TSM4VE – Request for enhancement is submitted

Posted on by
Reply

Regarding this previous post (“TSM4VE – lacks support for multiple vCenters?“), I eventually submitted a support call (RFC) at IBM with one very simple question: is TSM4VE or will TSM4VE be capable of connecting to more than 1 vCenter machine simultaneously, now or in the future?

By that, I mean not just the ability to backup and restore between different vCenters, but really support multiple vCenters, in an intuitive, easy and manageable way. So you can easily backup and restore a VM between them. Just for one machine. Or, when in a DR or HA situation (when failing over to a different vCenter, and for some reason one must rely on the existing TSM backup) multiple VM’s. This functionality would be very helpful. As stated before, Competitive software, like Quest (formerly VizionCore) vRanger Pro and Veeam Backup & Replication does have stated support for a multiple vCenters setup.

After a while, the answer came back from TSM level 2 support. They told me it was discussed with the developers and came to this conclusion:

“At this time we can *only* connect to one vCenter at a time (i.e. the web service) via the VMware vStorage API. But it is possible…<text omitted>”

Sure that’s possible – see the previous post “TSM4VE – backup and restore a VM between different vCenters” for more details on that. But really, this feels like a workaround.

So it’s simply not there now or somewhere on the road map. Things could be changed and I was requested to log a Request for enhancement – which I did today. The RFE ID is 22618.

If you find my request for this added functionality useful, than please let IBM know as well and vote or comment on the RFE:
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=22618

—-Tommy Hueber

TSM4VE – backup and restore a VM between different vCenters

Posted on by
Reply

In a previous blogpost, I’ve written about TSM4VE’s inability to restore a VM to a different vCenter, through the use of the TSM4VE vCenter Plug-in.

For the TSM B/A Client GUI (in dsm.opt on the vStorage Backup Server), the connection to a vCenter machine is established trough the parameters VMCHOST, VMCUSER and VMCPW. The VMCHOST parameter can contain only 1 value and VMCHOST itself can be specified only once. So no method to connect to multiple vCenter machines there. This is also stated in the IBM documentation (see this previous blogpost for more information): “The Tivoli Storage Manager client supports connecting to one vCenter server at one time”.

You can however backup a VM from one vCenter and restore it to a different vCenter by changing the VMCHOST/VMCUSER options in the TSM B/A Client configuration, before restoring the VM. But this involves some manual adjustment anytime you want to do this.
If you want to backup and restore VM’s between several vCenters more easily (instead of adjusting dsm.opt every time), you’ll need to define multiple dsm.opt files on the vStorage Backup Server.

The text below will describe how to do this on a high-level. Keep in mind that this is still not possible from the centrally managed TSM4VE vCenter Plugin. It is also not possible to browse, from whatever GUI, through different vCenters easily. Again, see the previous blog post for more information. TSM4VE seems to lack support for multiple vCenters, in an intuitive, easy and manageable way. The method described below merely serves as a workaround.

In this test setup the virtual machine TSMTST01 on vCenter BLACKVAN, can be backed up and restored. DSM.OPT looks like this (unrelated options are removed from the output):

nodename                          VCENTER_DC_DM1
commmethod                        TCPIP
tcpserveraddress                  HANNIBAL
tcpport                           1500
VMCHOST                           BLACKVAN
VMCUSER                           TSM4VE
VMFULLTYPE                        VSTOR
VMBACKUPTYPE                      FULLVM
VMMC                              MC_VMWARE
VMCTLMC                           MC_VMWARE_CTLFILES

Backupdata is stored under the nodename used for the VMware Datacenter (VCENTER_DC_DM1 – this datacenter node “owns” the VM backup data).

In the second setup an additional vCenter is introduced:

There are now two separate .OPT files pointing to the same TSM node (VCENTER_DC_DM1). The first .OPT connects to vCenter BLACKVAN and the second .OPT connects to vCenter MURDOCK. On restore of the VM you’ll need to override the DATASTORE, HOST and DATACENTER parameters, because most likely they will not exist in the other vCenter. If you do not specify the VMName parameter, the original virtual machine name (TSMTST01) is used.

DSM_BLACKVAN.OPT:

nodename                           VCENTER_DC_DM1
commmethod                         TCPIP
tcpserveraddress                   HANNIBAL
tcpport                            1500
VMCHOST                            BLACKVAN
VMCUSER                            TSM4VE
VMFULLTYPE                         VSTOR
VMBACKUPTYPE                       FULLVM
VMMC                               MC_VMWARE
VMCTLMC                            MC_VMWARE_CTLFILES

DSM_MURDOCK.OPT

nodename                           VCENTER_DC_DM1
commmethod                         TCPIP
tcpserveraddress                   HANNIBAL
tcpport                            1500
VMCHOST                            MURDOCK
VMCUSER                            TSM4VE
VMFULLTYPE                         VSTOR
VMBACKUPTYPE                       FULLVM
VMMC                               MC_VMWARE
VMCTLMC                            MC_VMWARE_CTLFILES

In this scenario you have to consider the naming convention of your TSM4VE node set. For example, you can’t use the DC name in the nodename because the DC name might vary between vCenters.

With the setup above you can use this command to backup the VM on vCenter BLACKVAN:

C:\Program Files\Tivoli\TSM\baclient>dsmc.exe -asnodename=VCENTER_DC_DM1 -optfile=dsm_blackvan.opt

tsm> backup vm TSMTST01

And you can use this command to restore the VM to vCenter MURDOCK:

C:\Program Files\Tivoli\TSM\baclient>dsmc.exe -asnodename=VCENTER_DC_DM1 -optfile=dsm_murdock.opt

tsm> restore vm TSMTST01 -datacenter=”Test_Datacenter” -host=testhost -datastore=testdatastore

You can also use the TSM B/A Client for this (change dsmc.exe to dsm.exe in the command line above) and use the GUI to restore to an alternate location.

—-Tommy Hueber

TSM4VE – IBM released first edition of Deployment Guide

Posted on by
Reply

Yesterday IBM released the first edition of the “Tivoli Storage Manager for Virtual Environments v6.3 Deployment Guide”. This document can be used to better understand (the concepts of) TSM4VE v6.3. It assumes some familiarity with earlier releases of TSM/TSM4VE and can be used in addition to the regular product documentation. When I was implementing TSM4VE, I had to find out a lot of information for myself (always good fun of course) and the documentation I created, bares some similarities with this Deployment Guide. Which will be very helpful for those that are in the process of getting TSM4VE up and running. Specifically for Tivoli Storage Manager Data Protection for VMware.

Link to the TSM4VE Wiki section:
http://www.ibm.com/developerworks/wikis/x/aofcC

Direct link to the .pdf:
Tivoli Storage Manager for Virtual Environments v6.3 Deployment Guide

—-Tommy Hueber

TSM4VE – lacks support for multiple vCenters?

Posted on by
Reply

TSM4VE seems to lack support for multiple vCenters, in an intuitive, easy and manageable way. Competitive software, like Quest (formerly VizionCore) vRanger Pro and Veeam Backup & Replication does have stated support for multiple vCenters.

The image displayed below is taken from the “IBM TSM for Virtual Environments v6.3 – Data Protection for VMware Installation and User’s Guide”, but the same image is often used in different IBM publications.

© Copyright IBM Corporation

Without explaining the TSM4VE setup in much detail: you’ll need to define a number of nodes on the TSM server and install/configure the various software components. This is grossly simplified, but in the end the vStorage Backup Server is communicating with the ESX machine through the vStorage API (VADP). Backupdata is stored under the nodename used for the VMware Datacenter (the Datacenter node “owns” the VM backup data). When a VMware administrator uses the vSphere Client, the TSM4VE vCenter Plug-in may be used. The vSphere client communicates with the vCenter Server and the Data Protection for VMware vCenter plug-in Server. Instead of the TSM4VE vCenter plug-in, the TSM B/A Client GUI or CLI on the vStorage Backup Server can be used.

The separately illustrated Data Protection for VMware vCenter plug-in Server will host the embedded WebSphere Application Server (eWAS). In my personal experience, this machine will be the the vStorage Backup Server itself in most cases.

When restoring a VM trough the TSM B/A Client GUI, multiple restore options are available:

When using the TSM4VE vCenter Plug-in, the pulldown boxes are already populated. You cannot type text in these fields. This will prevent you from typos or submitting wrong values. If you really want to screw things up, you can still do this in the TSM B/A Client GUI or CLI.

With both methods you’ll need to specify a different VM name (if needed) along with the datacenter, the ESX host and the data store to be used, when restoring a VM to an alternate location.

This GUI information will correspond to these CLI parameters:

  • Vmname;
  • Datacenter;
  • Host;
  • Datastore.

What’s missing here is the ability to restore a VM to a different vCenter. In the image below an example of Quest vRanger Pro is used to illustrate how this software is connected to multiple vCenters simultaneously (some information is blacked out):

I tried several different ways to get a similar experience in TSM4VE. Not just the restore, but solely the “browsing” through multiple vCenters is also just not possible.

For the TSM B/A Client GUI (in dsm.opt on the vStorage Backup Server), the connection to a vCenter machine is established trough the parameters VMCHOST, VMCUSER and VMCPW. The VMCHOST parameter can contain only 1 value and VMCHOST itself can be specified only once. So no method to connect to multiple vCenter machines there.

The same applies to the vmcliprofile file used to hook up the TSM4VE vCenter Plug-in to a vCenter: VE_VCENTER_NODE_NAME and VE_DATACENTER_NAME. Here the mapping with the correct TSM nodes is configured – first a virtual node that represents the vCenter, second a virtual node that maps to a datacenter.

An attempt was made to use linked mode, but according to the “IBM Tivoli Storage Manager V6.3 Windows backup-archive client known problems and limitations“, linked mode is not supported by TSM4VE. It’s in the section “VMware VI API known problems and limitations”:

“Tivoli Storage Manager client does not display virtual machines in Virtual Center linked mode. Tivoli Storage Manager development believes that this is a VMware issue. The VI API does not support Virtual Center in linked mode. You have to set up the backup proxy as it does today connecting each vCenter server. The Tivoli Storage Manager client supports connecting to one vCenter server at one time.”

Of course, by defining multiple data movers/sets of nodes and basically duplicate/mimic the TSM4VE setup for each vCenter, you are able to backup/restore VM’s of different vCenters with just one vStorage Backup Server. But these are kept as separate entities/data sets within TSM and the backup of a VM cannot be restored to another vCenter. Maybe with some TSM tricks (exports, etc.) this can be done. It would be nice if this functionality was available with ease, so it could be automated. A customer use case could be the backup of the production environment, which can be restored to a test/acceptance environment, utilizing a different vCenter.

I’ve checked all sorts of documentation (see link sections) like the TSM 6.3 Information Center, the TSM for VE – Installation and Users Guide, the TSM Wiki specific to TSM4VE, different presentations are available on the internet like:

  • TSM & TSMVE Sizing Concepts;
  • A Deep Dive into TSM for Virtual Environments;
  • Tivoli Storage Manager for Virtual Environments
    (Avanced recovery management for VMware),

ADSM.ORG, the ADSM-L Mailing List and I’ve Googled it extensively. But nowhere there’s information to be found, not even a brief mentioning, that a multiple vCenter setup (like vRanger Pro and Veeam are capable of) is (un)supported. The only mention is the sentence under the section “VMware VI API known problems and limitations”, as discussed earlier.

“The Tivoli Storage Manager client supports connecting to one vCenter server at one time.”

This key sentence seems to be the answer to the question whether multiple vCenters are supported or not. It cleverly states what IS supported, which can be translated to what IS NOT supported. It would be nice to at least mention the answer more clearly in an IBM TechNote.

It looks like v6.3 of TSM4VE is closing the gap between IBM and the other mentioned players in the VM backup market. Sure, all different kind of functions are added in this release and are working like a charm. But regarding the multiple vCenter Setup, for now my conclusion is that TSM4VE lacks this functionality. Maybe it’s on the roadmap for TSM4VE v6.4?

As always, comments are welcome. If would be great if someone else is having this very specific problem and wants to share this or even add some information. Tips for possible workarounds are welcome.

See this follow-up article for more information about backing up and restoring a VM between different vCenters.

—-Tommy Hueber

TSM4VE – Full VM Restore

Posted on by
Reply

Recently I’ve been playing around with TSM for Virtual Environments, aka TSM4VE. Starting today, a fair number of posts will be dedicated to TSM4VE. Hopefully this will be helpful for anyone out there who is trying to get this software up and running, which starts of very simplistic, but gets more complicated very quickly once you go down the road of its possibilities. This simple article tries to collect the information about restoring a full VM, which already exist, at a single point.

When restoring a full VM, the entire VM is restored to the state it existed in when originally backed up. A VM will restore to its original location by default. For each method listed below, different error codes, feedback and behavior is experienced when the VM is restored to its original location, while the VM still exist.

As far as I’m aware of, there are 4 different ways to restore a full VM with TSM4VE:

  • TSM B/A Client GUI (dsm.exe)
  • TSM B/A Client CLI (dsmc.exe)
  • DP for VMware vCenter Plug-in
  • DP for VMware CLI (vmcli.exe)

In the “Data Protection for VMware Installation and User’s Guide” the following information is displayed:

Important: If the original virtual machine still exists, you cannot restore a virtual machine to the original location. You must first remove the existing virtual machine before doing the restore operation. You can restore a virtual machine to its original location only if the virtual machine does not exist.

This information is correct, however the check for the appearance of the VM to be restored is implemented differently. The TSM B/A Client GUI and CLI actually tries to start the restore and create the VM, and after some time will result in an error in the VMware vSphere Client, listed below:

The DP for VMware vCenter Plug-in does not try to create the VM, but fails right away. It seems like a check is performed in the background before the creation. This is different from the TSM B/A Client behavior.

TSM B/A Client GUI:

dsmerror.log:

04/26/2012 13:53:28 ANS9365E VMware vStorage API error.
TSM function name : visdkWaitForTask
TSM file          : vmvisdk.cpp (3727)
API return code   : 60
API error message : The name ‘XXXX’ already exists.
04/26/2012 13:53:28 ANS9365E VMware vStorage API error.
TSM function name : visdkWaitForTask
TSM file          : vmvisdk.cpp (3732)
API return code   : 60
API error message : The name ‘XXXX’ already exists.
04/26/2012 13:53:28 ANS5250E An unexpected error was encountered.
TSM function name : vmVddkRestoreVM
TSM function      : Can not create virtual machine
TSM return code   : 4389
TSM file          : vmrestvddk.cpp (1116)

TSM B/A Client CLI:

tsm> restore vm XXXX
Restore function invoked.

Restore VM command started.  Total number of virtual machines to process: 1

Restore of Virtual Machine ‘XXXX’ started

2012-04-26T13:58:09.627+02:00 [09292 info 'Default'] Initialized channel manager
2012-04-26T13:58:09.627+02:00 [09292 info 'Default'] Current working directory:
D:\Program Files\Tivoli\TSM\baclient
2012-04-26T13:58:09.627+02:00 [09292 verbose 'ThreadPool'] TaskMax=10, IoMin=1,
IoMax=21

Starting Full VM restore of VMware Virtual Machine ‘XXXX’ target node
name=’VCENTER’, data mover node name=’DM’

Preparing for restore of ‘XXXX’ from virtual machine backup.
Restoring VM configuration information for ‘XXXX’
ANS9365E VMware vStorage API error.
   TSM function name : visdkWaitForTask
   TSM file          : vmvisdk.cpp (3732)
   API return code   : 60
   API error message : The name ‘XXXX’ already exists.
Unmount virtual machine disk on backup proxy for VM ‘XXXX’

ANS4177E Full VM restore of VMware Virtual Machine ‘XXXX’ failed with
RC=4389 target node name=’VCENTER’, data mover node name=’DM’
>>>>>> Restore Processing Interrupted!! <<<<<<
ANS9404E Error creating the specified Virtual Machine. See log files for more in
formation.

Dsmerror.log:

04/26/2012 13:58:12 ANS9365E VMware vStorage API error.
   TSM function name : visdkWaitForTask
   TSM file          : vmvisdk.cpp (3727)
   API return code   : 60
   API error message : The name ‘XXXX’ already exists.
04/26/2012 13:58:12 ANS9365E VMware vStorage API error.
   TSM function name : visdkWaitForTask
   TSM file          : vmvisdk.cpp (3732)
   API return code   : 60
   API error message : The name ‘XXXX’ already exists.
04/26/2012 13:58:12 ANS5250E An unexpected error was encountered.
   TSM function name : vmVddkRestoreVM
   TSM function      : Can not create virtual machine
   TSM return code   : 4389
   TSM file          : vmrestvddk.cpp (1116)
04/26/2012 13:58:13 ANS9404E Error creating the specified Virtual Machine. See log files for more information.

DP for VMware vCenter Plug-in:

Related error codes:

    • GVM1167E
    • ANS4168E
    • ANS9355E
    • ANS9365E (Generic VMware vStorage API error)
      • RC 60
    • ANS5250E (Generic unexpected error for TSM B/A Client)
      • Can not create virtual machine / RC 4389

—-Tommy Hueber

SP2-0310: unable to open file – TSM for Databases – DP for Oracle

Posted on by
Reply

Problem:
Invocation of the command ‘tdposync syncdb’, will result in error message:
SP2-0310: unable to open file “C:\DOCUME~1\tommy\Local.sql

IBM Tivoli Storage Manager for Databases:
Data Protection for Oracle
Version 5, Release 4, Level 1.0
(C) Copyright IBM Corporation 1997, 2007. All rights reserved.

Catalog 1 User Name: oracle
Catalog 1 Password: ********
Catalog 1 Connect String: emrep

From Date (01-01-1990):
To Date (24-02-2012):

SQL*Plus: Release 9.2.0.7.0 – Production on Fri Feb 24 12:58:44 2012
Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 – 64bit Production
With the Partitioning option

SP2-0310: unable to open file “C:\DOCUME~1\tommy\Local.sql”
SQL>

Applies to:
TSM for Databases – DP for Oracle client running on Windows.

Related IBM Technote:
None.

Summary:
The SP2-0310 is not a DP for Oracle message, as these messages are prefixed with ‘ANU’. It turned out there is no easy way to find this SP2-0310 Oracle error in relation to TSM with Google, so I created this weblog article. Otherwise, you’re stuck with Oracle discussion groups, which is not very convenient if you’re not that much into Oracle.

Symptoms:
Running ‘tdposync syncdb’ results in error message:
SP2-0310: Unable to open file.

Cause:
For some reason, DP for Oracle is unable to create the specified file in the given directory, although the directory exists and permissions are correct. SP2-0310 is a generic error which occurs when a file cannot be opened.

Resoltion / Workaround:
Determine the value of the environment variable TMP with the ‘set’ or ‘echo’ command. In this case:

TMP=C:\DOCUME~1\tommy\Local Settings\Temp\1

This directory does exist, and permissions are correct, but still it won’t work and will result in the error message SP2-0310. Change the value to a more simple directory, e.g. ‘c:\temp’. Do this in the current Oracle Client window for this session only, or adjust the system wide user variables for the Windows system for a more persistent approach.

set tmp=c:\temp

The tdposync syncdb command will now work without any problem:

IBM Tivoli Storage Manager for Databases:
Data Protection for Oracle
Version 5, Release 4, Level 1.0
(C) Copyright IBM Corporation 1997, 2007. All rights reserved.

Catalog 1 User Name: oracle
Catalog 1 Password: ********
Catalog 1 Connect String: emrep

From Date (01-01-1990):
To Date (24-02-2012):

SQL*Plus: Release 9.2.0.7.0 – Production on Fri Feb 24 12:58:44 2012
Copyright (c) 1982, 2002, Oracle Corporation.  All rights reserved.

Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 – 64bit Production
With the Partitioning option

Disconnected from Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 – 64bit Production
With the Partitioning option

Gathering Catalog information…Please wait

The TSM Server is Synchronized with the Oracle Catalog or there are no matching files in the requested filespace.

In this case, the TSM server is synced with the RMAN catalog.

Background information:
If (for whatever reason) the contents of the TSM and the RMAN catalog get out of sync, the tdposync utility checks for objects on the TSM server that are not in the RMAN catalog. It allows you to repair such discrepancies by removing unwanted objects from the TSM server.

A thing to note: the environment variable TEMP (with the extra ‘e’) is not used by the ‘tdposync syncdb’ command.

—-Tommy Hueber

ANS1501E Trusted agent execution/owner permissions are invalid

Posted on by
Reply

Problem:
Invocation of dsmc as a non-root user will result in error message “ANS1501E Trusted agent execution/owner permissions are invalid”. In dsmerror the tcaPath is reported as >/usr/bin/dsmtca< with a return code of 138.

Applies to:
TSM B/A Client running on AIX, Linux, HP-UX, or Solaris.

Related IBM Technote:
Error message about Trusted Agent execution/owner permissions are invalid”.

Summary:
Non-root users are unable to use the TSM B/A Client to backup or restore their own files, unless the setuid bit is turned on. To backup and restore all files, the TSM B/A Client must be started when logged on as the root user.

SETUID?
In the Unix/Linux world, there is the concept of “setuid”. This is effectuated through ‘chmod u+s’, which causes the executable to run under the name of the owner of the executable, rather than the actual invoker. This way, an unprivileged user can gain powers which they would not ordinarily have. Some TSM executables, such as dsmtca are designed with this in mind; others such as dsmc are not.

Symptoms:
Interactive when running dsmc:
ANS1501E: Trusted agent execution/owner permissions are invalid

In Dsmerror.log:
09/22/2011 14:02:58 ANS0361I DIAG: Unable to locate valid trusted communication agent. 09/22/2011 14:02:58 ANS0361I DIAG: tcaPath is >/usr/bin/dsmtca
09/22/2011 14:02:58 ANS1501E Trusted agent execution/owner permissions are invalid

Cause:
Wrong permissions on the dsmtca file, possibly because of manually changed permissions or changed file ownership after the initial installation; the TSM client was not installed as the root user.

Resolution:
Check to see of there are indeed wrong permissions or incorrect ownership. Below is an example, resulting in wrong permissions because of chown or chmod:

[root@hannibal bin]# ls -l dsmtca
-rwxr-xr-x 1 oracle oracle 4051508 May 16 16:12 dsmtca

If needed, first correct the owner:

[root@hannibal bin]# chown root:root dsmtca
[root@hannibal bin]# ls -l dsmtca
-rwxr-xr-x 1 root root 4051508 May 16 16:12 dsmtca

Correct the SUID bit:

[root@hannibal bin]# chmod u+s dsmtca (or chmod 4755)
[root@hannibal bin]# ls -l dsmtca
-rwsr-xr-x 1 root root 4051508 May 16 16:12 dsmtca

Alternatively, reinstall the TSM B/A Client to get the default set of permissions. First remove the software, and then install it again. This will also reset ownership and permissions on other files.

Background information:
This article contains background information and additions to the listed IBM Technote. In this Technote it is stated that:

“The most common reason for this is when the permission’s on the dsmtca file are invalid. This is generally caused when the product is not installed with the root user ID as stated in the Client Manuals, or when the permissions for the file have been manually changed after installation.”

This is correct, as in this situation the permissions have been changed like this:

chown:/opt/tivoli/tsm/client –R

However, the information in the Technote is not entirely complete. Because, in addition to the changing of permissions, the error can also occur when the owner and group are anything else but the root user and the root group (for example root:root). The permissions below will not work, even though the permissions described in the section “Resolving the problem” in the Technote (4755 – rwsr-xr-x) are used:

[root@hannibal bin]# ls -l dsmtca
-rwsr-xr-x 1 oracle oracle 4051508 May 16 16:12 dsmtca

Another possible cause could be the change of ownership, because than the permissions are altered as well (rws changes to rwx):

[root@hannibal bin]# ls -l dsmtca
-rwsr-xr-x 1 root bin 4051508 May 16 16:12 dsmtca
[root@hannibal bin]# chown oracle:oracle dsmtca
[root@hannibal bin]# ls -l dsmtca
-rwxr-xr-x 1 oracle oracle 4051508 May 16 16:12 dsmtca

Also, I think that the s (the SUID bit) can be stressed out a bit more here, as readers might assume that the well known rwx is correct. This can be seen on some internet newsgroup discussions where users even go as far as issueing chmod 777 and assume that’s ok….they are surprised it isn’t. Keep in mind that chmod 777 will not set the SUID bit. However, the information in the Technote is technically correct and should be read with attention. This will end my Technote comments.

A brief discussion about dsmtca:
The given error message is stating that trusted agent (=dsmtca) execution/owner permissions (=execute permissions (=x)) are invalid (=anything else than rws and anything else than the root user as the owner). Dsmtca is the abbreviation of Distributed Storage Manager Trusted Communication Agent. However, sometimes being referred to at the Trusted Client Agent.

Dsmtca is only available on Linux, AIX, HP-UX, Solaris. Not on Windows. The TSM client uses the trusted dsmtca process to communicate with the ADSM server via a TCP session.

In dsmerror the tcaPath is reported as >/usr/bin/dsmtca< with a return code of 138. API return code 138 suggests someone diddling with permissions, or the software being run from an inappropriate or authority-changed account. The symbolic link should be like this:

[root@hannibal bin]# ls -l /usr/bin/dsmtca lrwxrwxrwx 1 root bin 41 Sep 6 15:03 /usr/bin/dsmtca -> ../../opt/tivoli/tsm/client/ba/bin/dsmtca

Permissions on dsmtca:

[root@hannibal bin]# ls -l dsmtca
-rwsr-xr-x 1 root bin 3073744 Nov 24 2009 dsmtca

As always, feel free to leave a comment if this was helpful for you in any way, or if you can’t resist the urge.

—-Tommy Hueber

Step-by-step: recover a single file from a backed up SYSTEMSTATE to an alternate location

Posted on by
Reply

….and TSMBLOG.org. is back. Or at least, it’s a fresh beginning.

What follows below is a step-by-step instruction of how to restore a single file from a backed up SYSTEMSTATE to an alternate location. By default, the entire SYSTEMSTATE (or smaller portions of it) must be restored. But it is very well possible to restore just a single file, although – in my opinion, this is not very well documented or common knowledge. So let’s share.

In this article, a login script (UserLogonScript.vbs) was deleted from the SYSVOL directory on a DC. No one knows why. It just happened. There is no easy way to simply restore the .vbs file through the default TSM B/A Client, as the \SYSVOL directory – being part of the SYSTEMSTATE, is excluded from the regular filesystem backup by default. The instructions in this article can also be applied to the NTDS directory.

DISCLAIMER: This procedure assumes CLI, as there is no way (I know of) to pull of this action through the GUI. And to be quite honest with you, I would not like it any other way.

The SYSTEMSTATE is backed up through VSS, so the filespace type is being reported as VSS.

On the TSM Server:

Determine the exact name of the SYSTEMSTATE filespace (the SYSTEMSTATE naming structure has changed from TSM 5.5 and up, so perform this step just to be sure):

A simple ‘q fi face’ command would also do the trick (certain output is omitted, please don’t look for it):

On the TSM Client:

  • Create a temporary directory, in which the file will be restored – e.g. C:\systemp;
  • Start the TSM B/A CLI;
  • Query the nodes’ SYSTEMSTATE filespace on the TSM server for the exact location of the object you want to restore, like this:q b “{systemstate_filespacename}\filename_to_be_restored”

In this case: tsm> q b “{FACE\SystemState\NULL\System State\SystemState}\UserLogonScript.vbs”

Place the SYSTEM STATE filespacename between accolades, and place the entire path between (double) quotes.

The SYSTEMSTATE filespace is queried and the output will reveal the actual location of the file on the disk (D:\SYSVOL\domain\scripts\UserLogonScript.vbs). Note that the drive and directory are separated by the | character. Poor them.

Restore the file, like this:
Restore “{systemstate_filespacename}\\exact_path_and_filename” targetdirectory\

In this case:

tsm> restore “{FACE\SystemState\NULL\System State\SystemState}\\face\d$|\SYSVOL\domain\scripts\UserLogonScript.vbs” c:\systemp\

Place the SYSTEM STATE filespacename between accolades, place the double backslash before the exact_path_and_filename and place the entire path between (double) quotes. Don’t forget the trailing backslash after the targetdirectory.
That’s it. If, for some strange reason, you want to restore an entire subdirectory instead of a single file, use this example:

tsm> restore “{FACE\SystemState\NULL\System State\SystemState}\\face\d$|\SYSVOL\domain\scripts\*” c:\systemp\ -subdir=yes

Some of this information is listed in this IBM Technote:

Modified Instructions for Complete Restores of Windows Systems with the TSM Client: Bare Metal Restore (BMR), System State Restore, Windows System Object Restore

Be aware of this warning in the Technote:

“WARNING: these restore commands may create junctions in the restore target directory that point back to critical directories on the running system. Do not delete the temporary restore destination using the Windows explorer interface since it is known to also delete the contents at the target of junctions. Instead, we recommend using the Windows rmdir command to remove the temporary directory.”

In respect to the warning, be sure to use rmdir to remove the temporary directory after the restore:

C:\>rmdir /S c:\systemp

As always, feel free to leave a comment if this was helpful for you in any way, or if you can’t resist the urge.

—-Tommy Hueber