NovaBACKUP PC/Server/BE v18.x and newer
Access to a NAS or Network Share in general is via the account of the accessing service.
Accessing services can be
Disaster Recovery Imaging
NovaStor NovaBACKUP Backup/Copy Engine
Provide these services with an account that has local admin rights and remote read and write rights to the share. The account can also be a local account if the same account with identical password is created on the NAS. It is usually sufficient to enter this user in the backup jobs and schedules. A NovaBACKUP service itself only needs to run under the new user in a few exceptional cases. You will find more detailed explanations below.
-------------------------------------------------------
For the backup/restore to/from a NAS (network share) the access rights must be configured correctly. Two scenarios are usually used, case 3 describes the procedure on an AD server:
1. NAS is NOT connected to Active Directory
2. NAS is connected to Active Directory
3. Special case: local users on an AD server
----------------------------------
1. NAS is NOT connected to Active Directory
In this case, under Windows LOCAL on the system AND on the NAS, set up a user with the same name and password. In the case of an Active Directory Server (AD Server), the users in the AD represent the local users. Create this user as described here:
https://support.novastor.com/hc/de/articles/360009715754-Zugriffsrechte-f%C3%BCr-Configure-NBK-BackupAdmin Setup
In NAS Administration GUI, assign this new user to the Administrators group. Grant this new user full access rights to the share you want to back up to.
This user can also be used in the NovaBACKUP network device.
In the backup jobs and the schedules you also enter this user.
Do NOT enter a domain!
If a service should directly access a share via UNC path, i.e. without the way via the network device, you have to change this service from the local system account to the above user. However, this must not be a user in the Active Directory, it must be a local user. Background:
The service logs on to the NAS as domainname\username. However, the NAS only knows its own users. The login fails.
----------------------------------
2. NAS is connected to Active Directory
With this configuration, you do not need an own user on the NAS. The NAS must be integrated into the domain. You must give the domain user full access to the share. Under Windows, create a new user as described under 1. Insert this domain user into the network device, including the domain.
----------------------------------
3. Special case: local users on an AD server
If you back up from an AD server, the AD users are also local users! If the NAS is integrated into the domain and you still work with local users (on Windows and NAS), you must grant the domain user full access to the share. Example:
Domain: DOM
User: BackupAdmin
In the network device, all jobs and schedules enter only the username and password, i.e. .\BackupAdmin. On the NAS there is a LOCAL user with the same name and password. Grant this user full access to the share. At the same time the NAS looks into the AD database and finds the user DOM\BackupAdmin. You have to grant this user full access in the NAS rights management, although this is the same user!
Notes:
If a backup to or a recovery from the NAS is not possible, or the retention rule does not delete any data on the NAS, proceed as described here:
DR does not write to NAS or cannot mount images under "Tools" as Windows drives:
Switch the "Disaster Recovery Imaging" service from the "Local System Account" to the new user. This service can run permanently configured with this user.
Recovery from NAS fails, message (shortened) "insert disk 1" appears:
In the settings under "Restore" (button "Settings") enter the BackupAdmin in "Network permission" tab. If this does not work, change the service "NovaStor NovaBACKUP Backup/Copy Engine" from "local system account" to the new user. After recovery, switch back to the local system account.
Retention rule does not delete an old backup:
First check whether the correct user and password is entered in the retention schedule. This is usually sufficient to grant full access to the share as a rule. If the correct user/password does not work change service "NovaStor NovaBACKUP Backup/Copy Engine" from "local system account" to the new user.
Virtual Dashboard does not delete old generations:
First check whether the user entered in the VD job also has full access rights to the share! If this is the case and the rule still does not delete any old generations:
Change the service "NovaStor NovaBACKUP Backup/Copy Engine" to the new user.
ATTENTION Side effect of service change:
If you change the service config, VD will no longer find the jobs
=> VD only displays white entries instead of red/green.
Eliminate side effect:
If no backups have yet been performed, delete the PD jobs created and create new ones.
If backups have already been carried out successfully, go through the following instructions:
The PD jobs are stored here by default:
"C:\ProgramData\NovaStor\NovaStor NovaBACKUP\UserScripts\SYSTEM\Backup\avd"
Move the job to the directory of the user with which the service was configured, e.g. user "NovaStor":
C:\ProgramData\NovaStor\NovaStor NovaBACKUP\UserScripts\Novastor\Backup\avd
After the PD has been closed/opened, the status of the jobs should be displayed correctly again.