No backup you say .... How many days!?!

I've been upgrading Vault systems for a decade, and if there is one thing that doesn't surprise me it's companies not checking that they have a valid Vault backup.

No backup you say .... How many days!?!

Every week I will check a company's server or receive a support call, because they are looking to upgrade or have just noticed they have not had a backup.  This could have been going on for days, weeks or months and no one has checked on the process.  In fact the current record found by our support desk stands at 1549 days without a backup; over 4 years without ensuing that your engineering data and company's IP is recoverable should something happen.  

The reasons for backups not running correctly are many and varied but in my experience here are the top 3 things to check:

  1. Has someone left the ADMS console open?  The Vault server console can only have one instance open at a time.  Often a CAD administrator will log onto the server and leave this open which means that the backup can't start.  Adding a process kill command into your script can mitigate this.

  2. Has the server has run out of space?  This happens as the vault size increases however strange as it sounds its not always obvious that this is the cause.  If you check your backup logs and find that you are managing to get a backup every 2 days rather than nightly then I would assume that space is the issue.  This is due to the backup cycling that is scripted into your scripts.  Each night your script runs and deletes a B folder.  It then renames an A folder to B, creates and new A folder and stores the backup in it.  By doing this you always have 2 valid backups.  As you start to run out of space you find that the night's backups doesn't complete meaning the A folder is empty.  The next night the cycling happens and that blank A folder become B leaving enough room for a new backup ... hence every 2 nights.

  3. Password changes! My nemesis.  We know that passwords need to be changed regularly however when it comes to admin accounts you need to know what has to be updated as well.  The Vault and associated SQL use many accounts and passwords.  Changes to any of these can and do stop backups from running. 

The main 2 culprits are:

  • the password for the account used by task scheduler to run the backup script.
  • the password for the Vault administrator account.  A lot of companies don't realize that the vault backup script uses an internal vault account and its password is hard coded into the script file.  If someone changes this password then the script also needs updated.

 

As a bit of a guide to the various accounts and passwords I've put together the below guide.  For security reasons I've excluded passwords from the list:

The backups will run off of up to five different accounts of various types:

Account 1 – Impersonation Account

Type: local

User: autodeskvault

Password: Please see Symetri for default details

Role: This impersonation account is used by the ADMS to store data on the server, change configuration files and access the web services.  The account information is changed from within the ADMS console.  Changing this account could lock a company out of the Vault.  It is a local user account by default although this can be changed to a domain user.

Account 2 – VaultSys SQL account

Type: SQL Account

User: Vaultsys

Password: Please see Symetri for default details

Role: This account acts as the database owner inside SQL, creates the databases as required and manages the backups / restore processes 

Account 3 – SQL SA account

Type: SQL Account

User: SA

Password: Please see Symetri for default details

Role: This is the default SA account for SQL.  The ADMS uses this account to write the the SQL database.  Should these password be altered then the new password will need to be to be input within the ADMS console and altered within the backup scripts.

Account 4 – ADMS-servername (SQL Account)

Type: SQL Account

User: ADMS-servername

Password: Please see Symetri for default details

Role: All ADMS operations use this account.  Get files, check out etc...
 

Account 5 – Backup task account

Type: Local / Domain

User: Admin or service account

Password: N/A

Role: This account is used to run the windows scheduled task.  This will require enough permissions to start and stop services on the server.  It should also be a domain account if you wish to copy the backup off the server as part of your script. 

Account 6 – Vault Administrator Account

Type: Vault Account

User: Administrator

PW: blank by default

Role: This is the account that the administrator would use to log into the vault via the client.  This account is utilized within the backup scripts which will need to be altered should the details change.

Again, each of these accounts have a role in backing up the vault and users should be wary of password changes.  Common backup failures are due to passwords expiring or being changed without these changes being reflected within this backup process.

Also note that the backup will not run if the ADMS console is open on the server under any account.  Please ensure that this is closed after use.

There will be a future blog post on how to backup your vault without having the password stored/visible in the backup script so subscribe to the feed so you dont miss out.

For more information on monitoring your Vault backups please see our web pages about our ActiveEye service for Vault.  

Check out ActiveEye on our website.

Blog

Paths to Net Zero: Insights for Sustainable AEC

10 December 2024

As the built environment sector accounts for nearly 40% of global CO₂ emissions, achieving net-zero carbon has evolved from aspiration to necessity. In response, Symetri hosted the Paths to Net Zero: Insights, Technologies, and Solutions webinar series in September 2024. This article distils key takeaways from the series, offering a snapshot of challenges, trends, and impactful approaches shaping the future of decarbonization in the AEC industry. 

Learn more
Blog

What is an LCA? 3 Examples of Life-Cycle Assessments in Building Projects

12 November 2024

A Life-Cycle Assessment (LCA) is a powerful tool used to measure the complete environmental impact of a building project. It evaluates the carbon footprint and other environmental effects throughout a building's life, across four key stages: production, use, end-of-life, and beyond. Below are three examples of how LCAs can guide decisions for more sustainable building projects.

Learn more