GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Disaster Recovery Failing Using KMSRecover
Disaster Recovery Failing Using KMSRecover [message #151324] Tue, 22 March 2022 15:00 Go to next message
fishtech is currently offline  fishtech
Messages: 605
Registered: September 2010
Hi,

I am simulating recovery in case of disaster scenarios, but having some problems accessing the backups using kmsrecover command.

My backup directory for Kerio Connect is an external Pegasus RAID volume. Connect schedules a Full backup every Friday night and Differentials every other night.

The Backup volume is subsequently cloned to SATA disks which are taken off-site.

For testing I have set up a bare-metal MacMini (M1 running 10.15) with a fresh Kerio Connect trial installed. I have connected one of the SATA backup clones. Kerio Connect is not running. Kerio connect has NO settings configured.

I am having problems trying to run KMSRecover commands on the SATA backup clone. For example, when trying to recover a single user's mail folder I run:

sudo /usr/local/kerio/mailserver/kmsrecover -d mycompany.com -u username /Users/admin/Desktop/Recover /Volumes/Mail\ Offsite\ Backup\ 1B/BACKUP/F20220115T040005Z.zip

I get:

No full or copy backup has been found!
Error occurred during recovery process (code 7).


In fact all commands using fmsrecover get the same error.

Can anybody advise why I am getting the error? Perhaps I need to move config files into place before I can run kmsrecover successfully?
Thanks,

ft.
Re: Disaster Recovery Failing Using KMSRecover [message #151330 is a reply to message #151324] Tue, 22 March 2022 21:43 Go to previous messageGo to next message
Backspin is currently offline  Backspin
Messages: 122
Registered: June 2008
Location: Amsterdam, the Netherland...
Maybe privacy settings in 10.15 are blocking access to the backups? Have you tried giving Full Disk Access to kmsrecover and/or Terminal?

Re: Disaster Recovery Failing Using KMSRecover [message #151478 is a reply to message #151330] Tue, 19 April 2022 17:43 Go to previous messageGo to next message
fishtech is currently offline  fishtech
Messages: 605
Registered: September 2010
Hi.,

Thanks for the suggestion. Terminal does have Full Disk Access.

But if I try sudo cd /usr/local/kerio/mailserver and then ls -l I just get the following...

total 0
drwx------@ 8 seachem staff 256 Mar 31 10:32 Desktop
drwx------+ 3 seachem staff 96 Mar 14 14:38 Documents
drwx------+ 7 seachem staff 224 Apr 14 14:42 Downloads
drwx------@ 76 seachem staff 2432 Mar 16 10:31 Library
drwx------ 4 seachem staff 128 Mar 16 10:09 Movies
drwx------+ 3 seachem staff 96 Mar 14 14:38 Music
drwx------+ 4 seachem staff 128 Mar 14 16:01 Pictures
drwxr-xr-x+ 4 seachem staff 128 Mar 14 14:38 Public


So, Terminal is unable access /usr/local/kerio/mailserver with a SUDO command.

Permissions for the /mailserver folder are:

System... RW
Everyone... No Access

Admin be logged in as Root user for recovery to proceed?

Thanks,

ft.
Re: Disaster Recovery Failing Using KMSRecover [message #151480 is a reply to message #151324] Tue, 19 April 2022 23:58 Go to previous messageGo to next message
Backspin is currently offline  Backspin
Messages: 122
Registered: June 2008
Location: Amsterdam, the Netherland...
Doing only sudo cd /usr/local/kerio/mailserver will execute the cd command as superuser/root, not as the current user. So your following ls command will just list the folder you were already in.
You should do sudo su to change to root user, and then cd /usr/local/kerio/mailserver followed by ls or pwd

But I think this is not the problem, but kmsrecover not having full disk access probably is. But giving it access through System Preferences is tricky because you can't browse to the /usr/local/kerio/mailserver folder as a normal nor admin user.

Edit: to give kmsrecover full disk access, you could try to enable to the root user (with /System/Library/CoreServices/Applications/Directory Utility.app) and log into your mac as the root user. Use System Preferences->Privacy to give kmsrecover full disk access. Now try to run kmsrecover (or 'cleaner': logout the root user, login as your normal admin user again, disable the root user, and run kmsrecover with sudo).

Edit 2: are you using your kmsrecover command correctly? You wrote that you run the command 'sudo /usr/local/kerio/mailserver/kmsrecover -d mycompany.com -u username /Users/admin/Desktop/Recover /Volumes/Mail\ Offsite\ Backup\ 1B/BACKUP/F20220115T040005Z.zip'
From what I understand from the instructions, if you want to specify an output folder (/Users/admin/Desktop/Recover) you need to use '-s /Users/admin/Desktop/Recover'. Without it, kmsrecover will use /Users/admin/Desktop/Recover as a source folder and look there for existing backups. That would explain the 'No full or copy backup has been found!' error.


[Updated on: Wed, 20 April 2022 00:25]

Report message to a moderator

Re: Disaster Recovery Failing Using KMSRecover [message #151487 is a reply to message #151480] Thu, 21 April 2022 06:35 Go to previous messageGo to next message
wardrose is currently offline  wardrose
Messages: 1
Registered: April 2022
Providing it access through System Preferences is difficult since neither a normal nor an admin user may navigate to the /usr/local/kerio/mailserver folder. I don't believe this is the issue; I believe kmsrecover's lack of complete disk access is.
Re: Disaster Recovery Failing Using KMSRecover [message #151528 is a reply to message #151324] Wed, 27 April 2022 15:42 Go to previous message
fishtech is currently offline  fishtech
Messages: 605
Registered: September 2010
Thanks for the helpful info & suggestions. I had worked through this problem before seeing the replies.

The key to get it done for me was simply to enable root user then log in to the gui as root.

Next time I will try sudo su.

I had already given Terminal.app full disk access & I don't know if this was necessary or not.

I guess deactivating SIP during restore process would also work, but that's not possible in any kind of remote scenario.

At least I now know this can be be done & have made notes for future reference. I hope I do not need them Smile

Clearer restore directions from Kerio (reflecting recent macOS security changes) would be appreciated Smile

ft.

[Updated on: Wed, 27 April 2022 15:43]

Report message to a moderator

Previous Topic: no caldav/cardav profile on ipad
Next Topic: DIRECT Cloud backups
Goto Forum:
  


Current Time: Thu Sep 29 04:37:06 CEST 2022

Total time taken to generate the page: 0.02483 seconds