Solved

Guest files and folders restore on agentless VMware client

  • 21 June 2022
  • 7 replies
  • 86 views

Badge +1

I'm stuck trying to restore Guest files and folders on an agentless VWware client.

It seems to be an authetication issue.

The VMware tools are up-to-date on the client. PAM has been setup according to: https://kb.commvault.com/article/VMW0031
(/etc/pam.d/vmtoolsd)

/var/log/secure:

ssh login for the user works fine:

<86>1 2022-06-21T09:23:17.506289+02:00 VMware_Client sshd 30682 - - pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxxxx user=xxxxx
<87>1 2022-06-21T09:23:17.506843+02:00 VMware_Client sshd 30682 - - debug1: PAM: password authentication accepted for xxxxx
<87>1 2022-06-21T09:23:17.507424+02:00 VMware_Client sshd 30682 - - debug1: do_pam_account: called
<86>1 2022-06-21T09:23:17.678032+02:00 VMware_Client sshd 30682 - - Accepted password for xxxxx from xxx.xxx.xxx.xxx port 61369 ssh2
<87>1 2022-06-21T09:23:17.678321+02:00 VMware_Client sshd 30682 - - debug1: monitor_child_preauth:xxxxx has been authenticated by privileged process
<87>1 2022-06-21T09:23:17.679521+02:00 VMware_Client sshd 30682 - - debug1: monitor_read_log: child log fd closed
<86>1 2022-06-21T09:23:17.707703+02:00 VMware_Client sshd 30682 - - pam_unix(sshd:session): session opened for user xxxxx by (uid=0)
<86>1 2022-06-21T09:23:17.717821+02:00 VMware_Client sshd 30682 - - User child is on pid 30700
<87>1 2022-06-21T09:23:17.718652+02:00 VMware_Client sshd 30700 - - debug1: PAM: establishing credentials

However access through vmtools fails:
<86>1 2022-06-21T09:23:30.370914+02:00 VMware_Client VGAuth 21809 - - pam_sss(vmtoolsd:auth): authentication success; logname= uid=0 euid=0 tty= ruser= rhost= user=xxxxx
<85>1 2022-06-21T09:23:30.505951+02:00 VMware_Client VGAuth 21809 - - pam_sss(vmtoolsd:account): Access denied for user xxxxx: 6 (Permission denied)
<84>1 2022-06-21T09:23:30.506311+02:00 VMware_Client VGAuth 21809 - - vmtoolsd: Username and password mismatch for 'xxxxx'.


Commvault: 11.26.13
Client: Red Hat Enterprise Linux Server release 7.9 (Maipo)

icon

Best answer by Aplynx 22 June 2022, 19:42

View original

7 replies

Userlevel 6
Badge +13

if you do a restore w\o commvault involved it’s the vmware api that is doing the restore so you need permissions in commvault and on the box in vmware. with linux one of the caveats i mentioned was the failure to restore ACLs and the vmware api only allows for single restores at a time. this is why it’s generally preferred to use a linux ida as a target or restore locally and copy over.

Badge +1

To test a user account's write permissions for the VM, see VMware KB article 2079098. The VSA proxy you use for this test must have VMware PowerCLI installed.

https://kb.vmware.com/s/article/2079098

Thank you!

I’ve now verified that this is not a Commvault problem but must be a vmwaretool problem.

The script will fail for non-local users.

Both the script and a Commvault restores work when I create a local Linux user. (Which we do not allow in our environment).

Userlevel 6
Badge +13

To test a user account's write permissions for the VM, see VMware KB article 2079098. The VSA proxy you use for this test must have VMware PowerCLI installed.

https://kb.vmware.com/s/article/2079098

Badge +1

Yes, I have a check mark on all so I was wondering if anybody had any success restoring guest files and folders on an agentless VWware client.

Userlevel 5
Badge +13

The authentication is something provided via the VMware stack thus the solution could be found within either an update of the Linux version of VMware tools, or validating the username an password combo, or trying a different username format if a non-local user is used, or check if the user has write access on the path where files be restored.

 

 

Badge +1

Thank you- I’ve already restored the file on a server with IDA and transferred the file.

However I’m really looking for a solution to the authentication problem when doing a guest file restore.

/Jes

Userlevel 6
Badge +13

A file level restore from a Virtual Server backup will restore from block to file level. Since the backup does not backup the file but the blocks they are included in, the restore brings the block back and then pull the files from the blocks. If the file is spread out across 10 blocks., the restore has to first grab each one of those blocks out of the backed-up chunks. It then needs to restore each block into a holding location and once it has all the blocks it can reconstruct the file and then place it to the restore location. 

1) Perform a live browse of the data as this will use less space on the proxy building the data but will still have performance issues for large restores.
2) Restore the VMDK the out place and attach to a VM. Copy the files you need then discard the disk.
3) Choose less files to restore at the same time.

Even if you were looking to restore just 1 file, it may be spread across 10 blocks. The restore has to first grab each one of those blocks out of the backed-up chunks and then restore each block into a holding location. Once it has all the blocks it can reconstruct the file and then place it to the restore location.
 
There are different options for these file level restores as listed here: http://documentation.commvault.com/commvault/v11/article?p=products/vs_vmware/c_vmw_restore_guest_files.htm

 
A 'guest agent' restore uses a Windows File System iDA installed on the client to run the restore. This is the most reliable and robust option for the restore of the data. https://documentation.commvault.com/commvault/v11_sp20/article?p=36492.htm

Note: For the fastest recovery time and the least space required for extent caching, use Live File Recovery with a restore-only file system agent in the guest.
You can use agentless file recovery when the total restore size is less than 10 GB and you are restoring fewer than 10,000 files.
To restore virtual machine files and folders when the total restore size is larger than 10 GB or has more than 10,000 files, use a restore-only file system agent installed in the destination client or virtual machine.
 
An agentless restore has performance issues when restoring files at 10GB and\or 10k files. There are also additional caveats such as inability to restore ACLs.https://documentation.commvault.com/commvault/v11_sp20/article?p=36497.htm

Reply