCVMM agent, and then install the agent by using the Active Directory Virtual Lab console.
The Active Directory Virtual Lab console may erroneously state that the SCVMM agent is installed on a source computer added to the virtual test lab project, when in fact the agent is not installed. This behavior may occur if a virtual machine was previously created from the source computer by using some other Microsoft SCVMM server.
WORKAROUND: In the Active Directory Virtual Lab console, use the shortcut menu on the source computer to uninstall the SCVMM agent, and then install it back again.
The "Select preferred DNS server" recovery step may fail with the error "The process terminated unexpectedly." This issue only occurs on domain controllers that:
WORKAROUND: Retry last operation on the target domain controller.
Unexpected behavior: The Active Directory Virtual Lab may not automatically delete an unusable virtual machine whose creation has failed from the target virtual host.
WORKAROUND: Delete the virtual machine manually. To do so, you can use the native tools supplied with the third-party virtualization software with which you attempted to create the virtual machine.
When creating or opening a virtual lab project, you may encounter the error "Converter does not support agents of this version (<VersionNumber>)." This error shows up if any of the source computers in the virtual lab project have a VMware agent preinstalled and the agent version is earlier than the VMware vCenter Converter version you are using.
WORKAROUND: Update the VMware agent on the source computer to the latest version:
The verify settings operation does not check whether the target virtual host supports the number of CPUs specified in the virtual lab project settings. As a result, if the number of CPUs is not supported, the virtual lab creation may fail with the error "The destination you selected does not support <Number> CPUs."
WORKAROUND: Before creating your virtual lab, ensure that the target virtual host supports the number of CPUs you have specified in the virtual lab project.
Active Directory Virtual Lab on SCVMM 2012 R2 may fail on domain controllers running Windows Server 2008 R2 Core.
WORKAROUND: This issue arises due to lack of vssapi.dll and vsstrace.dll in the %SystemRoot%\SysWOW64 folder. You should copy these DLL files from a machine running Windows Server 2008 Standard Edition.
Table 6: Recovery Manager for Active Directory known issues
|Known Issue||Issue ID|
|Online Restore Wizard (agent-based restore) does not work on Windows Server 2019 with Local Security Authority (LSA) protection enabled.||RMADFE-2182|
|Online Restore Wizard (agent-based restore) does not work on Windows Server 2016 with Local Security Authority (LSA) protection and Secure Boot enabled.||RMADFE-1996|
|Cannot perform RMAD upgrade if the SQL Server Always On group is enabled for the reporting database.||RMADFE-1146|
You may encounter the following unexpected behavior on the Backup Data Preparation step of the Online Restore Wizard: The wizard may not respond to any user action while it is processing a backup.
WORKAROUND: Wait until the backup processing is finished.
When you select the "Backup Agent Management" node in the Recovery Manager Console, you may observe the following issue: The Recovery Manager Console stops responding, showing the status "Discovering Backup Agent instances, please wait".
WORKAROUND: Wait until the Backup Agent discovery completes.
Unexpected behavior on the Reporting Options step in the Online Restore Wizard: When you select the "Include ChangeAuditor data in reports" check box, select a ChangeAuditor database, and click Next, you may encounter the error "Unable to connect to the ChangeAuditor database: <database>. Details: Login failed for user '<current user>'."
This error shows up if the current user account does not have sufficient permissions to access the ChangeAuditor database. The expected behavior in the described situation is that the Online Restore Wizard should prompt you for credentials to access the ChangeAuditor database.
WORKAROUND: Run the Online Restore Wizard under an account that has sufficient permissions to access the target ChangeAuditor database.
You may encounter the following unexpected behavior while using the "Backup Agent Management" view in the Recovery Manager Console to view a list of Backup Agents: The list of Backup Agents may be incomplete. The cause of this behavior is that when you apply a filter on one or more columns in the "Backup Agent Management" view, there is no indication that the filter is applied.
WORKAROUND: Check to see if a filter is applied on any columns in the "Backup Agent Management" view. Remove the filter if necessary.
A compare operation performed in the Online Restore Wizard may take a significant time to complete (30+ minutes). Also, the compare operation may consume a significant amount of RAM. This issue only occurs if the number of objects being compared is 100,000+.
WORKAROUND: Wait for the compare operation to complete.
The Online Restore Wizard cannot find an object if the object name contains 1-9 digits when searching by the full object name, but can find it by the common mask, for example: 'u01' object can be found by 'u' and cannot by 'u01'.
This issue may arise if the operating system version of a domain controller is greater or different from the RMAD Console machine operating system.
WORKAROUND: Copy the esent.dll file from the domain controller where the backup was created to the product installation folder on the Recovery Manager Console machine.
You may receive the "ASR Error: Fail to exclude disk#1" error when performing the Backup or Restore operation on Windows Server 2008/2008R2-based domain controller.
WORKAROUND: This error can be safely ignored because it does not affect the backup or restore process.
After the upgrade on the network isolated machine, the Recovery Manager Console is loaded too slowly.
WORKAROUND: Uncheck the Check for publisher's certificate revocation option on the Advanced tab in the Internet Option dialog in Microsoft Internet Explorer.
Pre-installed Backup Agent can be upgraded during the backup creation.
WORKAROUND: Do not upgrade Backup Agent if the backup operation is not finished.
|When a user cancels the data replication process by Ctrl + C, by logoff, etc, the status of the replication session is stuck at "Running".||RMADFE-1271|
|Customer can add a few instances of the same RMAD console (by domain name and by IP).||RMADFE-1276|
Cannot disable replication schedule when there is no replication console (the replication console was deleted).
Group Policy restore might fail with the error "Network access is denied” if you run the RMAD console under a local account, and this account has the same username and password as the domain account you use to restore Group Policy in the domain.
Table 7: Recovery Manager Portal known issues
|Known Issue||Issue ID|
Unexpected behavior when you use the Recovery Manager Portal to delegate restore or undelete permissions to a user or group that is not assigned any role in the Recovery Manager Portal: The delegation operation completes successfully. The expected behavior in this situation is that the Recovery Manager Portal should not allow you to delegate permissions to a user or group that has not been assigned any role in the portal.
WORKAROUND: Before delegating restore or undelete permissions, ensure that the target user or group is assigned the appropriate role in the Recovery Manager Portal. For more information about assigning roles to portal users, see the "Using Recovery Manager Portal" chapter in the User Guide.
The Recovery Manager Portal fails to show the result of a restore or undelete operation if while the restore or undelete is still running you switch to some other tab, and then return to the Recovery tab.
To ensure that all objects have been successfully restored or undeleted:
When selecting a backup the Recovery Manager Portal, you may encounter the error "No backup found for the last backup session." This issue occurs if the backup is located on the domain controller and in the Recovery Manager Console its storage location is specified using a UNC path.
WORKAROUND: Select a backup stored locally on the Recovery Manager for Active Directory computer.
Cannot access the Recovery Manager Portal if the portal is installed in the child domain.
WORKAROUND: In the portal settings file C:\Program Files (x86)\Quest\Recovery Manager Portal\Enterprise.Portal.Console\bin\EnterprisePortalSettings.xml <add key="SimulateLogonForWebDelegation" value="false" /> (default = true)