Thought I’d try something new with you guys, see if it’s something you’d be interested in me continuing. There are a huge number of features within Veeam, but often you have either a default setting that you never change, or a setting that YOU never configure other than one particular way.
I’d like to explore some of these and get your own stories as to when you’ve had to change these, so we can all share in our knowledge and see the “edge cases” for such decisions.
For our first one, lets talk about Application Aware Processing. We know that we need this to move from a crash consistent backup to a transactionally consistent backup, and to leverage some advanced Veeam feature. So, why can we disable it completely, when it’s so important?
I was working with a customer recently that had another backup vendor in use, and the backups hadn’t been running for 18 months (). The customer had two physical servers in different locations, both were domain controllers (and one was even running Hyper-V role on it for a VM despite being a DC!!!), they were both also multiple terrabytes of file servers. So I defaulted to attempting application aware processing via the Veeam Agent, and then hit a VSS failure on one of the servers! ()
It wasn’t VSS that was at fault though, it turns out that the two domain controllers had a long history of not liking each other, due to unreliable inter-site connectivity and it had gone on for so long that one of the domain controllers had become “tombstoned”. If you’re not familiar with the process of tombstoning within Active Directory, this can be a bit of a rabbit hole to go down, but essentially the two servers hadn’t spoken for so long that the primary domain controller had determined the other domain controller was no longer part of the domain.
Where does backup come into this? VSS processing was being attempted with Active Directory, but the domain controller wasn’t in an authoritative state and was still trying to communicate with the rest of the domain before it could service requests, as a result VSS was failing.
It was then decision time, the customer didn’t want to pay to repair their domain controller, nor had the technical skills to resolve internally, but they still wanted all of their files backed up, so disabling application-aware processing enabled us to protect the files whilst not worrying about the VSS issues.
You may also be thinking, couldn’t you just disable the Active Directory services? We did initially, but that caused other problems I won’t go into here…
Interesting story; I'm not sure what's worse, no backup or the situation with the domain controllers 😅
Although we know that, many customers don't 😉 If often see environments where the setting is disabled, either because it's the default or because AAP caused backup errors(failed login, SQL,...).
These are definitely things worth talking about especially for new people to Veeam in the community.