[SOLVED] Event ActiveDirectory_DomainService 2089 on windows domain controller logged

Feb 20, 2021
73
8
8
we are backing up a windows domain controller using proxmox backup. The ActiveDirectory_DomainService complains with Event 2089: it thinks that no backup is made: https://docs.microsoft.com/en-us/tr...eplication-event-2089-backup-latency-interval

"Use QEMU Guest Agent" is enabled for the vm and the qemu guest agent is installed inside the vm:

101: 2021-04-15 22:02:06 INFO: issuing guest-agent 'fs-freeze' command
101: 2021-04-15 22:02:08 INFO: issuing guest-agent 'fs-thaw' command

Is the event 2089 normal with PBS and can be safely ignored or is VSS not working correctly?
 
Last edited:

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
8,640
1,126
174
34
Vienna
afaik, this event means that you did no 'system-state' backup via the integrated windows backup tool. since windows cannot detect that a pbs backup has taken place, and neither pve nor pbs tell the vm that it was backed up, this message seems normal, though i am not a windows ad expert
 
Feb 20, 2021
73
8
8
ok, as workarround we added a monthly task:

Code:
wbadmin.exe start backup -backuptarget:\\server\share -include:%WINDIR%\NTDS\ntds.dit -quiet -user:username -password:password

not sure how other backup solutions "solve" this.
 
Last edited:

bofh

Active Member
Nov 7, 2017
126
11
38
43
ok, as workarround we added a monthly task:

Code:
wbadmin.exe start backup -backuptarget:\\server\share -include:%WINDIR%\NTDS\ntds.dit -quiet -user:username -password:password

not sure how other backup solutions "solve" this.

they let you schedule a system state backup and you absolutly need one.

DO NOT RESTORE A DC JUST VIA VZDUMP.


Here is the thing. If you have only one DC, then it might just work to restore it - MIGHT (still possible to "loose" machines within the network that requires a rejoin but the rest should just work)

If you have a secondary - DONT YOU DARE - and recover from VZDUMP - ever. you gonna crash you ADS for good. then against fresh installs are nice arent they xD


what i would do is a frequent system state backup to somewhere, even just another VM just to have it.
in case of a DC Fail install a new DC, and let ADS replicate from the other one. Thats even Microsoft recommendation. Thats why they also urge you to have at least 2 of them.

TLDR:
-One Domaincontroller in the network - you can recover with VZDUMP
-Multiple Domaincontroller - dont recover unless all are dead
-if youre within a forest but all of your local branch are dead recover via system state
-backup only those with all FSMO roles

Best Methods
- for normal crashes of machines regular check that replication is running this will be your primary recovery
- against malice or incompetence have a backup of the FSMO Domaincontroller better with systemstate
in that case shutdown all domaincontroller, restore primary with all the roles, if that is running best would be install new secondary/3rds and let replication do its job.
-to restore an actrive directly ALL you need is a systemstate backup nothing else.



keep in mind backups of system state must be younger then your tombstones (default 180 days) if its older its worthless.

yes any VM backup solution must absolutely be build for the task to backup an active directory. otherwise it is not useable.
only exception is the single domain controller usecase which should no longer occure in times of virtualisation. even if you have both controller on one bare metal i really highly recommend using 2.

CHECK replication health regularly.


Best would be an offsite DC, you can define it as a different SITE and set appropriate replication cycles
-together with regular systemstate backup (even if its just on the same machine) with a VZDUMP copy of all of it.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!