因此,我們已經試驗 Veeam Backup & Replication 一段時間了。我們為 Veeam Backup Server 設定了專用虛擬機,用於執行所有基礎設施元件的日常備份。我們還沒有獲得許可證,所以這是我們正在測試的社群版本(版本11a 版本 11.0.1.1261 P20220302)
我們有一些具有包含資料庫的 SQL Server 執行個體的虛擬機器。我們使用 Veeam 的應用程式處理選項來備份資料庫並將其包含在備份檔案中。
然而,當我們嘗試從備份檔案(無論是在 Veeam Backup Server 電腦還是另一臺本機電腦上)執行資料庫復原時,我們會遇到問題。我們按照中所述執行應用程式項目恢復Veeam 貝加萊文檔然後執行以下步驟數據發布使用 Veeam SQL Explorer 到本機(臨時)SQL Server。我們嘗試過發布資料庫、復原.BAK檔案甚至直接保存MDF和LDF檔案。所有操作都會因缺乏權限而失敗(請參閱下方的 Veeam SQL Explorer 日誌)。
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Connection completed successfully.
11/04/2022 00:17:32 21 (8876) Checking database version compatibility (server: Microsoft SQL Server 2014, database version: 782)...
11/04/2022 00:17:32 21 (8876) Target server (localhost\SQL2019) is identified as Microsoft SQL Server 2019 (version: 904).
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Validating account permissions for server 'localhost'...
11/04/2022 00:17:32 21 (8876) Validation completed successfully.
11/04/2022 00:17:33 16 (9136) Publishing database...
11/04/2022 00:17:33 16 (9136) Restore point ID: 3147eb18-d76a-47f1-ab4c-ec5a67dd81f1
11/04/2022 00:17:33 16 (9136) SQL server: localhost\SQL2019
11/04/2022 00:17:33 16 (9136) Database name: bigsoft_33o_vide
11/04/2022 00:17:33 16 (9136) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:34 17 (11180) Getting Instant Recovery sessions...
11/04/2022 00:17:34 17 (11180) New USN value: 5113
11/04/2022 00:17:34 17 (11180) Loaded 0 Instant Recovery sessions
11/04/2022 00:17:34 17 (11180) Loading databases completed
11/04/2022 00:17:37 19 (9280) Getting Instant Recovery sessions...
11/04/2022 00:17:37 19 (9280) New USN value: 5114
...
11/04/2022 00:18:05 16 (9136) Database publish failed
11/04/2022 00:18:05 16 (9136) Error: Method failed with unexpected error code 3.
11/04/2022 00:18:05 16 (9136) Type: System.InvalidOperationException
11/04/2022 00:18:05 16 (9136) Stack:
11/04/2022 00:18:05 16 (9136) at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.FileSecurity..ctor(String fileName, AccessControlSections includeSections)
at System.IO.FileInfo.GetAccessControl(AccessControlSections includeSections)
at Veeam.Engine.Security.FileAccess.GetAccessControl(String path, AccessControlSections sections)
at Veeam.Engine.Security.FileSystemSecurity.HasFileAccess(String accountName, String path)
at Veeam.Engine.FileSystem.LocalAccessChecker.GrantFileAccess(String filePath)
at Veeam.SQL.Core.Extensions.AccessCheckerExtension.CheckDatabaseFilesAccess(IAccessChecker accessChecker, IDatabaseFiles databaseFiles, String permissionSourceFolder)
at Veeam.SQL.Restore.Publish.RestorePointDatabasePublisher.Publish(ISqlBroker broker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, Boolean isClustered, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlBroker sqlBroker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.LoggedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
11/04/2022 00:18:06 1 (6504) Database publish failed
11/04/2022 00:18:06 1 (6504) Error: Method failed with unexpected error code 3.
11/04/2022 00:18:06 1 (6504) Type: System.InvalidOperationException
11/04/2022 00:18:06 1 (6504) Stack:
11/04/2022 00:18:06 1 (6504) at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.FileSecurity..ctor(String fileName, AccessControlSections includeSections)
at System.IO.FileInfo.GetAccessControl(AccessControlSections includeSections)
at Veeam.Engine.Security.FileAccess.GetAccessControl(String path, AccessControlSections sections)
at Veeam.Engine.Security.FileSystemSecurity.HasFileAccess(String accountName, String path)
at Veeam.Engine.FileSystem.LocalAccessChecker.GrantFileAccess(String filePath)
at Veeam.SQL.Core.Extensions.AccessCheckerExtension.CheckDatabaseFilesAccess(IAccessChecker accessChecker, IDatabaseFiles databaseFiles, String permissionSourceFolder)
at Veeam.SQL.Restore.Publish.RestorePointDatabasePublisher.Publish(ISqlBroker broker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, Boolean isClustered, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlBroker sqlBroker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.LoggedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.AuditedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.StoringDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.PublishService.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Explorer.Async.Publish.AsyncPublishDatabaseTask.Run(IProcessObserver observer, CancellationToken ct)
at Veeam.Presentation.Async.VisualAsyncTask.Execute(IProcessObserver observer)
請注意,Veeam 是作為本機系統帳戶安裝在 Veeam Backup Server 上,並且使用 Windows 驗證登入的使用者位於管理員群組中。此外,在我們的本機電腦中,我們匯入了備份,並測試了在Windows Server 2019 上以使用者「管理員」身分執行所有內容(Veeam 服務、Veeam 使用者帳戶和sql explorer 服務),但權限問題仍然存在。
這個問題是針對任何特別熟悉 Veeam 的人或任何了解一般錯誤訊息以及如何透過在 Windows 中提供完全權限來繞過它的人。
答案1
聯絡支援人員後,發現問題是我沒有在備份中包含 SQL Server DATA 目錄。我認為 Veeam 會為我做到這一點,因為它允許我啟動應用程式處理。我不記得在文檔中看到任何關於此的細節,否則我可能會錯過它。
透過選擇整台電腦進行備份或對 C 碟機進行磁碟區備份也可以緩解這種情況。顯然,建議無論如何都保存完整的機器以便即時恢復。
只需包含 DATA 目錄,所有不明確的錯誤就消失了。
答案2
請參閱所需權限:
https://helpcenter.veeam.com/docs/backup/explorers/vesql_permissions.html?ver=110
Veeam 服務帳號對 mssql 執行備份的最低權限:
引擎等級:查看任何定義、檢視伺服器狀態
資料庫層級:主控:db_backupoperator、db_datareader
msdb:db_backupoperator、db_datawriter、db_datareader
您想要備份 trn-logs 的任何資料庫:db_backupoperator、db_denydatareader
此外,您的 Veeam 服務帳戶需要屬於本機管理員群組。
為了能夠直接執行到 mssql 的恢復,需要 dbcreator 引擎等級角色。
要正確設置,您需要將 Veeam 服務帳戶變更為網域使用者。
簡單模式:SQL上的Domain Admin和Sysadmin(如果你也想備份和還原AD對象,你可以立即這樣做)