Windows server 2012 ошибка 2089

Страницы

Промо

Комментарии

Поиск по сайту

Статистика

Мета

Event ID 2089 — Backups

Updated: November 25, 2009

Applies To: Windows Server 2008

You should back up the directory database on a domain controller routinely so that if hardware fails or data becomes corrupt, you can quickly recover the information in the database.

Event Details

Resolve
Ensure that backups are taken more frequently than the backup latency interval

You should ensure that the Active Directory database is backed up more frequently than the interval that is set for the tombstone lifetime of your forest. If you are using a non-Microsoft backup solution and you confirm that the backup interval is more frequent than the tombstone lifetime, you may want to contact the vendor of the backup solution so that they can register their backups in Active Directory Domani Services (AD DS), as recommended.

You can use Windows Server Backup or a non-Microsoft program to back up system state on a domain controller. If you plan to use a non-Microsoft program, check the software vendor’s instructions for completing and verifying the system state backup. For more information, see Steps for Backing Up and Recovering AD DS (http://go.microsoft.com/fwlink/?LinkId=151349).

The following procedures guide you through the process of installing Windows Server Backup and creating a manual backup from the command line. You may want to consider scheduling backups with the Task Scheduler application. For more information, see Task Scheduler How To (http://go.microsoft.com/fwlink/?LinkId=151352).

Membership in Builtin Administrators or Backup Operators, or equivalent, is the minimum required to complete these procedures. In addition, you must have write access to the target backup location. Review details about default group memberships at http://go.microsoft.com/fwlink/?LinkID=150761.

To install Windows Server Backup:

1. Click Start, click Administrative Programs, and then click Server Manager. Right-click Features, and then click Add Features.
2. Expand Windows Server Backup Features, and then click Windows Server Backup. As an option, you can click Command-line Tools. Click Next. 
3. Click Install. After the installation is complete, click Close.

For additional options for installing Windows Server Backup, see Active Directory Backup and Restore in Windows Server 2008 (http://go.microsoft.com/fwlink/?LinkID=149696).

To perform a manual system state backup of a domain controller from a command prompt:

1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested) and confirm that the action it displays is what you want, and then click Continue.
2. At the command prompt, type the following command, and then press ENTER: wbadmin start systemstatebackup -backuptarget:<drive>: -quiet. Substitute the actual drive letter or volume to which you want to send the backup for <drive>. If you do not specify the -quiet parameter, you are prompted to press Y to proceed with the backup operation. The target volume for a system state backup can be a local drive, but it cannot be any of the volumes that are included in the backup by default.

Note: To store the system state backup on a volume that is included in the backup, you must add the AllowSSBToAnyVolume registry entry to the server that you are backing up. There are also some prerequisites for storing system state backup on a volume that is included in the backup. For more information, see Known Issues for AD DS Backup and Recovery (http://go.microsoft.com/fwlink/?LinkID=117940).

For more information, see Create Backups of the System State Using a Command Line (http://go.microsoft.com/fwlink/?LinkID=151353).

Verify

Ensure that the domain controller is configured to back up the directory database within a time interval that is more frequent than the tombstone lifetime for the forest. However, if the forest functional level is raised to Windows Server 2008 R2 and the Active Directory Recycle Bin feature is enabled, backups should occur more frequently than the lesser of the values that are set for the tombstoneLifetime and msDS-deletedObjectLifetime attributes).

Note: If no value is set for msDS-deletedObjectLifetime, the value that is set for the tombstoneLifetime is used.

Membership in Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about default group memberships at http://go.microsoft.com/fwlink/?LinkID=150761.

Check the value for the backup latency interval threshold

The default time period of the backup latency interval is half the tombstone lifetime value, when the Active Directory Recycle Bin feature is not enabled. The default tombstone lifetime is 60 or 180 days, depending on the domain controller operating system version that was used to create the forest. For more information, see Determine the Tombstone Lifetime for the Forest (http://go.microsoft.com/fwlink/?LinkID=137177). If the Active Directory Recycle Bin is enabled, the backup latency interval becomes half the lesser of the values of tombstoneLifetime and msDS-deletedObjectLifetime.

Note: After the Active Directory Recycle Bin feature is enabled, it cannot be disabled.

To check the value of the backup latency interval:

1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.
2. At the command prompt, type regedit, and then press ENTER.
3. In the Registry Editor, navigate to the following registry location: HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters
4. In the details pane, determine whether there is a Backup Latency Threshold (days) value. If there is a value, note the value that is configured here.
5. To check the value of the tombstone lifetime, at a command prompt, type the following command, and then press ENTER: dsquery * “cn=Directory Service, cn=Windows NT,cn=Services,Cn=Configuration,dc=<forestDN>” –scope base –attr tombstonelifetime. Substitute the actual forest distinguished name for <forestDN>. For example, if your forest name is corp.cpandl.com, the forest distinguished name is dc=corp,dc=cpandl,dc=com. The word attribute tombstonelifetime is returned, along with the value for which it is set. Divide the value by two to determine the default backup latency interval, which is in effect if there is no backup latency threshold (days) value defined.
6. If the Active Directory Recycle Bin optional feature is enabled, you can check the value of the msDS-deletedObjectLifetime attribute by running the following command: dsquery * “cn=Directory Service, cn=Windows NT,cn=Services,Cn=Configuration,dc=<forestDN>” –scope base –attr msDS-deletedObjectLifetime
7. As in the previous step, substitute the actual forest distinguished name for <forestDN>. If no value is shown for msDS-deletedObjectLifetime, its value is equal to the value of tombstoneLifetime.

For more information about the Active Directory Recycle Bin and its relationship to the useful backup lifetime, see Scenario Overview for Restoring Deleted Active Directory Objects (http://go.microsoft.com/fwlink/?LinkID=148279).

Check when a backup was last taken

To check when the last backup was registered in AD DS:

1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested) and confirm that the action it displays is what you want, and then click Continue.
2. At the command prompt, type repadmin /showbackup, and then press ENTER. Review the Org.Time/Date column to see when the most recent backup of the Active Directory database was made. This is the value that you use to determine whether your last backup is too old (as defined in the backup latency interval).

If you use a non-Microsoft backup solution and you know that backups were taken more recently than the date that you just retrieved, you may want to contact the vendor of the backup solution so that they can register their backups in AD DS as recommended. If the date you retrieved is older than the tombstone lifetime, it is critical that you take a backup of your Active Directory environment.

Test your system state backups to ensure that they are good

To ensure that the backups you are creating are good, restore them to a test location. For complete information about restoring system state backups from the command line, see Recover the System State Using a Command Line (http://technet.microsoft.com/en-us/library/cc753789.aspx). The following procedure is a simple restore of the system state backup to an alternate location. You can restore the files to any alternate location, but we recommend that you use a volume that is physically secure and that can be formatted after the procedure.

Membership in Backup Operators, or equivalent, is the minimum required to complete this procedure. Review details about default group memberships at http://go.microsoft.com/fwlink/?LinkID=150761.

To restore a system state backup to an alternate test location:

1. Open a command prompt as an administrator. To open a command prompt as an administrator, click Start. In Start Search, type Command Prompt. At the top of the Start menu, right-click Command Prompt, and then click Run as administrator. If the User Account Control dialog box appears, enter the appropriate credentials (if requested) and confirm that the action it displays is what you want, and then click Continue.
2. At the command prompt, type wbadmin get versions, and then press ENTER. 
3. Identify the name of the backup file that you want to verify.
4. At the command prompt, type the following command, and then press ENTER: wbadmin start systemstaterecovery –verson:<verID> -recoveryTarget:<Tgt>
5. Substitute the actual version identifier for <verID>, and replace <Tgt> with the drive or volume location to which you want to restore the system state backup so that you can check that the data is good. For example, to restore a backup with version identifier 03/19/2009-04:02 to the C:BackupCheck folder, run the following command: wbadmin start systemstaterecovery -verson:03/19/2009-04:02 -recoveryTarget:B:Backups -quiet
6. The command output displays the success of the recovery operation as it happens. A success message should appear, as well as the location of the log file of the restore process. You can use Notepad or a similar text editor to review the log.
7. You can also navigate the structure of the restored files to ensure that critical items have been restored. For example, you can verify that the NTDS.DIT file that is located in the WindowsNTDS folder by default has been restored to the alternate location.

Related Management Information

Backups

Active Directory

• Remove From My Forums

• Question

• Hi Folks;

  I started seeing this error on my DC’s after testing out Veem VM backup software. Prior to installing that software this event id entry never appeared.

  It seems that the Veem software ‘turned on’ monitoring of the directory partition and whether it has been backed up.

  The error is occurring on Windows 2008 R2 domain controllers.

  I’m not interested in discussing backup strategies or how to adjust the time frame that these event ID’s show up…. or how to use Windows Backup to address the issue.

  What I would like to know is how to turn off this monitoring
  as it was before VEEM was installed. Does anyone know how to do this?

  ---

  Q: Marking a question as answered when it’s not — is this something new? A: Not at all, it’s standard Nick Gu!

• Друзья
• Карта сайта
• О сайте

На основном контроллере домена (PDC) с недавних пор начало появляться сообщение — «Ошибка 2089 — Этот раздел каталога не архивировался по крайней мере указанное количество дней». Чёрти что. Всё работает нормально, но сообщение смущает. Не нормально ведь.

Тип: Предупреждение
Источник: NTDS Replication
Категория: Архивация данных
Код (ID): 2089
Дата: 9.12.2005
Время: 19:05:24
Пользователь: NT AUTHORITYАНОНИМНЫЙ ВХОД
Компьютер: Svtorcm
Описание: Этот раздел каталога не архивировался по крайней мере указанное количество дней.
Раздел каталога: DC=local
Интервал задержки архивации (дней): 30
Рекомендуется создавать архивную копию как можно чаще, чтобы обеспечить возможность восстановления в случае аварийной потери данных. Однако в том случае, если архивная копия не создавалась в течение указанного как «интервал задержки архивации» количества дней, это сообщение будет записываться в журнал каждый день до тех пор, пока не будет создана архивная копия. Можно сделать архивную копию любой реплики, содержащей этот раздел.
По умолчанию интервал задержки архивации устанавливается равным половине интервала времени жизни захоронения. Чтобы изменить интервал задержки архивации, можно добавить следующий раздел реестра.
Раздел реестра для интервала задержки архивации:
SystemCurrentControlSetServicesNTDSParametersBackup Latency Threshold (days)

Уже где то дней 15 выскакивает это сообщение с периодичностью в 24 часа. Причем выскакивает еще шесть сообщений которые отличаются между собой только параметром в описании:

1.Раздел каталога: DC=local
2.Раздел каталога: CN=Configuration,DC=local
3.Раздел каталога: CN=Schema,CN=Configuration,DC=local
3.Раздел каталога: DC=DomainDnsZones,DC=local
4.Раздел каталога: DC=ForestDnsZones,DC=local
5.Раздел каталога: DC=TAPI3Directory,DC=local

Для того чтобы в Windows Server 2003 избежать ошибки — необходимо воспользоваться стандартной утилитой ntbackup.exe (Архивация данных) и не реже чем 1 раз в 90 дней делать резервную копию SystemState — можно в ручную, можно по расписанию.

Как это сделать расскажу дальше.

«Пуск — Выполнить — ntbackup».

Запускаем в режиме мастера.

Открылось окно выбора действий.

Архивируем файлы и параметры.

Выбираем объекты, которые будем архивировать. В нашем случае это SystemState, со всем его содержимым.

Выбираем размещение и имя архива. И жмём Далее.

Поехали.

После того как бекап будет сделан, предупреждения перестанут появляться. Рекомендую добавить это задание в планировщик.

• Админ
• RSS записей
• RSS комментариев

Solution 1

I have to agree with Helvick. Maybe you (or someone else, someone before you) had one of them doing a System State backup and then you removed the server. Even if it dumped it to a local file on itself and overwrote the file once a month, Windows would still think it’s been backed up and not show this message. The only criteria is that a System State backup be made at least once a month by default. Everything you say leads me to believe that’s the case, but I am curious by what you mean by they were being backed up wrongly? You seem to say that you did have some backup mechanism in place, it just wasn’t very good. That makes me think that a backup was being made. A poorly made backup is still a backup.

http://support.microsoft.com/kb/914034

Solution 2

Since this is based on a replicated AD attribute (the DSA Signature) this seems to indicate that you had a regular backup procedure that regularly backed up at least one of the now decommissioned servers within the 30 day default period but you no longer have a regular full system state backup on any of your remaining servers (or if you do it is failing for some reason). Now that you’ve removed those servers the attribute is not being reset regularly, hence the event is firing.

This Symantec error report outlines a possible cause that could apply to any backup utility, which is basically permissions related.

Related videos on Youtube

Related