4 4 3 Beefalo:FAQ

From SEPsesam
Other languages:
Copyright © SEP AG 1999-2022. All rights reserved.

Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.

Docs latest icon.png Welcome to the latest SEP sesam documentation version 4.4.3 Beefalo/5.0.0 Jaglion. For previous documentation version(s), check documentation archive.


LICENSES & VERSIONS

Does SEP sesam require identical versions of SEP sesam Client and Server?

To avoid general version compatibility issues, the following rules apply:

  • the version of SEP sesam Server must be greater than or equal to the version of SEP sesam RDS.
  • the version of SEP sesam Server must be greater than or equal to the version of the SEP sesam Clients.

These rules are especially important when performing an upgrade of your environment. First upgrade the SEP sesam Server, then the RDS components, and last the Clients.

Forward and backward compatibility is maintained for all backup types that have not been discontinued. If you require restore/recovery of savesets for discontinued backup types, you can use old SEP sesam version that still supports that backup type.

What happens after a SEP sesam version is no longer supported?

Discontinued versions of SEP sesam can still be used, but they are no longer maintained, SEP AG no longer provides updates or fixes for those versions. Maintenance period for a version is generally 12 months (this depends on your license type), after this period SEP AG strongly recommends upgrading your SEP sesam Server and RDS components.

On older platforms that are still available, SEP strongly recommends to use only Client packages, and to combine such clients with the latest SEP sesam Server and RDS components. Backward compatibility is maintaned for discontinued Client versions, that are still used for older (outdated) platform versions.

How do I order a new licence?

To obtain a license, contact SEP sesam sales at SEP contact page or sales@sep.de and provide the following information:

  • host name of the SEP sesam Server
  • IP address of the SEP sesam Server

To determine which specific names are used by SEP sesam (for example, if more than one network card is installed on the server), go to Help -> License Info in the SEP sesam GUI menu bar and check the details. Licenses are available immediately after your purchase or renewal is completed and will be sent to you by email.

License Info displays all licensed components which are currently in use. It also shows you the number of clients and modules needed by your configuration if your SEP sesam Server is currently running in trial mode.

Information sign.png Note
Some features require a special license, for example, SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro. SEP sesam licenses are issued on the basis of the size and requirements of your environment, so make sure that you are aware of feature/application specific licensing. For details on newly introduced licenses, see SEP sesam Exchange Recovery Pro license and SEP sesam SharePoint Recovery Pro license.


License info Beefalo V2.jpg

How do I activate a license?

You can activate licenses easily by importing the license in the SEP sesam GUI. Note that the SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro extensions require special licences and specific activation steps, as described in the section Activating special licenses.

Activating licenses in the SEP sesam GUI

After you have received your SEP sesam license by email, proceed as follows:

  1. From the SEP sesam GUI menu bar -> Help, select License Info. The SEP sesam License Info window appears.
  2. Click the button Import New License. A new window opens prompting you to paste a valid license file.
  3. Copy a valid license file sm_lic.ini and paste it from the clipboard or use the file manager to browse and select the required license as .ini or .zip file.
  4. Click Apply to enable the license.
  5. License info import Beefalo V2.jpg
SEP Tip.png Tip
The License Info also enables you to check the expiration date and to upgrade your license. All licensed components currently in use are displayed.

If the program displays any errors (for instance, in the host name or IP address), email the SEP sesam License Info to SEP sesam sales by clicking the Send as Mail button. Clicking the button opens an email with the license information loaded. Address the message to sales@sep.de and send it.

Activating special licenses

To activate the special licenses, such as SEP sesam Exchange Recovery Pro or SEP sesam SharePoint Recovery Pro, proceed as follows:

  1. Go to Start -> All Programs -> SEP sesam Exchange Recovery Pro or Start -> All Programs -> SEP sesam SharePoint Recovery Pro and open the extension. A License file not installed message appears.
  2. Click the License info button and import the license.ini file.

Both, SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro extensions require specific installation and configuration. For details on these procedures, see SEP sesam Exchange Recovery Pro and SEP sesam SharePoint Recovery Pro.


Why does the W008-License TCPIP address not match the local address 127.0.0.2?

This problem usually occurs on SLES-based Linux systems. Check the file /etc/hosts and change the relevant entry for the loopback address 127.0.0.2 or remove it from the /etc/hosts file entirely.

How do I obtain the community version?

The SEP sesam community version is available to the general public for private use on Microsoft Windows and Linux. Please note that the software, manuals, licensing and terms from SEP AG and SEP Software Inc remain unchanged.

During the installation of a SEP sesam demo version (available at SEP Download Center), a community license file is created automatically. This file must be copied to the license file location after the 30-day trial period is over.

The file sm_lic.ini.com can be found at <SESAM_ROOT>/skel. Copy the file to <SESAM_ROOT>/var/ini and rename it to sm_lic.ini.

If you want to check the license status, go to Help -> License Info.

Technical support is not provided for the SEP sesam community version and it cannot be upgraded. Visit the SEP Forum or search SEP Wiki for help.


REQUIREMENTS

What are the hardware and software requirements for a SEP sesam Server?

SEP sesam Server hardware requirements

The following are the hardware requirements for the SEP sesam Server, RDS or SEP sesam Client. They are similar for both servers, SEP sesam Server and RDS, except for the required space on the file system for the SEP sesam database, which is not necessary for RDS.

  • The hardware requirements for the SEP sesam components represent the common requirements. Additional amount of RAM/CPU may be required for bigger Si3 data stores. For details, see Si3 Deduplication Hardware Requirements.
  • (Windows only) Make sure that you are using CPUs with supported AVX versions (AVX, AVX2, or AVX-512) and FMA3 (Fused Multiply-Add 3-operand Form) or FMA4 (Fused Multiply-Add 4-operand Form) to prevent the Sesam Transfer Protocol Server (STPD) from automatically disabling the HTTPS port. This happens when the CPU instructions are missing due to unsupported AVX. Consequently, the TLS key and certificate cannot be created. For a list of supported AVX versions, see Advanced Vector Extensions.
Requirements SEP sesam Server Standard edition SEP sesam Advanced Server edition SEP sesam Premium Server edition SEP sesam Enterprise Server SEP sesam Client
Memory (without Si3 deduplication) 8 GB RAM Minimum 16 GB RAM 32 GB RAM Minimum 64 GB RAM 2 GB (recommended 4 GB)
Memory (with Si3 deduplication) Minimum 16 GB RAM Minimum 32 GB RAM 64 GB RAM Minimum 128 GB RAM Minimum 4 GB
Core (without Si3 deduplication) 1x CPU with 4 cores (≥ 2,4 GHz) 1x CPU with 8 cores (≥ 2,4 GHz) Minimum 1x CPU with 8 cores (≥ 2,4 GHz) Minimum 2x CPUs with 4 cores (≥ 2,4 GHz) -
Core (with Si3 deduplication) 1x CPU with 6 cores (≥ 2,6 GHz) 2x CPUs with 8 cores (≥ 2,6 GHz) 2x CPUs with minimum 8 cores (≥ 2,6 GHz) Minimum 2x CPUs with 8 cores (≥ 2,6 GHz) -
Minimum hard disk space for SEP sesam metadata 100 GB 300 GB 500 GB 500 GB 4 GB (for all client data)
No. of backup clients Up to 15 Recommended up to 50 Recommended up to 150 Recommended for more than 150 -

Si3 deduplication hardware requirements

For the minimum Si3 hardware requirements that apply to SEP sesam Si3 deduplication server, see the above requirements list. Keep in mind that these requirements represent the demand for deduplication only. In addition, the amount of memory for the operating system and other services should be taken into account. For details on Si3 requirements, see Si3 Deduplication Hardware requirements.

SEP sesam Server software requirements

Information sign.png Note
We recommend that you use a separate partition for the SEP sesam metadata in order to prevent SEP sesam metadata from filling up the operating system partition.
  • Linux: Create a mount point for /var/opt/sesam/var (see recommended size above).
  • Microsoft Windows: Add a new drive (see recommended size above) and install SEP sesam on this drive.

Which Java version does SEP sesam require?

The required Java version depends on SEP sesam version. Check the following Java compatibility matrix for details. Oracle/Sun Java, IBM Java or OpenJDK can be used. For details on how to install Java, see Installing and Managing Java.

Java version SEP sesam version
Java 17 on demand Note1
OpenJDK 11 LTS 4.4.3 Beefalo, 5.0.0 Jaglion, 5.0.0.9 Jaglion V2 Note2
Java 11 4.4.3 Beefalo, 5.0.0 Jaglion, 5.0.0.9 Jaglion V2 Note2
Java 10 is not supported!
X
Java 9 is not supported!
X
Java 8 ≥ patch level 111 (both Windows and Linux) 4.4.3 Grolar; 4.4.3 Beefalo, 5.0.0 Jaglion, 5.0.0.9 Jaglion V2 Note2
Java 8 (at least patch level 111) ≥ JRE 1.8.0_111 (required for Linux) v. ≥ 4.4.3 Tigon V2
Java 8 (required for Windows) v. ≥ 4.4.3
Java 7 (all OS except Windows) 4.4.3 Note3
Java 7 4.4.2
Java 6 4.2.1 & 4.2.2
Note1
  • SEP sesam 5.0.0.9 Jaglion V2, including SP1, supports Java 17 only on demand, if the use of Java 17 from the command line has been enabled with sm_setup set_java_path -f <java_17_installation_path>
Note2
  • Java 1.8 (≥ 1.8.0_111) is only accepted if it is already installed and the computer does not have a 4K display.
  • 5.0.0.9 Jaglion V2 is the last version of SEP sesam that supports Java 1.8.

Note3

SEP sesam versions 4.4.3 until 4.4.3 Tigon V1 running on non-Windows platform require Java 7, however, SEP sesam uses JavaFX for its web dashboard and user-defined schedules features. If you want to have all the 4.4.3 features available, you need OpenJFX package or Oracle®'s Java 8 (already includes JavaFX) on your SEP sesam GUI client.

You can check your Java version with the following command:

java -version

Example:

#> java -version
java version "1.7.0_45"
Java(TM) SE Runtime Environment (build 1.7.0_45-b18)
Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)

Linux – RPM

If the SEP sesam Server is installed as an RPM package, Java must also be installed as an RPM.

Note that to install a SEP sesam Server on an OES2 system, Java 1.5 must remain the default version so that Micro Focus-specific functions (previously Novell) can operate. If a different Java version (such as 1.6) is installed on the system via RPM, the default Java version is kept, i.e., the reinstallation doesn't overwrite it. Java and the SEP sesam Server can be installed as described below.

In our example, 64-bit Sun Java is used:

  1. After the download is complete, give the package execution rights:
  2. #> chmod +x jre-6u25-linux-x64-rpm.bin
  3. Install the JRE binary package:
  4. #> ./jre-6u25-linux-x64-rpm.bin Unpacking... Checksumming... Extracting... UnZipSFX 5.50 of 17 February 2002, by Info-ZIP (Zip-Bugs@lists.wku.edu). inflating: jre-6u25-linux-amd64.rpm Preparing... ########################################### [100%] 1:jre ########################################### [100%] Unpacking JAR files... rt.jar... jsse.jar... charsets.jar... localedata.jar... plugin.jar... javaws.jar... deploy.jar... Done.
  5. Verify that the Sun Java version was properly registered in the package database.
  6. #> rpm -qa | grep jre jre-1.6.0_25-fcs

The SEP sesam Server is installed via an RPM package. The SEP sesam installer finds the Java information in the package manager and automatically creates a link to it in the directory /opt/sesam/bin/sesam. If the SEP sesam Server and Java are installed via Tarball, you must create the link manually, as described in the procedure below.

Linux – Tarball

If Java is installed as Tarball, the SEP sesam Server must also be installed as Tarball. The installation of a SEP sesam Server package with --nodeps is not supported.

Install Java Tarball as follows:

  1. Download a Java version that is compatible with your operating system, such as 64-bit Sun Java version jre-7u<version>-linux-x64.tar.gz, to/opt/java.
  2. Go to the directory /opt/java and extract the Tar archive ./jre-7u<version>-linux-x64.tar.gz to the folder /opt/java.
  3. Java is unpacked into the subfolder jre1.7.0_45 and is ready to use. You can test Java functions as follows:
  4. #> /opt/java/jre1.7.0_45/bin/java -version java version "1.7.0_45" Java(TM) SE Runtime Environment (build 1.7.0_45-b18) Java HotSpot(TM) 64-Bit Server VM (build 24.45-b08, mixed mode)
  5. Create the directory structure /opt/sesam/bin/sesam to link Java to the SEP sesam Server installation:
  6. #> ln -s /opt/java/jre1.7.0_45/bin/java /opt/sesam/bin/sesam/java

You can now install SEP sesam Server via Tarball.

Windows

You can operate several Java versions on Windows. The SEP sesam Server can work with a Java version other than the operating system's default Java version. Enter the path of your Java version into the <SESAM_ROOT>\var\ini\sm.ini file in the [JAVA] section:

  [JAVA]
  java_interpreter="C:\Program Files\Java\jre7\bin\java"
  java_home="C:\Program Files\Java\jre7"
  java_exit_on_fail=no

This gives the SEP sesam Server its own Java environment on startup.

Where can I get the latest 64-bit version of Sun's JRE?

You can download Oracle Java at Java downloads for all operating systems. However, with Oracle announcing the end of free support for past versions of Java as well as the Oracle JDK binary no longer be free for use in production from JDK 11 on, SEP sesam introduced support for OpenJDK LTS (long term support) distributions, so you can use a free OpenJDK LTS version instead of Oracle Java. You can simply install OpenJDK on Linux or Windows, as described in SEP sesam Quick Install Guide.


INSTALLATION & CONFIGURATION

How do I install a Remote Device Server (RDS)?

You can simply install and configure RDS as follows:

  1. Depending on your operating system (Linux or Windows), download the relevant installation file from the SEP Download Center. For details on Linux/Windows installation, see SEP sesam Quick Install Guide.
  2. Add RDS as a SEP sesam Client to the SEP sesam environment. Make sure that the DNS names (between SEP sesam Server and RDS) are correctly resolved (forward and reverse DNS lookup). For details, see Configuring RDS.
  3. Add storage hardware (disk storage, tape libraries or single tape drives) to RDS.

For step-by-step procedure, see How to create a Remote Device Server (RDS).

How do I install the SEP sesam GUI on a Linux system?

To install a SEP sesam GUI on a Linux system, proceed as follows:

  1. Download a package for your Linux distribution from https://download.sep.de/linux/.
  2. Depending on your distribution, install the SEP sesam GUI, as described in SEP sesam Quick Install Guide.
  3. After installing, check that the SEP sesam Server is available by using the following command:
  4. nslookup <SEP sesam Server name> For details, see nslookup.
  5. Make a shortcut with the following path:
  6. /opt/sesam/bin/gui/sesam_gui -S <SEP sesam Server name>

What problems may occur after installing the SEP sesam RPM package?

The following message appears when starting the SEP sesam GUI:

The connection to the server sesamserver was denied.

The last message was:

 java.rmi.RemoteException: Connection refused to host: [SEP sesam-Server]; nested
 exeption is:
 java.net.Connect.Exception: Connection refused
  • Make sure that the SEP sesam RMI Server component is active and the correct port is being used.
  • The program is terminated.
  • If you get this error message, check the Java version with the following command:
  • /opt/sesam/bin/sesam/java -version In the Java v. < 1.7, you will need to update the Java files. For the list of supported Java versions, see Java Compatibility Matrix.

How do I change the IP address and the name of the SEP sesam Server?

Your license must first be modified to match the new server name and/or IP address. Send the original license, the new server name, and the IP address to info@sep.de.

When you receive the new license information, you can change the SEP sesam Server name using sm_setup.

  1. Set the SEP sesam profile and enter the following command:
  2. sm_setup change_servername <mynewserver>
  3. After executing the command, check the interfaces of the renamed SEP sesam Server: Main selection -> Components -> Clients -> double-click the server (Client) to open its properties. In the Interfaces field, manually remove the old interfaces and enter the new interfaces for http and https.
  4. RDS interfaces.jpg

How do I adjust SEP sesam limits?

The best way to adjust SEP sesam limits on the system is to create the Systemd override file. By using this file the settings are not overwritten during the update.

To adjust the SEP sesam limits, proceed as follows:

Example

>
> root@cefix:~# systemctl show sepsesam.service | grep ^LimitCORE=
> LimitCORE=2147483648

  1. Create the override file and adjust the value:
  2. > mkdir -p /etc/systemd/system/sepsesam.service.d/ > echo "[Service]" > > /etc/systemd/system/sepsesam.service.d/override.conf echo > "LimitCORE=infinity" >> > /etc/systemd/system/sepsesam.service.d/override.conf
  3. Reload the system by using the command:
  4. > root@cefix:~# systemctl daemon-reload
  5. Then specify:
  6. > root@cefix:~# systemctl show sepsesam.service | grep ^LimitCORE= > LimitCORE=infinity

What effect does an antivirus scanner have on SEP sesam?

Antivirus scanners may negatively impact your backup and restore operations:

  • The SEP sesam install process is very slow.
  • The GUI is slow or hangs for several seconds.
  • Backup and restore jobs are terminated abruptly.
  • Reduced data throughput and speed.
  • SEP sesam Server/Client is not available (Errorcode 10060).

To avoid such issues, use the antivirus exclusions rules for SEP sesam and exclude the following items from any virus scanning activities:

  • All SEP sesam installation directories on the SEP sesam Server, Client and Remote Device Server (RDS):
    • SESAM_BIN directory including all subfolders
    • SESAM_VAR directory including all subfolders
  • Data store and deduplication store on the SEP sesam Server and RDS:
    • Exclude all partitions on which the data stores are configured for backup.
  • All SEP sesam processes on the SEP sesam Server, Client and RDS:
    • Exclude all executable files from the following directories:
    • <SESAM_ROOT>/bin/sesam/*.* <SESAM_ROOT>/bin/sms/*.*
    • With some virus scanners you can disable the Child Process Monitoring rule option. In this case, you only have to exclude the following SEP sesam processes:
    • On Windows: sm_main.exe sm_ctrld_main.exe sm_sshd.exe sm_db_main.exe sm_passd.exe sm_rmi_main.exe sm_sepuler.exe sm_sms_main.exe sm_data_server.exe sm_stpd_main.exe sbc.exe In version 5.0.0 Jaglion, you must also exclude the postgres process, if it is used: postgres.exe On Linux: sm_qm_main sm_ctrld_main sm_sshd sm_db_main sm_passd sm_rmi_main sm_sepuler sm_sms_main sm_data_server sm_stpd_main sbc

How do I calculate the data store capacity (free space calculation and license check)?

Data store volume sizing and capacity usage should be managed at the partition level. It is recommended that only SEP sesam data is stored on the respective volume. Note that it is possible to store non-SEP sesam data on the same partition as the data store without including it in the fill level calculation and thus the license check. For details, see Data store capacity.

When specifying the capacity value, a dedicated partition must have enough free space. The method for calculating the required disk space is:

space occupied by SEP sesam + free disk space = DS capacity

where DS capacity is the configured capacity value in the SEP sesam's data store configuration.

Information sign.png Note
SEP sesam expects the configured data store space to be available.
  • It is essential that the value of volume size of non-sesam data is always larger than the data store capacity value.
  • If the configured data store capacity is not completely available for SEP sesam (i.e., if the non-sesam data occupies more space), backup or migration tasks will fail even if there is enough free space on disk.

DatastorePositive.pngDatastoreNegative.png DatastorePositiveError2.png

Example:

Volume size:     10 TB
   Used by SEP sesam:    4 TB
   Used by non SEP sesam 3 TB
   Free disk space:  3 TB
   ======================
DS capacity:      6 TB
   4 TB + 3 TB     > 6 TB:  -> Backup can start
   ----------------------
   DS capcity:       8 TB
   4 TB + 3 TB     < 8 TB:  -> Backup will fail

For example, a data store reports the following error:

Not enough disk space could be freed to reach high water mark of -100GB for data store Data-Store. 
(Data store: Data-Store. Free space: 696GB . Freed: 3GB). 

Solution: You have to correct the capacity value of your data store.

How do I determine the number of SID for Oracle?

You can determine the number of SID for Oracle in the following ways:

  • View the list of the operating system's running processes.
  • If an Oracle instance is running, the system monitor will also be running. The name of the Oracle process always contains part of the instance name. The common form is ora_<process_name>_<sid> Example: oracle@myhost:/ ps -ef | grep smon oracle 23557 11596 0 Dec 19 ? 0:22 ora_smon_rac1 In this case, the SID is rac1.
  • Check the oratab.
  • Open the oratab in /var/opt/oracle. You will find the name of the instance and the Oracle home for automatically starting Oracle instances. Example: oracle@myhost:cat /var/opt/oracle/oratab rac1:/opt/app/oracle/product/10.2.0/db_1:N
  • View the parameter file.
  • In the Oracle home under dbs or database, you will find either init<sid>.ora or the relevant SP file. The parameters of the instance are stored here. The db_name and instance_name parameters provide information about the database name and SID.
  • Sign in on the instance as DBA and query the relevant views.
  • In SQL*Plus as DBA-User: SQL: 1. SHOW parameter db_name 2. SHOW parameter instance_name The following statements can be used from every tool: 1. SQL> SELECT instance_name FROM v$instance; 2. SQL> SELECT [name] FROM v$database;

How do I configure the SEP sesam profile to run automatically during login?

Create a link in the directory /etc/profile.d/ as follows:

ln -s /var/opt/sesam/var/ini/sesam2000.profile /etc/profile.d/sesam.sh

How do I set permissions for a GUI client?

In previous SEP sesam versions, you have to set client permissions via the command line. As of version 4.4.3 Grolar, you can simply set client permissions by configuring ACLs in the SEP sesam GUI. For details, see Using Access Control Lists.

Authentication permissions Beefalo V2.jpg

What problems may occur when adding a new client?

The following errors may appear when adding new clients to the SEP sesam Server.

Error message 1:

No Access for Computer pc2 - please enter for pc1

or

There is no SEP sesam installed on computer pc2, please install it.

The problem might be:

  • There is no SEP sesam Client software installed.
  • The wrong system name is specified in the SEP sesam GUI.
  • There is an active firewall between the two computers.

Solution:

  • Install the SEP sesam software on the target client.
  • If the name was entered incorrectly, delete it and then re-enter it.
  • Deactivate the firewalls or install the SEP sesam firewall option.

Error message 2:

Rights Restriction -  [pc1.domain.de system] in pc2:<SESAM_VAR>/var/ini/sm_ctrld.auth

Problem: The SEP sesam Server has no privileges to access the client.

Solution: Enter the value in the [___] into the client's <SESAM_VAR>/var/ini/sm_ctrld.auth.

Error message 3:

Test backup from pc2 does not restore to pc1 – please verify (ping, DNS, local STPD)

Problem: The connection between the SEP sesam Client and Server is not functioning.

Solution: Check DNS resolution. SEP sesam recommends using the sm_setup check_resolution command, as described in How to check DNS configuration. Make sure that you have set up a SEP sesam profile before running the command; for details, see FAQ: What happens when I set a profile?

How do I use the Nagios plugin from Netway to query and monitor the SEP sesam database?

SEP Warning.png Attention

Open source monitoring tools like Nagios are not part of, nor are they supported by, SEP AG and/or its partners and subsidiaries. Neither are other programs or scripts which query data from the SEP sesam DB or any other SEP sesam module that are not specifically distributed by SEP AG. SEP cannot and will not make any guarantees or warranties as to the usability or functionality of such scripts. Therefore, for obvious reasons, SEP cannot offer support for any of these customer and client designed and implemented tools or programs. Consequently, there is no support for the client specific programs.

NETWAYS GmbH has developed an open-source database query routine for SEP sesam – the Nagios plugin. In accordance with the OSF foundation rules, this is a free software package that comes with the standard disclaimers regarding warranty, usability, and functionality. In other words, use it for free at your own risk. You can download the plugin from SEP Download Center.

Demo scripts from projects

Various scripts have been written for specific projects to allow customers to query (retrieve information from) the SEP sesam DB. These scripts are very specific to the client environments and are in no way guaranteed to work in other environments. Sample scripts to query the SEP sesam database have been written illustrating the use of the Nagios methodology and are meant to be used for demonstration purposes only. They can be found at SEP Download Center.

How do I configure a command event?

You can configure the command events in the SEP sesam GUI. You might have to set permissions to execute the commands. For details, see Creating a Command Event.

How do I configure a follow-up event?

You can configure the follow-up events that are triggered on the SEP sesam Server once the initial event is completed. In the SEP sesam GUI, you can set up migration, saveset verify and other actions to be triggered immediately after the backup or other event is completed. For details on configuring such events, see Follow-up events.

Follow up events Beefalo V2.jpg

How do I change data size units?

You can change the default unit for data size by using the menu bar -> Configuration -> Defaults -> select the Display Format tab. The data size can be specified either with (KB, MB, GB, TB) or binary prefix (KiB, MiB, GiB, TiB).

Defaults data size Beefalo V2.jpg

You can also set a different data size unit for the individual table. For details, see Changing data size units.


GUI

Why I cannot find some features in the GUI?

The available GUI features (e.g., Expert Options for restore) depend on the selected UI mode: simple or advanced. (The former advanced GUI mode is now replaced by simple mode, while the former expert mode is replaced by advanced mode.) The appearance of the GUI does not change depending on the mode, but simple mode hides complex features and shows the user only a basic subset of options. Advanced mode provides all the features of SEP sesam, such as expert restore options, log level setting, etc. Under Configuration -> Defaults -> General, you can easily switch between modes at any time, as described in Selecting UI mode.

The currently active mode is displayed at the top of the SEP sesam application window. GUI-displayed UI mode.jpg


How do I set a specific language for the SEP sesam GUI?

By default, the SEP sesam GUI always starts with the language of the operating system. The GUI currently supports English and German language. You can change the language by adjusting the parameter -r of the GUI client in the following ways:

  • By right-clicking on your GUI desktop icon and selecting Properties, as described in Changing GUI language.
  • By using the parameter -r when calling the GUI directly (i.e., on Linux) or when editing the link itself. The following settings are possible (do not use space after the parameter!):
  • -rde -ren -ren_us -ren_gb The first option represents German. The other three options represent English; the first option shows time in 24-hour format whereas the second and the third option show time in the 12-hour format (AM and PM).

How to set Chinese fonts?

The default GUI font does not supply Chinese characters. You can change the default font to Chinese in the SEP sesam GUI (Configuration -> Defaults) by specifying the entry 'key= default_font[_...]', see Configuration: Defaults.

As the available Chinese font sets depend on the operating system, the following platform-specific keys are provided:

  • Windows: 'default_font_windows'
  • Linux: 'default_font_linux'
  • Common setting: 'default_font'

Example for setting MS Song as the default Windows font:

sm_db "INSERT INTO defaults (key,user_name,value,host,protection)
VALUES ('default_font_windows','sesam','MS Song',NULL,NULL);"

Can I administer more than one SEP sesam Server via the GUI?

To administrate more that one SEP sesam Server, you have to enable the Master GUI functionality. No special license is required.

Information sign.png Note
All SEP sesam Servers must be of the same version to use Master GUI functionality.

To enable Master GUI, proceed as follows depending on your operating system:

On Windows

Edit the SEP sesam desktop shortcut and add the parameter -M1 to the target:

"C:\Program Files\Java\jre6\bin\java.exe" -classpath sm_gui.jar;sm_lib.jar;
de.sep.sesam.gui.client.Frame -ucr -sbackupserver -lwindows -p11401 -P local -v2 -ren -M1

On Linux

Start the GUI executable /opt/sesam/bin/gui/sesam_gui with the parameter -M1:

./opt/sesam/bin/gui/sesam_gui -M1

For more information, see Master GUI.


NETWORK

How can I verify that the SEP sesam Server has full access to a specific client?

Even if you can reach a client from the SEP sesam Server with nslookup and ping over DNS names, it is still possible that the SEP sesam Server cannot connect to the client. In this case, check the availability of the client from the SEP sesam Server with the following command:

For Linux/UNIX client:

sm_ctrlc -l root {nameofclient} sbc
sm_ssh -l root {nameofclient} sbc

For Windows client:

sm_ctrlc -l system {nameofclient} sbc
sm_ssh -l system {nameofclient} sbc

The output should be similar to the following standard output of the sbc command (example for a Linux client):

  smsrv:~ # sm_ctrlc -l root dbsrv.local sbc
2016-11-22 13:11:44: sbc-3036: Info:     # @(#)SESAM BACKUP CLIENT FOR UNIX FILE SYSTEMS, VERSION: 4.4R3 Build: 3ed0977 20161122 11:34:51 Linux x86_64 sles11fix #
2016-11-22 13:11:44: sbc-3162: Info:     Client Host name: buildfix11
2016-11-22 13:11:44: sbc-3253: Info:     Sesam version: [server,4.4.3.24,20161122114206]
2016-11-22 13:11:44: sbc-3257: Info:     Sesam package: [sesam_srv-4.4.3-24_pg.sles11.x86_64.rpm]
2016-11-22 13:11:44: sbc-3019: Info:     OS info:          SUSE Linux Enterprise Server 11 (x86_64)
2016-11-22 13:11:44: sbc-3000: Info:

usage:
 sbc -b|r|g|p|k|h   [-C <control_host>] [-d <device>] [-f <list_source>]
          [-F <data_format>] [-i <saveset_info>] [-j <job_name>]
          [-l <level>] [-L <control_target>] [-n <segment_number>]
          [-o {options}] [-O <STOR/RETR_direct>]
          [-R <restore_target>] [-s <saveset_spec>][-S <storage_node>]
          [-t <tape_spec>] [-T <since_time>][-x <exclude_patterns>]
          [-X <exclude list>] [-v <level>] [-V <throughput_interval>]
# Backup  #   [<backup_source1>[ <backup_source2> <backup_sourceN>]] |
# Restore #   [<restore_source1>[ <restore_source2> <restore_sourceN>]] |
# Get     #   [<remote_file> [<local_file>]] |
# Put     #   [<local_file> [<remote_file>]]
{options}: comma separated list of
                     compress, encrypt[_plain]=[{aes}|{bf}]<passwd>
                     noacl                 # process without ACL (Trustees)
 only for backup:    verify                # verify data after backup
                     plain                 # do not descend into subdirectories
                     hard=defer            # defer hardlinks
                     hard=sort             # expect i-node sorted input
                     ignore_finder         # ignore errors from sbc_find
 only for restore:   rename, overwrite     # rename/overwrite if file exists
                     over=new, over=old    # overwrites newer/older files
                     plain, tree           # restore plain/tree in target dir
                     next                  # start from subsequent tape
2016-11-22 13:11:44: sbc-3001: Info:     Exiting.

When a network problem occurs, the output may look like:

  2016-10-26 13:25:59: scc-1128: Error: Network communication problem: STDLIB
  error: 110 - Connection timed out. connect() call failed for host:
  [dbsrv.sep.de].

Or a connection from SEP sesam Server to the SEP sesam Client may be forbidden:

  2016-10-26 13:28:29: scc-1128: Error: Network communication problem: CTRLD
  reply: 2016-10-26 13:37:55: scd-1136: Error: Host [smsrv.local] is not
  allowed to connect or security problem for user: [root].

Which are SEP sesam default TCP ports?

SEP sesam client-server communication requires certain TCP ports to be open to enable SEP sesam components to communicate with each other through a firewall. The required ports may be SEP sesam version-specific; as of version ≥ 4.4.3 Beefalo, SEP sesam uses fewer ports than in the previous versions. For the complete list of SEP sesam ports and their configuration, see List of Ports Used by SEP sesam.

Why do I get the error: "Network communication problem: SOCKET error: 10038 – The descriptor is not a socket" when I try to connect to a client?

The Layered Service Provider (LSP) chain is defective or damaged. The cause can be an antivirus program or a virus. Another option is that the DLLs were switched during installation or uninstallation. This results in sub-processes not being able to inherit/open your socket handles.

In the following example, the SEP sesam CTRL connection takes the SM_CTRLD_MAIN daemon call from SM_CTRLC, opens the necessary sockets and passes them onto the newly created sub-process SM_CTRLD. Due to the defective LSP, the sockets cannot use this information and return the following error during an operation such as setsockopt():

10038 – The descriptor is not a socket.

Use the following free tools on the SEP sesam Client:

  • lspfix.exe – identifies blocked DLLs, for example, bmnet.dll and removes them
  • listdlls.exe – checks the chain of DLLs (alternatively use sm_list -f {PID of SM_CTRLD_MAIN)

Corrective measures:

  1. Check if the Layered Service Provider (LSP) links with lspfix.
  2. Check the sm_ctrld[_main].exe indirectly used DLLs with listdlls.
  3. Remove the conflicting DLL with lspfix.

An example of a correct listdlls for an environment:

      #> listdlls.exe sm_ctrld
      D:\kit\su\src\gui>listdlls sm_ctrld
      .
      ListDLLs v2.25 - DLL lister for Win9x/NT
      Copyright (C) 1997-2004 Mark Russinovich
      Sysinternals
      ------------------------------------------------------------------------------
      sm_ctrld_main.exe pid: 4872
      Command line: D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe -D
      .
      Base Size Version Path
      0x00400000 0x23000
      D:\programme\SEPsesam\bin\sesam\sm_ctrld_main.exe
      0x7c910000 0xb7000 5.01.2600.2180 D:\WINDOWS\system32\ntdll.dll
      0x7c800000 0x106000 5.01.2600.2945 D:\WINDOWS\system32\kernel32.dll
      0x71a10000 0x17000 5.01.2600.2180 D:\WINDOWS\system32\WS2_32.dll
      0x77be0000 0x58000 7.00.2600.2180 D:\WINDOWS\system32\msvcrt.dll
      0x71a00000 0x8000 5.01.2600.2180 D:\WINDOWS\system32\WS2HELP.dll
      0x77da0000 0xaa000 5.01.2600.2180 D:\WINDOWS\system32\ADVAPI32.dll
      0x77e50000 0x91000 5.01.2600.2180 D:\WINDOWS\system32\RPCRT4.dll
      0x719b0000 0x40000 5.01.2600.2180 D:\WINDOWS\system32\mswsock.dll
      0x66710000 0x59000 5.01.2600.2180 D:\WINDOWS\system32\hnetcfg.dll
      0x77ef0000 0x47000 5.01.2600.3099 D:\WINDOWS\system32\GDI32.dll
      0x7e360000 0x90000 5.01.2600.3099 D:\WINDOWS\system32\USER32.dll
      0x719f0000 0x8000 5.01.2600.2180 D:\WINDOWS\System32\wshtcpip.dll

After removing the defective DLL, the socket can be inherited by the sub-process SM_CTRLD.

Why is the throughput for local backups very low?

In some Linux systems, e.g., SLES12, the local loopback device lo is often configured with MTU (Maximum Transmission Unit) size 65536 (64K). This may decrease the local transfer throughput because the MTU size is equal to the transfer buffer size used in SEP sesam.

To check and modify the MTU size for local loopback, proceed as follows:

  1. To check the local loopback MTU size: ifconfig lo
  2. To set the MTU size to 16K: ifconfig lo mtu 16384
  3. Add or change MTU='16384' in /etc/sysconfig/network/ifcfg-lo for SLES12

Example:

 srv1:/ # ifconfig lo
lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:61869492 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61869492 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1
          RX bytes:5001500685 (4769.8 Mb)  TX bytes:5001500685 (4769.8 Mb)
 srv1:/ # ifconfig lo mtu 16384
 srv1:/ # grep MTU ifcfg-lo /etc/sysconfig/network/ifcfg-lo
 srv1:/ # echo MTU=16384 >> /etc/sysconfig/network/ifcfg-lo

For more information, see SUSE blog: Network, CPU Tuning and Optimization and nixCraft article Linux MTU Change Size.


SECURITY

Is SEP Sesam vulnerable to the LOG4J security issue?

Apache Log4j2 (issue CVE-2021-44228) has a remote code execution vulnerability that allows hackers to take control of a system. This means that the vulnerability can be exploited remotely over a network without requiring any authentication (no username and password). How does this affect SEP sesam?

Current research shows that SEP Sesam is not vulnerable to security issue CVE-2021-44228. SEP sesam uses the SLF4J logging library, which means that the Java components shipped with SEP Sesam (Si3, Si3-NG, UI/CLI) do not have direct dependencies for the Log4j module. Consequently, the vulnerable Log4j core module is not shipped with a SEP sesam installation. For more details, see SEP sesam and CVE-2021-44228.


SEP SESAM SPECIFIC

What is SEP sesam Newday?

SEP sesam Newday is a predefined SEP sesam daily event that resets the backup event calendar and is managed by SEPuler. A Newday event is used by SEP sesam to reorder its database and enable the uninterrupted activity of SEP sesam processes, therefore it must never be completely deactivated or it will cause SEP sesam to stop working properly. It also gives system administrators the flexibility to extend backup routines to run after midnight and retain the backup date of the prior day. This is very useful when the clients requiring backup exceed the time allotment between the end of the day and midnight. For details, see Newday Event.

Is there an overview of SEP sesam services?

There are different services depending on whether you are dealing with a SEP sesam Server, a SEP sesam Client or a SEP sesam Remote Device Server (RDS).

The services can be found in the SEP sesam installation directory <SESAM_ROOT>/bin/sesam. To check the status of the services, use the following commands:

Linux/UNIX

./sm_main status

Windows

sm_main status

SEP sesam Server services

sm_qm_main   SEP sesam main processes, provides also the qm service
sepuler      SEP sesam event calendar to control all tasks
db           SEP sesam database services
qm           Queue manager, administers backups, restores and devices
rmi          server part of the graphical user interface (GUI)
sms          read/write of SEP sesam media
stpd         linking protocol from the SEP sesam Client to the SEP sesam Server
passd        security administration for SEP sesam
ctrl         linking protocol from the SEP sesam Server to the SEP sesam Client
sshd         secure linking protocol from the SEP sesam Server to the SEP sesam Client

SEP sesam Client services

sm_qm_main    SEP sesam main processes
ctrl          linking protocol from the SEP sesam Server to the SEP sesam Client
sshd          secure linking protocol from the SEP sesam Server to the SEP sesam Client

SEP sesam RDS services

sm_qm_main  SEP sesam main processes
ctrl        linking protocol from the SEP sesam Server to the SEP sesam Client
sms         read/write of SEP sesam media
stpd        linking protocol from the SEP sesam Client to the SEP sesam Server
passd       security administration for SEP sesam
sshd        secure linking protocol from the SEP sesam Server to the SEP sesam Client

In Backups by state, what do the flags in the column Level mean?

The first letter shows the backup level/type:

(G)F/D/I/C: Backup level (full, differential, incremental, copy); with the prefix G in case of a group backup 
N:        SEP sesam Newday
S:        SEP sesam startup
X:        SEP sesam command event

The second letter is used when a database backup is performed. It has no significance for the regular Path backups.

H:  Hot - online backup of a database
C:  Cold - offline backup of a database

Backups by state levels.jpg

What happens when I set a profile?

By setting a profile:

  • the <SESAM_ROOT>/bin and <SESAM_ROOT>/var/db/ directories (and their subdirectories) are added to the "$PATH" environment variable so that SEP sesam commands can be executed globally,
  • you do not need to be in the actual run directory.

To set a profile, depending on your operating system, proceed as follows:

On Linux/UNIX

Go to the directory <SESAM_VAR>/var/ini and call:

. sesam2000.profile

Do not forget the dot and the space at the beginning!

Alternatively, use:

source sesam2000.profile
Information sign.png Note
This sets the profile only for the current session. To set it permanently under Linux, see How do I configure SEP sesam profile to run automatically during login?

On Windows

Open a command window, then go to the directory <SESAM_ROOT>\var\ini and call:

sm_prof.bat

Alternatively, use the link <SESAM_ROOT>\var\ini\sm_prof.bat.lnk.

Why does the SEP sesam GUI create so many Java processes under Linux?

On some Linux systems, the threads created by the SEP sesam GUI are shown in the process table. These are not real processes but only threads. There is a large number of processes because Java creates threads for all objects with Listener functionality.

Why does SEP sesam Server use so much disk space on the local hard disk?

One of the essential advantages of SEP sesam is that not all information is filed in a database but, instead, in simple text files. The largest files are usually the *.lis files which contain information about the backup's unique files and are used by the restore wizard to select and restore unique files. *.lis files are stored in the following directories:

Linux/UNIX

/<SESAM_ROOT>/var/lis

Windows

C:\<SESAM_ROOT>\var\lis

You can compress the files as follows:

  1. Set the SEP sesam profile, as described in the section What happens when I set a profile?
  2. Use the sm_newday command to run file compression immediately. The files will be compressed directly by the Newday schedule. As predefined in the command, *.lis files are not compressed immediately but three days after they are created. This is because most restores are triggered within three days after a backup.

All *.lis files are converted into a compressed file format and are uncompressed by SEP sesam automatically whenever necessary.

How to protect SEP sesam environment from malware attacks?

Since malware attacks (e.g. ransomware) can be devastating for organizations, it is recommended to apply best practices for SEP sesam Server or RDS in addition to regular system updates, storing backups on a separate device, protecting personal data, etc. For details, see Ransomware Protection Best Practices.


BACKUP (general overview)

Which backup strategy is recommended to implement with SEP sesam?

You can implement various backup strategies with SEP sesam, such as the 3-2-1 backup strategy and its variations, the GFS backup rotation strategy, and the D2D2T strategy. However, it is recommended to keep backup copies both locally and externally (on tape, hard disk, in the cloud, etc.) to quickly and seamlessly recover lost data and ensure business continuity when all preventive measures fail. Before implementing the backup strategy, ensure that you select the one that is appropriate for your unique business needs. For details, see Backup Strategy Best Practices.

Is data that is collected for backup stored in a flat file or a database?

Data is stored in a flat file, but information about the backup is stored in the SEP sesam database, including index pointers for fast and easy data recovery.

Does SEP sesam back up open files?

Yes, SEP sesam can back up open files on both Linux and Windows systems as regular Path backups.

On Windows, open files can be backed up using SEP sesam Volume Shadow Copy Service (VSS). To perform an open file backup, a Windows snapshot is made of the data and partition intended for backup and the partition is backed up. Databases should only be backed up using the relevant SEP sesam database module, see SEP sesam Extensions. For details on VSS, see SEP sesam Volume Shadow Copy Service (VSS) for Windows.

Does SEP sesam perform incremental backups after the initial backup?

Depending on your backup strategy, SEP sesam can be set to perform any backup level in the desired sequence.

The following backup levels are available:

A FULL backup always copies all data specified by the backup task, regardless of whether it has been changed or not. A saveset created as FULL is the basic saveset for subsequent DIFF or INCR savesets. While the backup time of a full backup can be significant, restore is fast and simple since only one backup saveset is required. Information about the backup status is stored in the SEP sesam database. Note that the archive bits are not deleted on Windows systems. If you want to force-reset of the archive bits, you can enter the command -o clear_archive in the backup options.

A DIFF (differential) backup saves only data which was created or changed after the last FULL saveset had been created (of the same task). A differential backup is faster than a full backup, however, to restore the whole data source, first the saveset of the full backup has to be restored followed by restore of the DIFF saveset. For this, SEP sesam provides generation restore that enables browsing for and selecting for restore all generations of backed up files since the last full backup.

An INCR (incremental) backup saves only data which was created or changed after the last backup (FULL, DIFF or INCR) of the same task. This is the fastest backup method and requires the least storage space. Restoring from incremental backups is the slowest, because it requires all related savesets to be copied back – the saveset of the last full backup as well as all INC backups. You should consider the advantages of time and resources when planning your backup strategy. A combination of FULL backups stored to tape drives, and DIFF or INC backups stored to virtual disk media is a common method.

A COPY backup is a full backup that has no influence on following differential (DIFF) or incremental (INCR) backups. For the treatment of archive bits, see FULL backup above. COPY backup is usually used for additional full backups, e.g., monthly backups, or backups for archiving, i.e. removal from storage.

Information sign.png Note
In case no initial FULL backup exists, differential (DIFF) or incremental (INCR) backups are automatically performed as FULL backups.

Are backups performed directly to disk or tape? How about cloud backup?

Backups can be written directly to different backup media such as disk, tape and cloud. The ability to move data between physical servers, virtual machines, and the cloud is a key for a successful backup strategy. All backup functions are written and/or controlled by the server and may be written directly to the backup disk, tape, remote tape server, or cloud.

  • SEP sesam supports disk-to-disk-to-tape (D2D2T) functionality and can also write directly from the backup tape to the server. It supports virtual tape libraries on disk with a pseudo autoloader function as well as removable disk media.
  • SEP cloud backup and recovery enables you to back up and replicate physical and virtual data to the cloud without having to build offsite infrastructure. For details, see S3 Cloud, HPE StoreOnce, Si3 Deduplication and Si3 Replication.

When several users save the same file on separate clients, does SEP sesam back up all the files?

For example, if members of a work group save the same file to their respective desktops, does SEP sesam make separate copies of the file or a single file with pointers to the changes?

Typically, SEP sesam stores separate files for each user, unless you are using the SEP Si3 target deduplication. With SEP Si3 target deduplication only one instance of the same data is stored directly on backup media. Si3 deduplication can be easily configured, but it also requires a special license. For explanation, see SEP Si3 target deduplication and SEP sesam extensions.

How to set up an Si3 deduplication store for replication?

Information sign.png Note
The Initial Seed feature does not work in v. 5.0.0 Jaglion, but you can use it in earlier SEP sesam versions. Note that SEP is working on this issue and will provide a fix as soon as possible.

The easiest way is to use the initial seed functionality – you can import the preconfigured Si3 deduplication store and use it for replication. When replicating from origin to new Si3 store, the savesets on the new Si3 deduplication store are identified and the content of the new Si3 store is updated in the SEP sesam database. For details, see Seeding Si3 Deduplication Store.

How are archive bits processed?

On Windows, archive bits are used for full and copy backups. The archive bits are treated the same for both backup levels.

Note that the archive bits are not deleted on Windows systems. If you want to force-reset of the archive bits, you can enter the following command in the backup task properties (Options tab -> Backup options field):

-o clear_archive

You can also add the files with the Archive ready attribute as follows:

-o add_archive_ready

To set the use of archive bits, proceed as follows:

sql "update defaults set value= 'yes' where key= 'with_archive_bit'"

Can I back up MS SQL/MS Exchange with the Volume Shadow Copy (VSS) functionality of Microsoft Windows?

Yes, the VSS functionality can be used to back up MS SQL or MS Exchange environments, but it is only recommended for small installations.

There are two strategies for consistently backing up a running MS Exchange or MS SQL environment:

  1. Using the SEP sesam online extensions for MS Exchange or MS SQL. For details, see MS Exchange Backup and MS SQL Backup.
  2. A regular file system path backup with the activated VSS writer for MS Exchange or MS SQL. For details, see SEP sesam Volume Shadow Copy Service (VSS) for Windows.
Information sign.png Note
The backup of MS Exchange or MS SQL environments via VSS is a viable option to get a consistent backup of the running environment as long as the data volume is not too large. It is an alternative for small environments with 1-5 users. However, in critical productive environments you should use the SEP sesam online extensions for MS Exchange/MS SQL to ensure consistent backup and restore.

SEP sesam online extensions

  • Dedicated backup of Groupware data/database data, independent of the files in the file system.
  • Available are FULL, DIFF (differential) and INCR (incremental) backup levels.
  • Provide granular backup of single databases and database instances.
  • Backup of the transaction log – other systems accessing the database are aware that a backup is performed.
  • Restore of the database/Groupware data only (without files from the file system).
  • Provide granular restore of single instances and databases. In a restore scenario, there is no need to restore the complete database – this is beneficial for larger databases/Groupware systems.
  • Perform online restore.

Backup via the Microsoft VSS Writer

  • The Volume Shadow Copy (VSS) functionality of Microsoft Windows is included in the regular SEP sesam file backup agent for Microsoft Windows. It also supports the VSS backup of MS Exchange and MS SQL.
  • A VSS-based backup of a database/Groupware system is always a file system backup. If the file backup agent starts backing up a file system with a MS SQL/MS Exchange database, the VSS functionality is used to inform the database about the backup. The database/Groupware system delivers the data consistently.
  • A VSS backup of a database/Groupware system always backs up all of the data. Incremental or differential backups are not supported and the backup of single databases or single instances is also not supported.
  • A database-only restore cannot be performed because the database/Groupware system is part of the complete file system backup, therefore the complete file system backup must be restored in order to restore the database.
  • Restore of single instances or single databases is not supported.
  • The transaction log file is not backed up – other applications are not informed about the backup of the database.

To enable a consistent restore in distributed environments, the different components must be informed if a backup of one of the systems is performed. For example, in a SharePoint Server environment, the database and mail server run on different servers. A VSS backup of a single server will result in an inconsistent restore. In this case, only the backup with the SEP sesam dedicated online extension can guarantee consistent data.

What is the difference between a GroupWise backup with the SEP sesam online extension and one without the extension on an OES Server?

There are two ways to back up a Micro Focus (formerly Novell) GroupWise Server with SEP sesam. You can use the SEP sesam GroupWise extension or the administrator can perform a TSA based file-level backup of the GroupWise Server.

In general, the backup of a GroupWise Server is always performed via TSA interface, either via tsafsgw or tsafs (gw-enabled). There is no difference between the two backup options. The difference is in the management of the backup and restore jobs.

For details on SEP sesam backup in a Micro Focus (formerly Novell) NetWare/OES environment, see Backup principles using SEP sesam in a Micro Focus OES environment.

For file-based backup and restore, you will need qualified knowledge of the GroupWise environment and the management of GroupWise systems. With the SEP sesam GroupWise online extension, the backup and – more importantly – restore of GroupWise systems can be performed by an administrator without any knowledge of the GroupWise environment.

Backup with SEP sesam GroupWise extension

When a new backup job is being defined for a client, the SEP sesam extension automatically recognizes that GroupWise is running on the client and offers the administrator a GroupWise backup. The administrator does not need to know where the GroupWise data is stored or which files are to be backed up.

The backup is started as a GroupWise backup process and is clearly identified as such. The SEP sesam Server recognizes that this is a GroupWise backup and not a normal file backup. This makes management and problem location (in the event of a problem) much easier. Technically, it is only a file backup but the SEP sesam agent ensures that the right files are backed up from the right directories.

The scenario for a restore is similar. The SEP sesam GroupWise extension recognizes the backup (technically a file backup) and is aware that all the files belong together to a GroupWise system. The SEP agent then restores all the relevant files to the GroupWise restore area on the GroupWise Server. Based on the data in the GroupWise restore area, GroupWise can start a recovery process to restore the data (mail or mailboxes). The administrator does not need to know which files need to be restored or where they should be restored to.

Backup without SEP sesam GroupWise extension

Backing up a GroupWise system without the SEP sesam GroupWise extension is performed much like a regular file backup. GroupWise is shown as a regular NSS volume in the file system with its volume name. The administrator needs to know:

  • which is the GroupWise volume
  • which files within the volume need to be backed up

The backup process itself starts as a file backup process. For the restore, the administrator needs to know:

  • which files need to be restored
  • the location of the GroupWise restore directory


BACKUP CONFIGURATION

How do I set up UNC path backup from a CIFS share?

This example assumes that the SEP sesam Server or Client is installed on a Windows system. Not all rights of the backed up files and ACLs are considered. For a NetApp CIFS share backup, see NetApp CIFS Backup.

Services on Windows (and therefore the SEP sesam processes) usually run under the special SYSTEM account. This account has all local access rights, but due to security reasons no access rights for non-local or network drives.

To access the network drives (CIFS share), you have to adjust the following settings:

  • For SEP sesam Client to which the backup task is assigned, the SEP sesam service should run under an administrator account with full read and write privileges for the network drive (services.msc -> SEP sesam Server -> log in as administrator).
  • Share the network drive without a requirement to log in. Check the access to the CIFS share by opening the shared path on the SEP sesam Server in Windows Explorer. If the content of the share is displayed without a user and password request, the UNC path can be used as a source for the backup task.

To configure the UNC backup, in the SEP sesam GUI specify the source path using UNC notation, e.g.:

\\servername\sharename\filepath

You can also exclude a UNC directory in the Exclude list field. The excluded UNC path in this example is \\servername\sharename\subfolder1\subfolder2.

  • UNC path exclude syntax using / (slash) is: //servername/sharename/subfolder1/subfolder2.
  • UNC path exclude syntax using \ (backslash) is: \\\\servername\\\sharename\\\subfolder1\\\subfolder2.
Information sign.png Note
When backing up the UNC paths, disable the option Backup with VSS. You can only specify one UNC path for each backup task.

Testing with the command line

As described above, you have to run the SEP sesam service under an administrator account. In the command line, enter the following command for backup:

C:\Program Files\SEPsesam\bin\gui>sm_ctrlc -l system rmpc1(host name of the system) sbc -b -s @test.save
-v 2 \\fileserver\pub\customers

For restore, enter:

C:\Program Files\SEPsesam\bin\gui>sm_ctrlc -l system rmpc1(hostname of the system) sbc -r -s @test.save
-v 2 -R \\fileserver\pub\customers_restore

This saves the files from \pub\customers to the file (saveset) test.save, i.e., it restores them from the saveset test.save to the folder \pub\customers_restore.

For more details, see also How to use CIFS share (NAS) as data store and how to back up data from CIFS share.

How can I configure a backup using another network or interface?

You must first establish an IP address for the new interface. The IP address is then entered to the properties table of the SEP sesam RDS in the SEP sesam GUI under Components -> Topology -> Clients -> Interfaces field. For details, see Configuring Clients.

In the backup event properties, you have to select the IP name under the Parameter tab -> Interface. For example, the computer testme has a second interface module with the name testmeb. From Main Selection -> Scheduling -> Schedules -> double-click the backup event to open its properties and select testmeb in the Interface field.

How do I get backups to ignore archive bits and use creation/modification time?

Archive bits are used for full and copy backups.

To set the use of creation/modification time for full backups, go to the <SESAM_ROOT>/bin/sesam directory and call:

sm_db "INSERT INTO defaults (key,user_name,value) VALUES ('with_archive_bit','sesam','no');"

The full backups are executed without consideration of the archive bits.

Optionally, you can reset the archive bits of the backed up files by entering the following command in the backup task properties (Options tab -> Backup options field):

-o clear_archive

How do I set up a backup to disk?

SEP sesam uses a data store to back up data directly on one or several configured storage locations. The default data store type is Path, also available are SEP Si3 deduplication store and (depending on version) NetApp Snap Store, HPE StoreOnce and HPE Cloud Bank Store.

The data stores are easily configured. Note that the prerequisites differ depending on the selected data store type. For details, see Data Store Overview.

How do I perform a file backup of a Linux/Windows cluster?

To perform a file backup of a Linux/Windows cluster, proceed as follows:

  1. Depending on your operating system, install the SEP sesam Client on each physical node, as described in SEP sesam Quick Install Guide.
  2. Make sure that the DNS names of every node and every resource of the cluster are correctly resolved (forward and reverse DNS lookup). For details, see How to check DNS configuration.
  3. Add each physical node and each cluster resource as a client to the SEP sesam environment, as described in Configuring Clients.
  4. After the clients have been successfully configured, create separate backup tasks for each cluster resource in the SEP sesam GUI. During backup, the data is automatically transferred from the active node. For step-by-step procedure, see Standard Backup Procedure.

How do I include a large number of files/folders for backup?

If you want to include several directories or files in the backup (or exceed the character count limit of the Source field with the allowed length of 1024 characters), you can create a text file on the client on which the backup will be executed.

In this file, list all the paths that you want to include as backup source. Each file or directory that you want to include in backup must be specified on a separate line (one entry per line).

/lib
/usr/share
/usr/bin/a2ps
/srv/Dos6.22.img
/var/opt/sesam/var/ini

Then enter the backup option >tt>-f <list_source> in the backup task properties -> tab Options -> Backup options field, for example:

-f C:/sesam/backup_file_list.txt

The SEP sesam Server reads this file during backup and stores the additional files and directories listed in the source directories.

Information sign.png Note
An include list, introduced by the -f option, behaves differently on different platforms.

On Windows

The -f <list_source> option overrides the backup source specified in the backup task. For example, creating a backup task with source g:\x and specifying the SBC option -f C:/sesam/backup_file_list.txt will back up only the data from the backup_file_list.txt while ignoring the directory g:\x, which was specified as the backup source.

On Linux:

Both, the source and the data from the backup_file_list.txt are considered for backup. At least one item must be entered in the Source field. It is therefore recommended that the specified <list_source> file is specified as the source in the Source field (to be included in the backup set, for example, etc/sesam/backup_file_list.txt) and entered again with a -f switch in the Backup options field: -f C:/sesam/backup_file_list.txt.

SEP Tip.png Tip
On the Linux client, you can also use the exclude list as an include list by converting the exclude to an include filter using the + (plus) sign at the beginning of a pattern. For more information, see Advanced Backup and Restore Options.

How can I exclude a directory from a backup?

You can permanently exclude a directory from all backups on the client by creating a special (nosbc) file in the directory itself, see Creating a special file nosbc to permanently exclude a directory.

This is just one of the options that SEP sesam provides for for specifying exclusions. In the following list you will find different options for configuring exclusions:

How can I specify a longer exclude lists?

You can create a separate file with excludes when the number of files or directories to be excluded for backup exceeds the allowed length for exclusion (max. 1024 characters). Such a custom exclude list takes precedence over any exclude list specified in the GUI (the latter is ignored if both are specified).

The exclude list is a text file created on the client on which the backup will be executed. For details, see Create a custom exclude list.

Once you have created the exclude file, for example, exclude_list.txt, enter it in the backup task properties -> Options tab -> Backup options field as follows:

-X C:/sesam/exclude_list.txt

The syntax for the exclude entries is platform/ OS and for regex exclude also SEP sesam version dependent, see Exclude with Regular Expressions. For details on custom exclude lists on Linux, Windows or Micro Focus OES, see Create a custom exclude list.

How can I set the SBC so that the exclude list always uses the file pattern (?,*) instead of regular expressions?

Exclude by using regular expressions is the default setting. To use the file pattern (?,*) instead of regexp, you have to modify the configuration file <SESAM_VAR>/var/ini/sm.ini on the SEP sesam Client.

In the config file sm.ini, change the entry EXCLUDE_MATCH= REGEXP to EXCLUDE_MATCH= PATTERN.

Can I exclude specific VSS writers from a backup?

Yes. For step-by-step procedure, see Manually excluding a VSS writer from backup.

How do I exclude files and folders during TSA-based backup?

You can simply exclude files and folders in the SEP sesam GUI by using the Exclude list field when creating a backup task (or in its properties), see Exclude list in the GUI. If you want to exclude several directories or files in the backup task, it can happen that the character count limit of the field (max. 1024 characters) is exceeded. In this case, use a text file to create a custom exclude list. For details, see Create a custom exclude list.

Which mode should I use for TSAFS backup of OES Micro Focus file systems?

The TSAFS should generally be loaded in Linux mode. Netware mode and Dual mode are only intended for mixed environments (backup of native Netware servers) or for a Micro Focus (previously Novell) cluster in mixed mode.

  • On cluster nodes of a pure Linux OES cluster, use the TSAFS ONLY in Linux mode.
  • On a mixed cluster (OES Netware and OES Linux nodes), the TSAFS must be loaded in Netware or Dual mode. For the backup of the cluster volumes, the Netware Cluster filesystem target must be used.

How can I set or modify a retention time for backup

When configuring the SEP sesam environment, you set up media pools and define the retention time. The retention time period starts with the date a saveset is written to the media (at the end time of the first backup) and thus defines the expiration date of the saveset (saveset EOL). The EOL property can be managed for three object types: Saveset EOL (the expiration date for each saveset), Backup EOL (the expiration date for all data that belongs to the same backup), and Media EOL (is the expiration date for tape media). If a saveset is part of a backup chain, its EOL follows the rules of dependency-based retention to retain the consistency of the backed up data and ensure successful restore.

However, you can check or modify the expiration date (EOL) manually by setting the exact expiration date. To do this, you can use the calendar function to extend or shorten the saveset/backup EOL under all media-related views, e.g., in the Media, Media Pools and Data Stores properties. You can also directly expire the saveset or backup by clicking the Expire -> Saveset EOL/Backup EOL button. You should only expire the saveset (individual EOL) or backup (EOL of the entire backup set) if you know what the Expire function does and are aware that expired savesets and backups are irrevocably lost! For details, see Changing Retention (EOL).


BACKUP ERRORS

How to deal with a failed backup

There are various causes why the backups fail, e.g., file-size issues, insufficient permissions, etc. When a backup fails check the day log and search for errors. Then identify the problem by following the basic troubleshooting procedure in the Troubleshooting Guide. After fixing the problem, restart your backup to ensure that all your data is properly protected.

Information sign.png Note
In case of a failed backup, SEP sesam will delete the backup automatically after 3 days. If you want to keep any failed backup for a longer time, you may manually extend the backup EOL of a particular saveset. For details, see section Manually extending EOL.

A client backup did not function properly. How can I determine where the problem is?

The following test commands should help you isolate the problem. You can run a test backup for the target client from a SEP sesam Server or Client without writing data to a tape drive or disk drive. Run the following commands in the directory <SESAM_ROOT>/bin/sesam/.

SEP Warning.png Attention
The following commands produce a high network load.

Backup server Unix, client Windows

sm_ctrlc -l system  {client name} sbc -b -s -  f:/test  >/dev/null

Data from the F:/ directory on Windows is written over the network to the directory /dev/null on Unix.

To display this, append -v 1 to the command above. Everything written to /dev/null will be displayed.

sm_ctrlc -l system  {client name}   sbc  -b -s  -  -v 1      f:/test  >/dev/null

Backup server Unix, client Unix

sm_ctrlc -l root  {client name}   sbc  -b -s -  /usr  >/dev/null

To display the read data:

sm_ctrlc -l root  {client name}   sbc  -b -s -  -v  1   /usr  >/dev/null

Backup server Windows, client Unix

sm_ctrlc -l root  {client name}   sbc  -b -s -             /usr    > NUL

With data logging backup:

sm_ctrlc -l root  {client name}   sbc  -b -s -  -v  1   /usr    > NUL

If the test backup should run on the target backup client only, execute the following command:

In the Unix directory <sesam>/bin/sesam/:

sbc -b -s  -  /usr   >/dev/null

In the Windows directory <SESAM_ROOT>\bin\sesam\:

sbc  -b -s  -  f:/test    > NUL

Enter -v 1 to display the backed up data.

Why do I receive the message: "Login incorrect. Password incorrect." during backup?

Check your name resolution (DNS or etc/hosts file). The SEP sesam Server and SEP sesam Client must be reachable with or without FQDN and should be able to resolve each other correctly, including the reverse lookup. In case you have changed an entry in your DNS configuration, but Windows still reports a wrong hostname/IP, try to run ipconfig /flushdns as administrator. If the resolution is correct, do the following:

  1. In the SEP sesam GUI, go to Main Selection -> Tasks -> By Clients, and select the client where the backup problem is.
  2. Open the properties of the backup, and click the tab Options.
  3. Insert -v 4 in the Backup options (previously Save options) field.
  4. Start the backup again. Then go to Main Selection -> Job State -> Backups, and double-click the backup to open its properties.
  5. Go to the Logging -> Day Log, and search for the line Login incorrect. Password incorrect., then correct the respective name resolution.

What should I do when a client backup fails with a WIN32 API error: "1450 - Not enough system resources to execute the requested service"?

The backup of a client may end with the following error message in the backup log:

sbc-1148: Error:   W2KSS Error: [WIN32 API error: 1450 - Not enough system resources to execute the requested service.
Cannot store registry key: [SOFTWARE]. RegSaveKey() call failed in BackupRegistry().].

This is caused by insufficient size of the registry/paged memory area. This problem affects SEP sesam as well as other backup tools, such as NTBackup. For the relevant approach for your Windows version, check a Microsoft article Backup program is unsuccessful when you back up a large system volume.

What does the warning "The system cannot find path. RegLoadKey()..." during System_State backup mean?

You may see the following output in NOT-Log:

C:\Program Files\SEPsesam\var\tmp\usr_wf_S-1-5-21-220523388-1123561945-839522115-1003].
2010-04-13 02:04:20: sbc-2074: Warning: W2KSS Warning: [WIN32 API error: 3 -
The system cannot find path. RegLoadKey() call failed for
file: [C:\Documents and Settings\nn\ntuser.dat] in BackupUserProfiles().].

There are inconsistencies in the OS configuration. The reason is that a user profile has been deleted but the user account still exists. The System_State backup is looking for files corresponding to the user in the file system but the files no longer exist.

To resolve the problem, delete the user in question or restore the profile date in the file system.

Check the following in your registry to see whether it still includes references to user names which no longer exist:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

Why is the Powershell script not executed on a target machine?

By default, Microsoft installs Windows Powershell with the permission set to Restricted. This setting only allows the execution of commands in Powershell, but no scripts.

This can be changed with the following command in Powershell:

Set-ExecutionPolicy RemoteSigned

For details, see Changing the Windows PowerShell Script Execution Policy.

Why does a Microsoft Windows backup via VSS stop with "[CVssBaseObject::CreateVssBackupComponents] - Access denied"?

SEP sesam is not allowed to create a snapshot with the current user. Check the user running the SEP sesam daemon and make sure that the user has all permissions to access the volume(s).

What does "Stream data length bigger than buffer can accept. Input buffer length = [65536], Stream data size = (High part)[0] (Low part)[65564]" mean?

SEP sesam uses 64 kB to back up Windows ACL files and folders and one object exceeds this buffer. You can use the Windows command icacls to display the ACL of a file or folder. The output looks like this:

 C:\>icacls "C:\Documents and Settings\LocalService\Local Settings\Temp"
 C:\Documents and Settings\LocalService\Local Settings\Temp NT AUTHORITY\LOCAL SERVICE:(I)(F)
                                                          NT AUTHORITY\LOCAL SERVICE:(I)(OI)(CI)(IO)(F)
                                                          NT AUTHORITY\SYSTEM:(I)(F)
                                                          NT AUTHORITY\SYSTEM:(I)(OI)(CI)(IO)(F)
                                                          BUILTIN\Administrators:(I)(F)
                                                          BUILTIN\Administrators:(I)(OI)(CI)(IO)(F)
 Successfully processed 1 files; Failed processing 0 files

If you get several hundred or thousand lines, there is something wrong with the ACL. You should reset the permissions of the file's respective folder by using the command:

 C:\>icacls "C:\Documents and Settings\LocalService\Local Settings\Temp" /reset

This command inherits the permissions of the parent object. You may have to adjust the permissions after running this command if manual settings have been applied for this object.


PERMISSIONS

Can users perform their own backup and restore?

Typically, users cannot back up their own computers, but it can be done by installing a SEP sesam Server license on the target client (the user's computer). This way, the user becomes the SEP sesam administrator of the respective client/server and can back up and restore the files on this computer.

Can the Master schedule be changed by a user?

Essentially, no. The most efficient method of handling this is for the user to convey his needs to the system administrator. Upon initial installation, the backup periods are established and entered into the Master GUI. This would be an appropriate time to have input from the users when any special backup and restore commands are required and have them administered centrally. If necessary, a SEP sesam Server license can be added.

The sesam Master GUI can be installed on the client but this would give the client/user all privileges. Another solution that requires greater overheads (more work on the part of the administrator) is to install a GUI with restricted privileges.

How do I get access to SEP sesam Server?

SEP sesam uses the authentication module to grant and restrict access to SEP sesam Server. You can connect to SEP sesam Server only if you are granted appropriate user permissions. Your user rights depend on the specified user type (admin, operator or restore). For details on how to configure authentication, see About Authentication and Authorization.


ENCRYPTION & COMPRESSION

What encryption types are available with SEP sesam?

SEP sesam provides data encryption types on different levels: backup-task encryption for savesets (set in the backup task), Si3 encryption for Si3 deduplication store, and hardware-based LTO encryption for LTO tape drives (generation 4 and higher), which is done on a media pool level. For every encryption you must create and store an encryption key.

How to encrypt an Si3 deduplication store?

You can encrypt an Si3 deduplication store by creating the deduplication security password file and specifying it in the relevant drive properties. If the encryption key is not available, the Si3 encrypted data cannot be read. For details, see Encrypting Si3 Deduplication Store.

When encryption is selected before transferring data to the server, does SEP sesam perform compression before encrypting the data?

Data encrypted by the system and transferred to the server will be compressed if stored to tape using the manufacturer's compression algorithms.

Where is the encryption key stored?

The encryption key is stored in the SEP sesam database. If the encryption key is changed, the subsequent task will be executed with the new key and the new key will be stored in the SEP sesam database.

A restore uses the stored encryption key.

How to set compression?

Compression for backup to virtual tape media

To activate compression for backing up to a Path data store, modify the file sms.ini under /var/opt/sesam/var/ini/ on the RDS. The Compresslevel option under the caption [SMS_Server] can be enabled with

Compresslevel=1

Note that Si3 deduplication store always uses compression for the deduplicated data.

Compression on tape drives

Compression is done by the drive itself. Use the SEP sesam tool slu to check whether compression is activated or deactivated.

  1. Display a list of attached SCSI devices.
  2. slu topology is a SEP sesam SCSI loader utility that provides information about the loaders and drives connected to the system and their relation. To be able to run the SEP sesam commands globally, you must first set up a profile as described in FAQ: What happens when I set a profile?
    Then run slu topology to list all attached SCSI devices as follows: <SESAM_BIN>/sesam/slu topology For details on the output, see Using slu topology for detecting devices.
  3. Check the tape drive settings:
  4. [root@sinus sesam]# ./slu 0020 -s Tape Info Read Attribute not supported internal_status_byte= 0x0 buffered_mode= 1 block_length= 0 (variable) media_type= unknown (0) write_protect= 0 density_code= 44 compression= 1 STATUS= SUCCESS MSG= "OK" If compression is set to 1, drive compression is active. Setting the compression can also be done with slu or alternatively with the Linux tool mt.
  5. Activate compression:
  6. [root@sinus sesam]# slu 0020 -c 1 DCE= 1 DATA COMPRESSION ENABLE:1 TRY MODE SELECT (6) SET COMPRESSION DCE compression= 1 DONE MODE SELECT (6) SET COMPRESSION DCE STATUS= SUCCESS MSG= "OK" On Windows systems, check if the compression is enabled in the Device Options. When performing a check, make sure that the tape is in the drive. Tape-compression.jpg


RESTORE

Is it possible to restore only single files if the SEP sesam listing file is no longer available?

Yes. In order to do this, enter the file patterns into the restore wizard. Follow Standard Restore Procedure and select the desired saveset and then the option Complete restore.

In the Target Settings dialog, click the Expert Options button to open the Expert Options window. Click the Filter tab and enter the file patterns. Separate each entered pattern with a space. Only files which fit into specified pattern will be restored. All others are ignored.

Examples:

 /*.xls            restores all files with the ending .xls
 /*/X11/XF86*      restores all files from the directory /X11 which start with XF86
 /*.ini /*.conf    restores all files which end on .ini or .conf
Information sign.png Note
You must use the slash (/) when writing the pattern.

How do I use the selective restore commands?

To perform a selective restore in the command line, proceed as follows:

  1. Create a new directory root in the <SESAM_ROOT>\var\work directory.
  2. Obtain the .sgm and .lis files from the backup.
  3. Set the SEP sesam profile. In the root directory, create a text file with the name selected.txt and extract the desired lines from the .lis file, for example:
  4. "C :/WINDOWS/system32/config/AppEvent.Evt" f 8.10.2019 13:26:54 8.8.2020 15:56:07 1 4096 540672
  5. In the command line of the SEP sesam Server, enter:
  6. sm_restore -s SC20050809155617 -R c:/temp -v 1 -l s -c client -d 1 -V

Parameters:

 -j    Original task name of the backup job
 -s    The saveset name of the backup job must be entered. You can find this in the .sel file from the restore job.
 -R    Restore target (do not forget the slash /)
 -l    The s is used for selective restore
 -S    The hostname of the SEP sesam Servers
 -v 1  Increase the log level
 -V    Suppress output to the background
 -c    Hostname of the client to be restored
 -d    Disk drive entry of the drive where the SEP sesam media is kept, for example, 1.

How do I restore all the data from tape media without the SEP sesam DB?

To restore data without a current license from SEP sesam, follow the restore procedure described below (SESAM DB restore):

  1. Go to the <SESAM_ROOT>/bin/sesam directory and run the program sm_recover. In the first response, all known devices currently active on the system will be displayed. You can choose one of these drives.
  2. azurix:~ # sm_recover num device name typ 1 disk1 Drive-1 DISK_HARD 2 /dev/nst0 Drive-2 DLT Enter drive number, (r) to repeat list, (q) to quit
  3. By entering 2, sm_recover will look for the desired data on the physical tape drive. You have to answer the following question with yes (y) if no other backups or restores are active:
  4. Analyse media: restore data or listings of savesets
  5. Restoring the data while SEP sesam is active may cause conflicts due to concurrently running tasks on the drive. If you are sure that there are no activities scheduled during recovery, you do not need to block SEP sesam. Blocking SEP sesam during recovery prevents the execution of backup activities scheduled for the other devices.
  6. Do you want to block SEP sesam ? (y|n] >
  7. Confirm by typing y (yes).
  8. wait until SEPuler - the timecontrol of SEP sesam - finishes its current work ... SEPuler is blocked ...
  9. The following question should be answered with no (n) unless you wish the data search to continue with a desired filter.
  10. Do you wish to enter label, saveset-name and segment-number directly (no searching on media) (y/n) > n You will be notified that the tape is rewinding. The tape will now rewind and scanned to the end EOT...
  11. You may now choose the desired savesets. By entering the saveset number, you can insert further instructions to restore the data. After finishing, restart all SEP sesam services.

How do I restore all the data from a disk/data store media without the SEP sesam DB?

Depending on your operating system, proceed as follows:

On Windows:

sbc.exe -r -S $SERVER_HOSTAME -s @SF.....data -v 1 -R c:\target\

On Linux:

sbc -r -S $SERVER_HOSTAME -s @SF.....data -v 1 -R /target/

How can I restore a backup that has errors? The backup log file reported that the backup was partially successful.

If a backup has failed but some or most of the data was backed up, you can update the SEP sesam database manually to show the backup in the restore wizard.

First, the saveset ID is required. You can find it in the SEP sesam GUI under Main Selection -> Job State -> Backups -> double-click a failed backup (State Error) to open its properties -> check the saveset ID in the first field (Saveset).

Proceed as follows:

  1. Set a SEP sesam profile.
  2. Modify the entry in the DB.
  3. Proceed as follows using the command line:
  4. sm_db "update results set state= '1',blocks= 1 where saveset= 'SC20060101121314'"

Afterwards, the saveset for this backup should be shown in green on the status display and appear in the GUI restore wizard. Nevertheless, you should still verify whether the data was backed up successfully.

Why don't the data lists appear in the restore wizard?

If the data lists don't appear in the restore wizard, verify whether the CTRLD switch permission is set to <on>, and if not, activate it.

How do I avoid the problem "553 RETR Failed. Data Synchronization lost - Restore terminating"?

Linux/UNIX data is stored in cpio saveset which is checked during the restore to ensure that the cpio format is correct. If a format error is detected, the restore is aborted and ends with

'BSA Call BSAEndData (closing saveset) failed: System detected error, operation aborted.
TRANSIENT or PERMANENT NEGATIVE reply: 553 RETR Failed. Data Synchronization lost - Restore terminating'

The following settings allow you to avoid a premature termination of the restore.

Avoid the current restore task

You can use the sbc option '-F none' by using GUI or web Restore assistant.

  • Enter this option in the GUI restore wizard (Target Settings dialog -> Expert Options -> Options tab -> Restore options). For details, see GUI Expert options.
  • Use the web Restore Assistant (Advanced restore options -> Options for restore). For details, see Restore Assistant.

Avoid all further cpio restores on the RDS

Set the SEP sesam GLBV restore_no_abort at the RDS with 'sm_glbv w restore_no_abort yes'. If the suspicious (non-cpio) bytes lead to further problems, they can be skipped with 'sm_glbv w restore_no_junk yes'.

How can I restore Active Directory sub-trees in a clustered environment?

You can restore the Active Direcory sub-trees as follows:

  1. Boot into Directory Services Restore Mode. This ensures that the directory is offline. In order to do this during the normal boot menu while restarting the computer, press F8 when the message "For troubleshooting and advanced startup options for Microsoft Windows, press F8" appears at the bottom of the screen. After pressing F8, select Directory Services Restore Mode from the Safe Mode and Other Startup Options list.
  2. Restore the System_State backup by using the SEP sesam GUI, see Restoring System State.
  3. To authoritatively restore the Active Directory data, you need to run the ntdsutil utility. See the following example (sub-tree organizational unit Marketing in the domain Anitpodes.com):
  4. #> ntdsutil ntdsutil: authoritative restore authoritative restore: restore subtree OU= Marketing,DC= Antipodes,DC= COM

For more information, see Microsoft documentation Active Directory Forest Recovery Guide and Disaster Recovery: Active Directory Users and Groups (section Performing an Authoritative Restore.

Can I use path reduction of a TSA backed up volume/directory when restoring the data?

Path relocation can be specified in the Expert Options window in the GUI restore wizard:

  1. Follow Standard Restore Procedure and in the Target Settings dialog, click the Expert Options button to open the Expert Options window.
  2. Switch to the Relocation tab and select With relocation. Then specify a new target location for the restored files. For details, see Expert options.
  3. Restore relocation Beefalo.jpg

Is it possible to restore savesets online with SEP sesam?

You can restore savesets online using SEP sesam web interface Restore assistant. It enables you to restore data from regular Path backups, NDMP and NSS file system Path backups, emails from Kopano backups, and virtual machines (Hyper-V, KVM/QEMU, Open Nebula, etc.) to which you have been granted access. Note that the Restore assistant cannot currently be used to schedule restores or restore a single file, as these features are only supported in GUI mode. For details, see Restore Assistant.

Is it possible to restore flat files/directories from multiple locations when restoring a TSA backed up file?

This functionality is not possible with TSA backups/restores. When restoring TSA backups, you should select Original tree structure in the GUI restore wizard, regardless of whether a Restore to original target path or a New restore target option is selected.

Novell restore path Beefalo V2.png


STORAGE, DEVICES & MEDIA MANAGEMENT

How do I use NAS/CIFS (QNAP, Synology ...) storage as backup target?

The below prerequisites must be met to use a NAS or a CIFS share as a backup storage. Depending on whether your SEP sesam Server or SEP sesam Remote Device Server (RDS) is Windows or Linux based, proceed as follows:

  • To avoid double network traffic, connect the storage via an additional network card to the SEP sesam Server or RDS.
  • If your SEP sesam Server or RDS is a Windows system, proceed as follows:
  1. Create a valid user in your AD/LDAP with administrative rights. For details, see Configuring LDAP/AD Authentication.
  2. Add this new user to your storage (NAS/CIFS) with full access to the storage part for SEP sesam.
  3. Adjust the SEP sesam system service and specify it to run under your newly created user account.
  4. Restart the service.
  5. Create a data store with a path, such as \\192.168.x.x\sepsesam.
  • If your SEP sesam Server or RDS is a Linux system, create a permanent mount point to the server and use this mount point as a backup target for your data store.

How do I set up automatic archive adjustment?

You can set up automatic archive adjustment by creating a command event in the SEP sesam GUI.

  1. In the Main Selection -> Scheduling -> Schedules -> New Schedule, create a new schedule. For details, see Creating a Schedule.
  2. Then create a Command Event and link it to the schedule. In the New Command Event window, specify the following:
  3. Priority: Standard set to 1. Name: Enter a description that is easily recognizable. Command: Example for tape loader 1, drive 2 and 10 slots: sm_robot -l 1 -d 2 -s 0-9 Client: Choose the desired SEP sesam Server name. User: For a Unix System enter: root. For Microsoft Windows: system.
Information sign.png Note
No explicit permissions are required for the simple activation of SEP sesam commands.

Does SEP sesam support removable or USB media for backup?

There is limited support for removable disk media, including USB drives. For their configuration, see Configuring Removable Media.

How can I determine whether a tape is a SEP sesam tape or not?

You can check a tape label by using the SEP sesam GUI or a command line.

To check a tape label in the GUI, place the tape into a drive. Then select the drive in the GUI under Components -> Drives and execute the Identify label drive action. For details, see Checking and Labeling Tape Media. If the label is found, it will be displayed under the drive in the Current messages display.

Alternatively, go to the command line, switch to the directory <SESAM_ROOT>/bin/sms and execute the following depending on your operating system:

On Unix

 ./sm_sms_interface getlabel -d /dev/nst0

On Windows

 sm_sms_interface getlabel -d Tape0
SEP Tip.png Tip
The necessary device (switch -d) can be found in GUI under Components -> Drives.

How can I manually write a label on a tape (e.g. to overwrite an existing label without performing a check of the SEP sesam database)?

Go to the command line, switch to the <SESAM_ROOT>/bin/sms directory and execute the following depending on your operating system:

On Unix

./sm_sms_interface init -d /dev/(z.B. nst0) -t testpool00001:1

On Windows

sm_sms_interface init -d Tape0 -t testpool00001:1
SEP Warning.png Warning
The tape will be overwritten without warning!

The media label consists of three parts:

  1. Name of the pool (in the above example, the name is testpool).
  2. The tape ID, a 5-digit number.
  3. A number after the colon (':') that complies with the preceding number.

How do I automatically remove a tape after a backup is finished?

The best way of removing a tape after the backup is by using the sm_notify interface.

The standard unload command is:

sm_drive dismount 2 unload

This command refers to the selected drive, in this case drive 2.

Where do I install the cleaning tape?

When specifying Archive adjustment, the cleaning tape will automatically be loaded in sequence and an unwanted cleaning operation may be initiated. To prevent the cleaning operation from initiating, select the last (highest numbered) slot for the cleaning tape and reduce the number of slots by one (1).

Cleaning may take place by manually entering the cleaning tape or by following the manufacturer's instructions.

Why does SEP sesam lock tapes that were not involved in a backup?

This is related to full (FULL)->differential (DIFF) or FULL->incremental (INCR)->INCR->INCR-> ... backups.

The following example explains this problem:

  • FULL -> requires three tapes (backup00001, backup00002, backup00003)
  • INCR -> requires one tape (backup00004)
  • INCR -> requires one tape (backup00005)
  • INCR -> requires one tape (backup00006)

The first backup merely changes the EOL (end of lifetime) for the three tapes (backup00001 to backup00003), the second backup changes the EOL for the first four tapes (backup00001 to backup00004) and the third backup changes the EOL for the first five tapes (backup00001 to backup00005), and so on. For details on EOL, see Managing EOL.

If the next full backup fails, the succeeding incremental backup will use the chain from the last successful backup(s) and so the chain expands. This is necessary for a generation restore because an incremental backup includes only the changes from the last backup, regardless of whether it was a full, differential or incremental backup. All tapes are needed to perform a successful restore.

With a differential rather than an incremental backup, SEP sesam locks the tapes from full backup and the tapes that were used by the differential backup.

How do I get information on the oldest tape in a pool before the backup starts?

It is sometimes very useful to know which will be the next free medium in a media pool before a backup starts. To get this information, enter the following command:

sm_arch_getoldest 1 full-disk

The command shows the next free medium of pool full-disk in drive 1.

How do I check the consistency of a data store?

The following command allows you to check the consistency of a data store:

sm_data_store check_db -L {datastore} | -d {drive_num}

Example 1

The example shows a data store check that detects 2 savesets with the wrong data file size (sizes smaller than stored in the SEP sesam database). The state of both backup operations is either a fail ('X') or broken data transfer ('3') and the result status is therefore 'SUCCESS'.

#>sm_data_store check_db -L DATA_STORE2
2019-08-28 14:39:59: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $
2019-08-28 14:39:59: Arguments: sm_data_store check_db -L DATA_STORE2
2019-08-28 14:39:59: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $  Sesam Id: None
2019-08-28 14:39:59: Arguments: sm_data_store check_db -L DATA_STORE2
2019-08-28 14:39:59: DB:               select * from data_stores where name= 'DATA_STORE2'
2019-08-28 14:39:59: DB:               select * from hw_drives where data_store= 'DATA_STORE2' order by drive_num
2019-08-28 14:39:59: DB:               select results.saveset,fdi_type,state,task,sesam_date,cnt,media_pool,results.uuid,data_size from results,result_lbls where
 results.saveset= result_lbls.saveset and results.saveset in (select saveset from result_lbls where label in (select label from media where location= 'DATA_STORE2'))
 and results.data_size>0 and results.state not in ('a','q') order by start_time
2019-08-28 14:39:59: DB:               select results.saveset,fdi_type,state,task,sesam_date,cnt,media_pool,results.uuid,data_size from results,result_lbls where
 results.saveset= result_lbls.saveset and results.saveset in (select saveset from result_lbls where label in (select label from media where location= 'DATA_STORE2'))
 and results.data_size= 0 and results.state not in ('a','q') order by start_time
2019-08-28 14:39:59: DB:               select label,pool from media where location= 'DATA_STORE2'
2019-08-28 14:39:59: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/DataStore1/DataStore100002"
2019-08-28 14:40:00: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/I_DS_POOL/I_DS_POOL00001"
2019-08-28 14:40:00: ==================================================================================
2019-08-28 14:40:00: Savesets in Sesam DB:          187.
2019-08-28 14:40:00: Saveset files found:           187.
2019-08-28 14:40:00: Saveset in DB and on FS:       187.
2019-08-28 14:40:00: Savesets not found on disk:      0.
2019-08-28 14:40:00: Saveset files not in DB:         0.
2019-08-28 14:40:00: -------------- List of savesets with wrong data file size ------------------------
2019-08-28 14:40:00: 3  SF20190826212205682@gp_o1hNIc8g  miraculix_dev 2019-08-26 00:00:00 4430717952 > 4430686656
2019-08-28 14:40:00: X  SC20190825083202946@iW9ZD7vcSw2  SESAM_BACKUP 2019-08-21 00:00:00 1323736064 > 1323385536
2019-08-28 14:40:00: -------------------- List of savesets without data file --------------------------
2019-08-28 14:40:00: -------------------- List of files without DB entry ------------------------------
2019-08-28 14:40:00: -------------------- List of files without data file -----------------------------
STATUS= SUCCESS MSG= OK

Example 2

A data store check that detects a saveset with the wrong data file size and with a successful backup state ('0'). The result status shows 'ERROR'.

G:\DATA_STORE2\DATA_STORE2\DataStore1\DataStore100002>sm_data_store check_db   -L DATA_STORE2
2019-08-28 15:03:05: $Id: sm_data_store.py,v 1.105 2013/08/18 18:06:36 sesam Exp $
2019-08-28 15:03:05: Arguments: sm_data_store check_db -L DATA_STORE2
...
2019-08-28 15:03:06: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/DataStore1/DataStore100002"
2019-08-28 15:03:06: Looking for savesets: sm_client dir "G:/DATA_STORE2/DATA_STORE2/I_DS_POOL/I_DS_POOL00001"
2019-08-28 15:03:06: ==================================================================================
2019-08-28 15:03:06: Savesets in Sesam DB:          188.
2019-08-28 15:03:06: Saveset files found:           188.
2019-08-28 15:03:06: Saveset in DB and on FS:       188.
2019-08-28 15:03:06: Savesets not found on disk:      0.
2019-08-28 15:03:06: Saveset files not in DB:         0.
2019-08-28 15:03:06: -------------- List of savesets with wrong data file size ------------------------
2019-08-28 15:03:06: 0! SI20190826150006895@ch-Gdm3Id_6  miraculix_dev 2019-08-26 00:00:00 106962944 > 1274932
2019-08-28 15:03:06: -------------------- List of savesets without data file --------------------------
2019-08-28 15:03:06: -------------------- List of files without DB entry ------------------------------
2019-08-28 15:03:06: -------------------- List of files without data file -----------------------------
2019-08-28 15:03:06: ERROR: File size does not match:        1.
STATUS= ERROR MSG= ERROR: File size does not match: 1.

In this case, the saveset is corrupted. You have to determine the reason for the corrupted saveset (disk IO problem, file system with limited file size, etc.). To avoid the corrupted saveset from being used, its result state must be changed to broken data transfer ('3').

sm_db "update results set state= '3', msg= 'corrupt saveset (size)' where saveset= 'SI20190826150006895@ch-Gdm3Id_6'"

If the data is still available on the backup source, a corresponding backup must be restarted.

Why can't I find my Exabyte single tape drive in the list of devices when I try to initialize it?

First, inspect the media pool to see if the tape drive is displayed. If there is no number (0, 1, 2, etc.) behind Tape, the drive was not detected by SEP sesam. You can also check this by entering slu topology in the command line prompt, see Using slu topology for detecting devices.

If the device is not listed, the driver is not installed correctly. Look for the appropriate driver at the manufacturer's site or elsewhere on the internet, download it to your computer and run the program to install the driver. The media pool should now show the Tape (0). Finally, initialize the tapes. For details, see Media Strategy.

Why do I get the error message skipping blocks when I try to perform a SEP sesam backup with an Exabyte VXA172?

Some manufacturers often require a different driver for each tape model they manufacture. In this case, the VXA tape you initialized is not recognized by SEP sesam in the Exabyte tape drive. To fix this problem, go to the drive properties in the GUI (double-click the drive) and change the drive type from VXA to EXA.

Why does SEP sesam not write to my LTO drive on my x86 system?

The OS enables PAE (Physical Address Extension) automatically on x86 systems if more than 3.25 GB RAM are in use. With PAE, the OS cannot write more than 32 KB to a tape drive whereas SEP sesam needs 64 KB for LTO. The most efficient solution is to switch to an x64 OS. Decreasing the RAM to a maximum of 3.25 GB should also solve the problem.


NOTIFICATIONS & LOGGING

What does the notification "Disk space for listings and logging below critical threshold" mean?

In the Newday event, SEP sesam Server checks the free disk space on the partition where the log files and listings are stored.

<SESAM_ROOT>\var\log
<SESAM_ROOT>\var\lis

If free space falls below the critical threshold value, the server sends an email notification.

The threshold value (default = 5000, 5000 MB) can be configured in sm.ini under the [Params] section <SESAM_ROOT>\var\ini\sm.ini.

[Params]
gv_min_free= 5000
SEP Warning.png Attention

If there is no more disk space available on the partition, the server cannot write additional logs and listings. This can result in critical errors and lead to data loss. This error should be addressed at the earliest possible opportunity.

How do I set a higher logging level?

You can increase the logging level for specific backup or restore task in the GUI: Main selection -> Tasks -> By Clients -> double-click the backup or restore task to open the Properties. There you can adjust the logging level in the field 'Backup options' with -v <LOGLEVEL>. For details, see Setting Log Level. You can also set the logging level globally for SEP sesam kernel modules, as described in Setting log level globally for SEP sesam kernel modules in debug.ini. Note that running SEP sesam with a higher logging level than default (0 for backup and restore) increases the amount of information being logged and may negatively affect the performance of SEP sesam. For details, see Setting Log Level.

Is it possible to generate audit logs?

It is possible to use the sm_gui_server_requests.log as a source for audit logs by generating a more readable version of the log file with evidence of each action that was triggered by a user. Audit trail records may contain the following details:

  • date and time
  • API request for the executed action
  • user associated with the activity
  • user IP address

The below example shows that the restore task was deleted by the user Administrator.

2021-02-03 10:55:08,592 - [GET] /sep/api/restoreTasks/rs_task01/forceRemove [User: Administrator, IP: 192.168.21.12:59111]

For detailed procedure, see Audit Logging.

Why do the request status or daily protocol (log files) return "Host SEP sesam is not allowed to connect or security problem for user"?

Typically, there is an issue with client's access privileges:

scd-1136: Error: Host [{SEPsesam}] is not allowed to connect or security problem for user: [{user}].

There is a problem with the RMI GUI Server on the SEP sesam Server. The system requires CTRL or SMSSH privileges to complete the SEP sesam commands. On the backup client add permission for the SEP sesam Server so the server is allowed to connect to the client.

Execute the following command on the client:

 sm_setup set_client <SEP sesam Server hostname>

For example, if the SEP sesam Server hostname is backup01:

  • On Microsoft Windows, in the directory C:\Program Files\SEPsesam\bin\sesam, specify:
 sm_setup set_client backup01
  • On Linux, enter:
 /opt/sesam/bin/sesam/sm_setup set_client backup01

How can I create a LOG archive?

The LOG archive for backups, restores and migrations can be created very easily since SEP sesam version 4.4.3.86.

Proceed as follows:

  • In the GUI Main Selection - > Job Status - > click the desired <ACTION>: Backups, Restores or Migrations and Replications.
  • Do a right-click on the desired task, then select the bottom menu item Download archive with all LOG files and click on it.
  • Select a directory where the LOG archive will be saved.

This archive contains the most important logs that can be used by SEP support to perform an initial analysis of the problem. Among others, these include the NOT and BCK logs, the daily log and, in the case of backups, the LIS file.

Information sign.png Note
Please attach this LOG archive to the support ticket.

In case of migration, create the archive once from the 'parent process' of the migration and also for the actual migration 'child process', i.e. attach both archives to the support ticket.


MONITORING & REPORTING

How can I monitor SEP sesam environment?

You can monitor your SEP sesam environment through Web UI or by using SEP sesam GUI. Note that all monitoring functionality accessible in the SEP sesam GUI is also accessible in Web UI with the advantages of being user-friendly and visually attractive, providing immediate access to the Web UI from mobile browsers and being easily available to anyone you authorize. For details, see Monitoring SEP sesam environment.

How can I access the SEP sesam Web UI and SEP sesam dashboard?

When running the SEP sesam GUI as an administrator, the Web UI landing page opens by default with link to the Web UI (and links to documentation, etc). You can also access the online dashboard from the GUI by clicking the first icon – dashboard – in the toolbar or by selecting Dashboard in Main Selection -> Monitoring. Or you can simply type the following information in the browser address bar: http://[servername]:11401/sep/ui or https://[servername]:11401/sep/ui. For details, see SEP sesam Web UI.

Can special reports be generated for backups, backup time, performed restores, etc.?

SEP sesam reports provide various information on your SEP sesam environment. By using reports in the SEP sesam GUI or Web UI, you check the details of all events, get an overview of all active jobs, next events and different states, e.g., data store status, backups, migrations, etc. You can configure SEP sesam to send these reports and log files in the form of email notifications. For details, see SEP sesam reports.

Additionally, you can create your own scripts for the execution of both pre- and post-operations using the commands execute_pre or execute_post. For details, see Using Pre and Post Scripts and Interaces.

How can I be notified about SEP sesam operations?

SEP sesam can be configured to automatically send the log files (daily protocol, events and errors) to the specified email account. This feature is based on interface scripts that have to be activated via GUI or manually by copying the templates. SEP sesam interfaces require a configured email account to be able to send the selected notifications via email. For step-by-step procedure, see How to Configure Mail Notification.

You can also check notifications in Web UI and in SEP sesam GUI in the upper right corner by clicking the flag. Notifications inform you about license violations, unconfigured interfaces, etc., and contain other important information, such as the announcement of a new release or the notification of the error. For more details, see Notification Center.