V-290-706: Backup Exec Simplified Disaster Recovery (SDR) wizard is unable to connect to media server when attempting to perform recovery using remote Backup Exec server.
Problem
Backup Exec Simplified Disaster Recovery (SDR) wizard is unable to connect to a media server when attempting to perform a remote recovery using a remote Backup Exec media server.
Error Message
"This Backup Exec server has not run any Simplified Disaster Recovery backups."
This error occurs if there are no SDR enabled sets available in the media server. However, the error may also occur if SDR enabled backup sets are available but the SDR wizard fails to connect to the Backup Exec Media server through SDR recovery wizard and presents the error noted above.
Cause
This can be caused when the LAN Manager Authentication level in a Global or local Group Policy is set to any of the following values:
- Send NTLMv2 responses only
- Send NTLMv2 responses only. Refuse LM
- Send NTLMv2 responses only. Refuse LM & NTLM
Solution
On the Backup Exec media server check the Group Policy OR Registry value for NTLM autheniation (LAN Manager Authentication level).
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\LMCompatibilityLevel
Solution-A
Set the LAN Manager Authentication level in the Group Policy to send responses via NTLM with one of the following values:
Send LM & NTLM responses
Send NTLM responses only
Microsoft Article: Network security: LAN Manager authentication level
Solution-B
If the Group Policy in the environment can't be changed to NTLM and can only send responses via NTLMv2 , then the following workaround can be performed:
1. NOTE: SDR Disk/ISO must be created with the option to not start the Networking Services automatically.
Boot off the SDR disk and from the SDR menu, click on 'Utilities' option, and open Command Prompt.
2. Type "Regedit" to open registry editor window.
Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.
3. Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4. Change the value of "LMCompatibilityLevel" to 5.
5. Close the Registry
6. From Network Menu, configure the IP, Start the Networking services. Use the Recovery Menu to run the recovery by connecting to Backup Exec media server,
7. SDR should successfully connect to the Backup Exec server as the NTLM value in the SDR recovery environment is updated to NTMLv2 (as per the above registry).
Note: If NTLM v2 is enabled in Domain, an Authentication error may also appear wherever Backup Exec prompts for credentials through a Wizard.
Please note that this article references sites not owned or maintained by Veritas and, as such, Veritas is not responsible for the content portrayed on such sites, including any revisions to or deletions of content or third-party software on which this article relies. User is responsible for conducting all necessary due diligence prior to following the instructions described in this article.
More information (NTLM):
Network security: LAN Manager authentication level
https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-security-lan-manager-authentication-level
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.