因此,我们已经对 Veeam Backup & Replication 进行了一段时间的试验。我们为 Veeam Backup Server 设置了一个专用虚拟机,该虚拟机执行我们所有基础架构组件的每日备份。我们还没有获得许可证,所以这是我们正在测试的社区版本(版本11a 构建 11.0.1.1261 P20220302)
我们有一些带有包含数据库的 SQL Server 实例的 VM。我们使用 Veeam 的应用程序处理选项来备份数据库并将它们包含在备份文件中。
但是,当我们尝试从备份文件(无论是在 Veeam Backup Server 机器上还是另一台本地机器上)执行数据库恢复时,我们会遇到问题。我们按照Veeam B&R 文档中的说明执行应用程序项目恢复,然后使用 Veeam SQL Explorer 完成将数据发布到本地(暂存)SQL Server 的步骤。我们尝试过发布数据库、恢复 .BAK 文件,甚至直接保存 MDF 和 LDF 文件。所有操作都因缺少权限而失败(请参阅下面的 Veeam SQL Explorer 日志)。
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Connection completed successfully.
11/04/2022 00:17:32 21 (8876) Checking database version compatibility (server: Microsoft SQL Server 2014, database version: 782)...
11/04/2022 00:17:32 21 (8876) Target server (localhost\SQL2019) is identified as Microsoft SQL Server 2019 (version: 904).
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:32 21 (8876) Validating account permissions for server 'localhost'...
11/04/2022 00:17:32 21 (8876) Validation completed successfully.
11/04/2022 00:17:33 16 (9136) Publishing database...
11/04/2022 00:17:33 16 (9136) Restore point ID: 3147eb18-d76a-47f1-ab4c-ec5a67dd81f1
11/04/2022 00:17:33 16 (9136) SQL server: localhost\SQL2019
11/04/2022 00:17:33 16 (9136) Database name: bigsoft_33o_vide
11/04/2022 00:17:33 16 (9136) Connecting to SQL Server localhost\SQL2019 using Windows authentication (username: WIN-KB0LJQ6QU6L\Administrator)...
11/04/2022 00:17:34 17 (11180) Getting Instant Recovery sessions...
11/04/2022 00:17:34 17 (11180) New USN value: 5113
11/04/2022 00:17:34 17 (11180) Loaded 0 Instant Recovery sessions
11/04/2022 00:17:34 17 (11180) Loading databases completed
11/04/2022 00:17:37 19 (9280) Getting Instant Recovery sessions...
11/04/2022 00:17:37 19 (9280) New USN value: 5114
...
11/04/2022 00:18:05 16 (9136) Database publish failed
11/04/2022 00:18:05 16 (9136) Error: Method failed with unexpected error code 3.
11/04/2022 00:18:05 16 (9136) Type: System.InvalidOperationException
11/04/2022 00:18:05 16 (9136) Stack:
11/04/2022 00:18:05 16 (9136) at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.FileSecurity..ctor(String fileName, AccessControlSections includeSections)
at System.IO.FileInfo.GetAccessControl(AccessControlSections includeSections)
at Veeam.Engine.Security.FileAccess.GetAccessControl(String path, AccessControlSections sections)
at Veeam.Engine.Security.FileSystemSecurity.HasFileAccess(String accountName, String path)
at Veeam.Engine.FileSystem.LocalAccessChecker.GrantFileAccess(String filePath)
at Veeam.SQL.Core.Extensions.AccessCheckerExtension.CheckDatabaseFilesAccess(IAccessChecker accessChecker, IDatabaseFiles databaseFiles, String permissionSourceFolder)
at Veeam.SQL.Restore.Publish.RestorePointDatabasePublisher.Publish(ISqlBroker broker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, Boolean isClustered, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlBroker sqlBroker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.LoggedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
11/04/2022 00:18:06 1 (6504) Database publish failed
11/04/2022 00:18:06 1 (6504) Error: Method failed with unexpected error code 3.
11/04/2022 00:18:06 1 (6504) Type: System.InvalidOperationException
11/04/2022 00:18:06 1 (6504) Stack:
11/04/2022 00:18:06 1 (6504) at System.Security.AccessControl.NativeObjectSecurity.CreateInternal(ResourceType resourceType, Boolean isContainer, String name, SafeHandle handle, AccessControlSections includeSections, Boolean createByName, ExceptionFromErrorCode exceptionFromErrorCode, Object exceptionContext)
at System.Security.AccessControl.FileSystemSecurity..ctor(Boolean isContainer, String name, AccessControlSections includeSections, Boolean isDirectory)
at System.Security.AccessControl.FileSecurity..ctor(String fileName, AccessControlSections includeSections)
at System.IO.FileInfo.GetAccessControl(AccessControlSections includeSections)
at Veeam.Engine.Security.FileAccess.GetAccessControl(String path, AccessControlSections sections)
at Veeam.Engine.Security.FileSystemSecurity.HasFileAccess(String accountName, String path)
at Veeam.Engine.FileSystem.LocalAccessChecker.GrantFileAccess(String filePath)
at Veeam.SQL.Core.Extensions.AccessCheckerExtension.CheckDatabaseFilesAccess(IAccessChecker accessChecker, IDatabaseFiles databaseFiles, String permissionSourceFolder)
at Veeam.SQL.Restore.Publish.RestorePointDatabasePublisher.Publish(ISqlBroker broker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, Boolean isClustered, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlBroker sqlBroker, ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(ISqlConnectProvider sqlConnectProvider, IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.DatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.LoggedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.AuditedDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.StoringDatabasePublisher.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Restore.Publish.PublishService.Publish(IPublishConfig config, ISqlActionsObserver observer, CancellationToken ct)
at Veeam.SQL.Explorer.Async.Publish.AsyncPublishDatabaseTask.Run(IProcessObserver observer, CancellationToken ct)
at Veeam.Presentation.Async.VisualAsyncTask.Execute(IProcessObserver observer)
请注意,Veeam 作为本地系统帐户安装在 Veeam Backup Server 上,使用 Windows 身份验证登录的用户属于管理员组。此外,在我们的本地计算机中,我们导入了备份并测试了在 Windows Server 2019 上以“管理员”用户身份运行所有内容(Veeam 服务、Veeam 用户帐户和 sql explorer 服务),但权限问题仍然存在。
此问题适用于特别熟悉 Veeam 的任何人,或者任何了解一般错误消息以及如何通过在 Windows 中提供完整权限来绕过它的人。
联系支持后发现,问题在于我的备份中没有包含 SQL Server DATA 目录。我认为 Veeam 会为我做这件事,因为它允许我激活应用程序处理。我不记得在文档中看到任何关于此的细节,否则我可能会错过它。
这也可以通过选择整台计算机进行备份或对 C 驱动器进行卷备份来缓解。显然,无论如何都建议保存完整的机器以进行即时恢复。
只需包含 DATA 目录,所有模棱两可的错误就消失了。
请参阅所需权限:
https://helpcenter.veeam.com/docs/backup/explorers/vesql_permissions.html?ver=110
Veeam 服务帐户在 mssql 上执行备份的最低权限:
此外,您的 Veeam 服务帐户需要是本地管理员组的一部分。
为了能够直接在 mssql 中执行还原,需要 dbcreator 引擎级别的角色。
要正确设置此项,您需要将 Veeam 服务帐户更改为域用户。
简单模式:SQL 上的域管理员和系统管理员(如果您也想备份和恢复 AD 对象,您可以立即使用此方式)