Backup everything including the database

Question

Hello,

I am wondering about automating a backup of everything in Adaxes on a daily basis. I found a forum about backing up custom commands and business rules which I need to do also. What I am concerned for is a bunch of the custom rules add custom date attributes to users but these attributes are not kept if the program is reinstalled and I figured they are in the database log but unsure. My worries are if for whatever reason there is failure and we have to rebuild and we lost all of the date/time attributes so the deprovisioning we have customed designed would be broken for all users in the 6-month deprovision process. Is there an easy way to backup everything or maybe a script?

Answer 1

Hello,

You can use the Softerra.Adaxes.BackupRestore.exe tool to backup your Adaxes service configuration. Besides creating a backup of the service settings, it also saves custom attributes.

You can automate backup process using command line and scheduling a task in Windows Task Scheduler.

To learn how to create a backup, refer to the following article: http://www.adaxes.com/help/?HowDoI.Mana ... ation.html. Command line parameters for backup are described in http://www.adaxes.com/help/?HowDoI.Mana ... dLine.html.

Keep in mind that the Web Interface configuration needs to be backed up separately. You can also use command line to backup it. For more information refer to the following article: http://www.adaxes.com/help/?HowDoI.Conf ... dLine.html.

Comments

Thank you,

This is very problematic. We cannot leave Domain Admin credentials in a batch file, or even any user's credentials in a batch file as it poses a risk. We can manually run backups but an automated secure way would be extremely useful. Any Ideas?

---

Hello,

Yes, actually, Windows Task Scheduler allows specifying the credentials that will be used to run a scheduled job. The job will be run as if the specified user is logged on to Windows. The credentials will be stored securely by Windows, and there will be no need to specify them via the command line. To specify the credentials:

1. On the General tab of the Create Task dialog, click Change User or Group under Security options.
   
2. In the dialog box that appears, select the account of Adaxes default service administrator.
3. Activate the Run whether user is logged on or not option.
   
4. Specify all the other parameters of the task.
5. When saving the task, you will be prompted for the password of the account that you've specified.

---

Well I would think this would work okay, however, It gives me this message : "Failed to back up the service configuration file due to the following error: This implementation is not part of the Windows Platform FIPS validated cryptographical algorithms."

We push FIPS compliance throught GPO's and it must stay that way. Anything else I can try?

---

I've had trouble creating the backup with specifying credentials as well. Is there any issue with doing a VM level backup only?

---

Hello,

Well I would think this would work okay, however, It gives me this message : "Failed to back up the service configuration file due to the following error: This implementation is not part of the Windows Platform FIPS validated cryptographical algorithms."

We push FIPS compliance throught GPO's and it must stay that way. Anything else I can try?

Actually, the issue would occur anyway, no matter how you start the backup process: manually or via a scheduled task. It occurs when FIPS compliance validation is enabled and you chose to include credentials in the backup file. The thing is that the credentials are included in encrypted form. To encrypt the credentials, standard .NET Framework encryption mechanisms are used, however they are not compliant with FIPS. We are already aware of the issue, and a fix will be included in the nearest release.

To work around it, you can:

• Not include the credentials in the backup file. In this case, after restoring Adaxes configuration, you'll need to manually re-enter all credentials used by Adaxes service. This includes credentials for managed domains, credentials used to run PowerShell scripts via the Run a program or PowerShell script action, and credentials for your Office 365 Tenants. For this purpose, disable the Back up credentials option on step 2 of the Backup/Restore Adaxes Configuration wizard.
  

• Disable FIPS compliance validation for Adaxes backup/restore tool. In this case, it will be possible to encrypt the credentials using the standard non-compliant mechanism.

  1. On the computer where Adaxes service is installed, locate the Softerra.Adaxes.BackupRestore.exe.config file. You can find it in the folder where Adaxes service is installed, which is C:\Program Files\Softerra\Adaxes 3\Service by default.

  2. Open it in a text editor, e.g. notepad.exe.

  3. Add the following enforceFIPSPolicy section immediately before the closing tag of the configuration\runtime section.

      ```powershell
      <configuration>
        ...
        <runtime>
          ...
            <enforceFIPSPolicy enabled="false"/>
        </runtime>
     
      ```

  4. Save the file.

I've had trouble creating the backup with specifying credentials as well. Is there any issue with doing a VM level backup only?

Backup on the VM level can be a very bad idea, especially if you have Adaxes services installed on several computers and sharing configuration between them. In such a case, replication between the Adaxes services is performed by means of Adaxes service backend, which is an instance of AD LDS. Restoring an image that is several days, or in some cases several hours old can disrupt AD LDS. For this reason, we recommend always using Adaxes service backup/restore instead.