In previous versions of Data Protector it was simple to change the user account for the Data Protector services. With Data Protector 8.0 and the new IDB some more steps are required to change the user. The steps below were verified in a test environment.
- Stop the Data Protector services with the command
omnisv -stop
. - Add the new user to “Impersonate a client after authentication” in local security policy.
- Add the new user to “Replace a process level token” in local security policy.
- Change the user for the Data Protector services (Application Server, CRS, IDB, IDB connection pool).
- Change the user in file
userlist
in Data Protector (example:C:\ProgramData\OmniBack\Config\Server\users\userlist
). - Change the user in file
pg_ident.conf
(example:C:\ProgramData\OmniBack\Server\db80\pg
). - Change the user in file
idb.config
(example:C:\ProgramData\OmniBack\Config\Server\idb
). - Add administrative rights for the new user to OmniBack folders (example:
C:\ProgramData\OmniBack
andC:\Program Files\OmniBack
). - Start the Data Protector services with the command
omnisv -start
.
Update 2016/01/20: In case you cannot start the service hpdp-idb after the changes above, you might need to modify permissions. The new AD user requires the same permissions – see old user – on folder db80. Thanks to Jim Turner.
danke für diese Anleitung. Habe bis anhin bei allen Installationen die Services immer auf Local System umgestellt. Funktionierte immer problemlos. Habe nun kurz im LAB für DP 8.0 getestet. Die beiden von dir beschriebenen Dateien müssten wie folgt angepasst werden, wenn man auch bei DP 8.0 die Services auf Local System ändert:
pg_ident.conf
# MAPNAME SYSTEM-USERNAME PG-USERNAME
hpdpidb SYSTEM hpdp
idb.config
PGOSUSER=’NT AUTHORITY\System’;
starten und stoppen Services läuft ohne error.
“omnidbcheck -extended” bringt ebenfalls keine Errors.
Ich denke, so müsste alles funktionieren. Im LAB sieht es gut aus…
Pingback: Data Protector 8.0 – Services als Local System laufen lassen | zerofocus.ch
Would you know if you can import a 6.11 IDB into Dataprotector 8 and use it to recovery from?
Hi,
you cannot Import the DP 6.11 IDB into DP 8.0 IDB – as there are different databases. What you can do is importing the media into IDB DP 8.0.
Best regards
Daniel
Pingback: Migrate DP 8.XX to DP 8.XX using new hardware or different MS Windows operating system
Hi Daniel,
I’ve noticed that the IDB backup fails after following the above instructions when the DP INET service is configured to run using the Local System Account.
[Critical] From: OB2BAR_POSTGRES_BAR@server.domain.com “DPIDB” Time: 17/07/2014 12:39:56
Putting the Internal Database into the backup mode failed
This is fixed by adding an inet impersonation for the new account you are using for the services
omniinetpasswd -add DOMAIN\NewAccount Pasw0rd Pasw0rd
Might be useful for someone else with the same problem 🙂
Thanks,
Jenni
Hi Daniel,
If using a ‘domain service account’ in the above example then do we need to add the user account in local security policy on cell manager or DC ?
Regards
Raj
Hi Raj,
you will add the user on the cell server in local security policy.
Best regards
Daniel