• EN
Solved

Test Restore to difference Host Server 2022 doesn't boot due to Key Protector Could not be unrapped

D
Userlevel 2

Morning All

 

Just moving over from Hornet / Altaro to Veeam 12 Community Edition.

 

Set up is in Production have 3 Hosts with 9 VM’s between them. Mainly Server 2016 but one Linux and one Server 2022.

All backup every 12 hours onsite and then Backup copy offsite.

Offsite copy is onto a different VM Host with enough oomph and memory / storage to run whole lot in an emergency although PAINFULLY Slowly.

Anyhow have done a test restore and all Server 2016’s and Linux come up fine (Need a couple of re-boots to recognise new Network etc to talk properly to each other.

 

Server 2022 comes up will not boot due to the Key Protector could not be unwrapped as obviously a different host with different TPM Etc.

If I kill the VM but keep the Virtual HDDs and create a new Virtual machine with same settings it all works but is there any way round this?

icon

Best answer by Chris.Childerhose 24 July 2023, 15:00

View original

16 comments

coolsport00
Userlevel 7
Badge +17

I don't think there is due to the hardware difference @DanielTaylor350  . Maybe someone can chime in with a workaround but I don't think there is. If no one here, you can try posting in the Forum to see if PMs have a solution for you. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
dips
Userlevel 7
Badge +7

Have you tried backing up using the Veeam Guest Agent? @DanielTaylor350 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk
coolsport00
Userlevel 7
Badge +17

I don't think that would work either @dips as the issue stems from the restore to a Host which uses different TPM h/w. 

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
dips
Userlevel 7
Badge +7

Ah yes, that is a good point @coolsport00 

Dipen N. K. | IT Security Specialist | Veeam Legend 2022 - 2023 | www.dipen.co.uk
D
Userlevel 2

@coolsport00 that appears to be the issue with 2022.  But as the main point of B&R is if the building goes up in flames having a backup to restore to new hardware there must be a way of backing up enough Host VM data to restore to the lovely new replacement hardware?

coolsport00
Userlevel 7
Badge +17

@DanielTaylor350 yes, that’s true about Veeam, but even they aren’t perfect. No backup/recovery solution is. That being said, let’s dig a bit deeper into your issue. If we can’t figure it out, I advise you to contact Veeam support. They do provide support for Comm Ed as best they can.

What are you using as your hypervisor?..VMW or HV? Even though your other VMs boot up fine on the DR-side virtual Host, have you verified your encryption/certificate is the same as your source Host and available on the DR-side Host?

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
D
Userlevel 2

Agreed there is nothing perfect and happy with Veeam especially now i have a workaround.  

Two of the master Hosts are Server 2016 Desktop Experience with latest patches and one Server 2022 Desktop Experience.

 

Passwords for encryption are the same though out.  Certificates are self-signed throughout.  It may be as they are in different domains as off-site backup is its own and as separate as possible to avoid as many exploits to copy virus’s etc to offsite.

coolsport00
Userlevel 7
Badge +17

I did a bit more searching Daniel, and saw this post. I know you’re not doing a Live Migration..you’re using Veeam recovery, but the concept is the same → you’re placing the orig VM on a different Host. The only other couple posts I’ve seen had the same workaround as you (rebuild VM using same HDDs).

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00
Userlevel 7
Badge +17

If possible, I’d create a test virtual environment to test this out before attempting on production systems...if you can.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
coolsport00
Userlevel 7
Badge +17

I also saw a post where Secure Boot in the VM settings wasn’t enabled. Is that feature enabled?

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
D
Userlevel 2

@coolsport00 as Server 2022 Enable Secure Boot is enabled with Template “Microsoft Windows” on both Original and test.  Interestingly set on 2016 as well but no issues.

Interestingly on both Hyper-V and Veeam i’ve had to set the 2022 Servers to Standard Checkpoints not Production to get the backups happy again unlike 2016.

Looks like 2022 may be supported but both Microsoft and Veeam (And assume other backup products) have a bit of VSS Work to do.

 

Tested by installing a completely blank 2022 VM with nothing other than up and running and Production didn’t work.

 

Chris.Childerhose
Userlevel 7
Badge +20

Which versions of VMware are you using between the two hosts?  Are they the same version and build number?  In theory the TPM booting should work when you restore a VM as I have tested this many times in vSphere 8.

Be sure to check some of the things mentioned above as well especially the Secure Boot option with UEFI.

EDIT - So I see this is Hyper-V - ignore the VMware questions as I just assumed.  LOL

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
D
Userlevel 2

@Chris.Childerhose MS Server 2016 and 2022 Hyper-V.

coolsport00
Userlevel 7
Badge +17

With enhanced security in later OS versions, there’s no doubt some tweaking with backup systems will need to take place to better streamline recovery.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Chris.Childerhose
Userlevel 7
Badge +20

@Chris.Childerhose MS Server 2016 and 2022 Hyper-V.

Yeah, sorry I just assumed VMware since most are posting related to that.  😋

Let me see if I can test our one DC with Hyper-V and see.  We don’t use that much, and I know everyone that uses Veeam hates supporting Hyper-V.  🤣

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Chris.Childerhose
Userlevel 7
Badge +20

With enhanced security in later OS versions, there’s no doubt some tweaking with backup systems will need to take place to better streamline recovery.

This would be the case for sure as I know there were changes from 2016 to 2022 Hyper-V as that is a bigger jump than say 2016 to 2019 or 2019 to 2022.  As Shane recommended earlier would post up in the Forums as there are more people that would be familiar with Hyper-V I am sure along with Product Managers, etc.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment


Terms & Conditions