Reconnasissance Tools

Useful tool use to know

a)ICMP Traceroute

Example:

tracert 192.168.4.10

b) TCP Traceroute

Useful when firewall blocking ICMP

Example:

tcptraceroute www.google.com

c) UDP Traceroute

Example:

traceroute www.google.com

d) Nmap

Use nmap to extract info such as live hosts on the network, open ports, services, types of packet filters/firewalls as well as operating systems and version used.

Example: Zenmap

e) MegaPing

Includes scanner such as comprehensive security scanner, port scanner (TCP and UDP ports), IP scanner, NetBios scanner and share scanner

Example: Megaping

f) Netscan tools Pro

Example: www.netscantools.com

g) Solarwinds Port Scanner

h) PRTG Network Monitor

Example: www.paessler.com

i) OmniPeek Network Protocol Analyzer

Example: www.liveaction.com

 j) Nbtstat utility

Display netbios over tcp/ip protocol statistics, Netbios name tables for both the local and remote computers and the netbios name cache

Example: nbtstat -a 10.10.10.20

k) Netbios enumerator

Help to enumerate details such as Netbios name, username, domain name and mac address for a given range of ip address

Example: NetBios Enumerator

l) Global Network Inventory

Example: www.magnetosoft.com

m) Advanced IP Scanner

Example: www.advanced-ip-scanner.com

l) Hyena

Example: www.systemtools.com

m) Nsauditor Network Security Auditor

Example: www.nsauditor.com

Unable to Restore OCP-V VM from S3 When Using Kasten v6.5

I've upgraded to Kasten v6.5. I was able to back up RedHat OpenShift Virtualization VM using Snapshot and S3. However was not able to restore from S3 using TransformSet which I have created on v6.0.12. You may refer to https://www.ms4u.info/2023/12/unable-to-restore-ocp-v-vm-from-s3-when.html .

Reported as a bug for a future fix. 

The workaround is to create a transform when doing restoration. [Click on below to view in large mode]

Unable to Restore OCP-V VM from S3 When Using Kasten v6.0.12

In my environment, I have used Kasten version v6.0.12 to back up Redhat Openshift Virtualization Virtual machine. No problem on using snapshot however encounter an error when trying to restore from S3.

After troubleshooting, realized that S3 backup data is a reference to snapshot backup data which has expired/removed. Well, it is not supposed to and reported as a bug for the next release fix.

For a workaround, you need to create a TransformSet. Refer to the below diagram to configure it and apply it when doing a restoration. [Click the image to view in large mode]

Internal - Change Corporate Password and Sync with Macbook

This note is only for my own internal reference only. [Not applicable for public use] 

1. Change your corporate password using web . 
2. Login to MacBook using old password
3. Connect to Cisco VPN using new corporate credential
4. On the menu bar, click the key icon to login to corporate. Use new credential. It will say password expired in 9 days. Just log out
5. On the key icon, login again with new corporate credential
6. A prompt will ask to enter corporate AD pwd 

a) enter AD - new pwd

b) enter Mac - old pwd

1. Click on Sync, since both pwd is not in sync
2. After sync, it will prompt with result successful
3. Lock your Mac
4. Relogin with new password
5. If log off, please remember your username
6. Relogin with you Mac username & new password

Direct Restore to GCP Test Result

 Here is my lab environment test result on Direct Restore to GCP.

Note: Does not represent the real scenario. Recommend testing on your environment to get the exact result.

The below sharing is just for test purposes

Bandwidth used:

• Download: 800Mbps
• Upload: 200 Mbps

a) Restore from on-prem backup target to GCP

Using worker e2-micro

Using worker c2d-highcpu-2

b) Restore from GCP object storage to GCP

Using worker c2d-highcpu-2

Conclusion: 

• More faster when backup data resides on GCP object storage
• Changing to the higher spec of worker does not improve the restore speed

Install Older Version of Kasten

You may come to a situation where your customer is running an older version of Kubernetes. Example v1.22. Then you want to back up the container using Kasten.

When you run preflight check, the result indicates "Unsupported"

When we checked the user guide: https://docs.kasten.io/6.0.8/operating/support.html,

Minimum version support is v1.24

[Workaround]

Kasten version to support v1.22 is Kasten 5.5.9

https://docs.kasten.io/5.5.9/operating/support.html?highlight=1%2026

Command to install particular version

helm install k10 kasten/k10 -n kasten-io --version 5.5.9

Failed to open MySQL client library

You may encounter this error message when trying to backup mysql database using Veeam agent for Linux

"Failed to open MySQL client library"

Few thing to check

1. Make sure it is supported mysql version : 5.7 - 8.0

2. Correct credential. Use MySQL Workbench to access from VBR to source database server

3. Install libmysqlclient package manually on source database server

Execute command:

sudo apt-get update
sudo apt-get install libmysqlclient-dev

4. Rerun backup

That should do the trick!

Video -Rename Existing Veeam Backup Job Using Powershell

Video -Change Veeam Backup Job Setting Using Powershell

BDRSuite v7.0.0 Release Candidate (RC)

We're excited to announce the availability of the BDRSuite v7.0.0 Release Candidate (RC) build! This pre-release build marks an important step toward our upcoming major release v7.0.0. The RC build enhances our BDRSuite capabilities and is tailored for users seeking backup solutions in KVM, Azure, and AWS environments.

Key Features of BDRSuite v7.0.0 RC:

● KVM Backup and Recovery - Agentless backup for KVM virtual machines through seamless integration with KVM hypervisor. - https://www.bdrsuite.com/kvm-backup/

● Azure Backup and Recovery - Agentless Backup using Azure Native APIs and store backup data locally or in cloud. - https://www.bdrsuite.com/azure-vm-backup/

● AWS Backup and Recovery - Agentless Backup using AWS APIs and store backup data locally or in the cloud - https://www.bdrsuite.com/aws-backup/

BDRSuite v7.0.0 RC Download Link: BDRSuite v7.0.0 RC is now ready for download and is now live on our official website - Download BDRSuite v7.0.0 RC

For additional information and in-depth insights into the v7.0.0 RC, please refer to the following resources:

● Release Notes: https://www.bdrsuite.com/bdrsuite-v7-0-0-release-candidate/ 

● Release Blog: https://www.bdrsuite.com/blog/bdrsuite-v7-0-0-release-candidate-is-available-now/

Kasten Installation Air Gapped Deployment | Isolated Environment Without Internet

V12- Backup and Recover NFS Share Using Veeam | Backup and Recover Promox LXC and VM

Part 3- Backup SQL AlwaysOn Using Veeam Plug-In For MS SQL

Part 2 - Agent Based Backup SQL Always On 2022 Using Veeam

How to Enable SSH and Secure Copy (SCP) on Linux?

 Execute this command:

sudo apt update

sudo apt install openssh-server

nano /etc/ssh/sshd_config

Inside the file, locate the "PermitRootLogin" and set to "yes"

save the file

Restart the SSH server

systemctl restart ssh

Change Veeam Backup Job Setting with PowerShell | Maintain Same Job Name

There is no rename PowerShell cmdlet on veeam v12. So here is my workaround to maintain the same backup job. If I use the clone backup job name, it will perform an active full when scheduling the job run. This is a norm scenario as the backup job name has changed and existing backup data cannot map.

# Connect to the Veeam Backup & Replication server

Connect-VBRServer -Server "VBR12GA"

# Get the backup job you want to clone

$sourceJob = Get-VBRJob -Name "VmwareVM-DC01-demodomain"

# Get the new proxy server

$newProxy1 = Get-VBRViProxy -Name "proxy1.veeamlab.local"

$newProxy2 = Get-VBRViProxy -Name "proxy2.veeamlab.local"

#update proxy

Set-VBRJobProxy -Job $sourceJob -Proxy $newProxy1, $newProxy2

# Specify the name for the cloned job

$clonedJobName = "ClonedJobName-Lai"

$clonedJobNameOriginal = "VmwareVM-DC01-demodomain"

# Clone the backup job

$clonedJob1 = Copy-VBRJob -Job $sourceJob -Name $clonedJobName -Repository "Default Backup Repository"

Remove-VBRJob -Job $sourceJob -Confirm:$false

$clonedJob2 = Copy-VBRJob -Job $clonedJob1 -Name $clonedJobNameOriginal

Remove-VBRJob -Job $clonedJob1 -Confirm:$false

# Save the cloned job

Set-VBRJobOptions -Job $clonedJob2

# Disconnect from the Veeam Backup & Replication server

Disconnect-VBRServer

Change Veeam Backup Job Setting Using Powershell

 Below script is using Veeam v12.

I would like to change the existing backup job in terms of proxy and backup repository. In veeam v12, changing the backup repository on the backup job is not supported. 

Therefore here is my workaround:

# Connect to the Veeam Backup & Replication server
Connect-VBRServer -Server "VBRServerName" 

# Get the backup job you want to clone
$sourceJob = Get-VBRJob -Name "OldJobName" 

# Get the new proxy server
$newProxy1 = Get-VBRViProxy -Name "newproxy1"
$newProxy2 = Get-VBRViProxy -Name "newproxy2"

 #update proxy

Set-VBRJobProxy -Job $sourceJob -Proxy $newProxy1, $newProxy2

 # Specify the name for the cloned job

$clonedJobName = "ClonedJobName"

 # Clone the backup job

$clonedJob = Copy-VBRJob -Job $sourceJob -Name $clonedJobName -Repository "NewRepository"

# Save the cloned job

Set-VBRJobOptions -Job $clonedJob

# Disconnect from the Veeam Backup & Replication server

Disconnect-VBRServer

In summary,

• Change new proxy
• Clone a new job
• Change new repository name

Part1-Agentless Backup SQL AlwaysOn 2022 Using Veeam | Tip and Tricks

Install Kasten on Redhat Openshift

Enhancement on Veeam Backup for Microsoft 365 v7

Recover SQL Cluster Using Veeam Backup Server

Backup and Recover Microsoft SQL Cluster Using Veeam Plug-in for MS SQL

Backup and Recover Microsoft SQL Cluster Using Veeam Agent

Perform Backup Verification Physical and Veeam With Veeam V12

Backup and Recover Nutanix AHV Using Veeam V12

Veeam One V12

Vembu BDRSuite v5.6.0 U1 is available now!

Veambu new version with new features & bug fixes.

Download link: https://www.bdrsuite.com/vembu-bdr-suite-download/ 

Release Notes: https://www.bdrsuite.com/vembu-bdr-suite-release-notes/ 

Release Blog: https://www.bdrsuite.com/blog/bdrsuite-v5-6-0-update-1-is-generally-available-now/ Upgrade Guide: https://www.bdrsuite.com/pdf/release-notes/vembu-bdr-automatic-software-update.pdf

MVP Allumi awarded

What's New Veeam Backup for Microsoft 365 v7

Veeam V12 Backup Microsoft SQL Standalone Using Veeam Plug In

Veeam V12 Backup MacOS Data Using Veeam

Backup and Recover Nutanix AHV VM Using Veeam V12

Virus Found! | Clean DR Capabilities on Veeam Recovery Orchestrator

Agent DR to Microsoft Azure Using Veeam Recovery Orchestrator

Orchestrate Recovery Plan Using Veeam Recovery Orchestrator

Let's learn how to do orchestration for your recovery plan to DR Data Center by using Veeam Recovery Orchestrator

VeeamOn 2023 Virtual / Physical Event

 

Date: May 22-25 2023

Entry: FREE

Virtual Event registration is still available. To attend online, please register - click here

Referral : Lai Yoong Seng

Content: Learn the latest Veeam technology.

Attendee which has registered, you can view on-demand video - click here

Add Kasten Helm Repo

 To install the Kasten Helm chart, follow this step

[root@ocp-svc ~]# helm repo add kasten https://charts.kasten.io/

"kasten" has been added to your repositories

Lastly, run 

helm repo update

Error: WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/ocp-install/auth/kubeconfig Error: no repositories found. You must add one before updating

 Error message when execute command helm version

WARNING: Kubernetes configuration file is group-readable. This is insecure. Location: /root/ocp-install/auth/kubeconfig

Error: no repositories found. You must add one before updating

Solution: Remove the permission

chmod o-r ~/ocp-install/auth/kubeconfig

chmod g-r ~/ocp-install/auth/kubeconfig

Once done, execute helm version again

[root@ocp-svc ~]# helm version

version.BuildInfo{Version:"v3.5.4", GitCommit:"1b5edb69df3d3a08df77c9902dc17af864ff05d1", GitTreeState:"clean", GoVersion:"go1.15.11"}

More detail, please refer to https://github.com/helm/helm/issues/9115 

Access Denied ADMIN$

 Your machine is on workgroup and you would like to access the machine via share/credential.

Example:

\\computername\share

\\computername\ADMIN$

and has key-in computername\username but failed to gain access. The password is correct yet unable to access via Share. 

If you've encountered the same scenario, you can try this on the machine and put these registry key

Open Registry Editor

1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System
2. On the Edit menu, point to New, and then click DWORD (32-bit) Value.
3. Type LocalAccountTokenFilterPolicy to name the new entry, and then press Enter.
4. Right-click LocalAccountTokenFilterPolicy, and then click Modify.
5. In the Value data box, type 1, and then click OK.
6. Exit Registry Editor.

This should do the trick and solve the problem

Create Vcenter SSH Public Key

 To use SSH public key on vcenter, you need to perform this steps:

1. Create Key using puttygen (download putty to use this tool)

a) click on generate

b) move your mouse cursor to generate

c) Save the public key

d) Save the private key

2. Use putty to SSH into vcenter

To enable and start the Bash shell, type

> shell.set --enabled True

> shell

3. Edit authorized_keys

> sudo vi ~/.ssh/authorized_keys

a) Insert the public key. Example that you have created

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCw7K7657C3KVD8uEtuBxvEjPui4lD+xZqw0+k95mCH19/xOEWhY6UJREPVRTIw8sgIa2PvlUjuCh+m7ZUqHdheChFE55qxjvZLhGJrAU2MvpAv6ltL5ePUYo1iQYRD/PdMMJKY9EcOE7MOBFkSKKI9IYnLyGr3+6QDfSbeuLc42qNcxUQVTPhRAn6gbxj3ISTxOrf1PdwixbM5GGlyIPmYxzcRX91QFVuhsPfXPdOeWczm+0cBkqIPraRjBwmu3B5dTZz12EFQtQbZxc6fpxhyj0eIMsu8bFjk49IZkat1hLdP00unYOfyTrkAnF5XdtglNcw40ot5MwW4mRCKfGCZ rsa-key-20230406

b) save it and exit

4. To activate key authentication, you have to make sure /etc/ssh/sshd_config: has the following line

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Error "No suitable authentication method is supported. Supported method "publickey"

Error message when adding Linux credential on Veeam Console

Error "No suitable authentication method is supported. Supported method "publickey" 

Note: Below is for AWS EC2 VM access. We would like to use a password instead of using pem key.

#cd /etc/ssh

#vi sshd_config

Locate PasswordAuthentication no

Change to

PasswordAuthentication yes

Save it.

Restart the ssh service

#systemctl restart ssh

Create a new linux account and add into Veeam Console

Linux - Create another user with root right

Create another user & assign it as root right

# more /etc/passwd

ubuntu user is a root admin on the Linux VM

#-id -a ubuntu

Create another user "veeamadmin" & assign same right as ubuntu user.

#useradd -u 1001 -g 1000 -m -d /export/home/veeamadmin veeamadmin

Check veeamadmin

#id -a veeamadmin

#visudo

Go to #User privilege specification, after root entry, key in

veeamadmin ALL=(ALL:ALL) ALL

Save the file

Assign password to veeamadmin

# passwd veeamadmin

Key in your password

To verify, type

su - veeamadmin

Veeam V12 - Backup and Recovery Oracle Using RMAN

 Prior to v12, deployment of oracle rman and configuration is a tedious and manual process. With v12, it is a game changer. You can now deploy the plug-in & configure the backup job centrally from Veeam Console. View the below video in action

Veeam V12 - HPE Storeonce Immutability with Veeam

 Let's view immutability enhancement on Veeam v12 and HPE Storeonce

Veeam V12 - Object Storage Enhancement

 Let's move on to the next Veeam V12 next enhancement. The video below exploring on object storage

Deploy Veeam Linux Hardened Repository in 10 Minutes

 Having a hard time deploying Linux Repository?

Well, you need to have Linux knowledge to do so. However, you can refer to the below guide to learn how to setup within less than 10 minutes.

Veeam V12 - NAS Recovery Enhancement

We have performed NAS backup using Veeam V12, and it's time for us to look at NAS recovery. Click on the below video:

Enable Application Aware on Veeam Backup for AWS

 Before enabling application-aware processing backup on EC2 instance, follow below steps. 

Here are a few guidelines and steps for ensuring the VSS-enabled snapshots complete successfully.

https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/application-consistent-snapshots-getting-started.html#run-command-vss-role

1. The Windows instance must have the SSM agent installed and running. For system requirements and installation instructions for the SSM agent, visit the AWS Systems Manager documentation, https://docs.aws.amazon.com/systems-man ... l-win.html
2. The Windows instance must have an IAM instance profile attached that:
   * Allows Systems Manager to interact with the instance
   * Allows Systems Manager to create VSS-enabled snapshots
   For information on instance profiles and IAM policies required to create VSS-enabled snapshots, visit the AWS EC2 User Guide for Windows Instances, https://docs.aws.amazon.com/AWSEC2/late ... shots.html.
3. Ensure the IAM instance profile has the "AmazonSSMManagedInstanceCore" role attached.
4. Ensure the IAM instance profile has an IAM policy attached that allows VSS-enabled snapshots. See the following page for the JSON IAM policy for VSS-enabled snapshots, https://docs.aws.amazon.com/AWSEC2/late ... d-vss-role
5. The Windows instance must have the AWS VSS Components package (AwsVssComponents) installed. Installation instructions for the AWS VSS Components are in the AWS EC2 User Guide for Windows Instances, https://docs.aws.amazon.com/AWSEC2/late ... ss-package

Here are the steps I followed to fix the issue on one Windows 2012r2 EC2 (affected OS version):

1. Uninstalled SSM Agent on EC2 (cleaned %ProgramData% caching);

2. Installed AWS Tools and SDK (msi setup containing Powershell extensions enabler);

3. Installed SSM agent;

4. Distributed AwsVssComponents package (here i think was now the point);

5. Run Command AWSEC2-CreateVssSnapshot and worked

Set Postgresql Limit on Veeam Database

When you make changes to hardware for Veeam Database or want to set limit, you are required to re-run this command.

Note: Require to restart postgresql services once execute the below command. If your VBR is using MFA-enabled, you need to turn it off first

Set-VBRPSQLDatabaseServerLimits

a) VBR + Database on the same server

Run 

Set-VBRPSQLDatabaseServerLimits

b) VBR Database on a different server/ remote server

Example: 16 cores, 30GB RAM

Set-VBRPSQLDatabaseServerLimits -OSType Windows -CPUCount 16 -RamGb 30

Set-VBRPSQLDatabaseServerLimits -OSType Linux -CPUCount 16 -RamGb 30

For more detail, please refer to https://helpcenter.veeam.com/docs/backup/powershell/set-vbrpsqldatabaseserverlimits.html?ver=120

Veeam V12 NAS Backup Enhancement

 View the below video on the latest v12 enhancement on NAS Backup

Enabled MFA on Veeam Backup Console

In v12, Veeam dropped a new security feature. You can now enable MFA for additional security before using the Veeam console. To view it in action, please view below video

Error: Unable to connect to the server with MFA-enabled user account. Execution environment cannot be initialized to Remote

 Encountered this error message when using

• VBR v12 - Veeam Backup & Replication
• VRO v6 - Veeam Recovery Orchestrator

Error message:

"Unable to connect to the server with MFA-enabled user account. Execution environment cannot be initialized to Remote"

This happened when trying to add Microsoft Azure Recovery Location.

The problem is when using an account with MFA to connect from VRO to VBR v12.

[Solution]

1. Remove Orchestrator Agent that connects to VBR Server

2. Add a service account [without MFA] to VBR Server. Example: veeamlab\veeamsvc

3. Add the service account that you've used into VBR local administrator

4. Re-deploy the Orchestrator agent using the service account. Example: veeamlab\veeamsvc

Upgrade Veeam V11 to V12

 Veam just launched v12 for their Veeam Backup & Replication.

We do encourage you to 

1. Backup Configuration Catalog

2. Clone the VBR Server & perform a test upgrade on the isolated environment first

3. Identify issues and problems of the upgrade before doing it on the production environment

4. Review the Upgrade checklist :- https://helpcenter.veeam.com/docs/backup/vsphere/upgrade_vbr_byb.html?ver=120 

Don't rush to perform an upgrade to the production environment.

You may view on upgrade video on how the upgrade process looks like

Optional to migrate to Postgresql if you're running SQL Server. However, if you're using SQL Express, you may want to try to migrate the database.

Enjoy and Good luck with upgrading to Veeam V12. 

Stay tuned for daily releases on new enhancement V12 on my youtube channel

Veeam Services Unable to Start Due to Conflict

 After installation of veeam, you may encounter that services were not able to start.

The reason is probably in conflict with an existing application.

Example: 6161 is conflicting with other port

[To verify]

Open PowerShell and execute the command

Get-Process -Id (Get-NetTCPConnection -LocalPort 6161).OwningProcess

[Solution]

Open regedit, find the service port, and change it

Backup and Recover Microsoft SQL Server Running on a Container

 I've set up a lab environment. Scenario is 

MS SQL Server deployed as a container 

Management tool on Windows VM

In this demo, I've shown on how to perform a backup and recover the MS SQL Server database running on a container.

Earth Hour 2023

 

Increase Kasten Catalog Storage

You may notice that Kasten indicated less than 50% on catalog storage. Less than 50% storage will not allow you to perform further Kasten upgrades. 

The first thing that you need to do is add more storage on the worker node & expand it.

If the problem still persists, then you need to increase the default catalog pv size from 20Gi to 40Gi.

Before you do that, you need to check and make sure your storage class allows you to do so.

Command:

kubectl get storageclass <storageclass> -o jsonpath={'.allowVolumeExpansion'}

Note:- take note of the dot inside the { }

The result must be "true"

Next steap

Run a helm upgrade to increase global.persistence.catalog.size to your desired value (example below sets to 40GB):

helm get values k10 --output yaml --namespace=kasten-io > k10_val.yaml && \
   helm upgrade k10 kasten/k10 --namespace=kasten-io -f k10_val.yaml \
   --set global.persistence.catalog.size=40Gi

You storageclass pv has increased to 40Gi

Kasten side: