How to use the DataBackupRestore.exe program to backup and restore your management server's data and configuration

  • Article ID: 114299
  • Rating:
  • 12 customers rated this article 4.8 out of 6
  • Updated: 30 May 2013

This article explains how to use the DataBackupRestore.exe program to either backup or restore your Sophos management server's configuration.  The DataBackupRestore.exe program is available with Sophos Enterprise Console 5.x and higher.

With this tool you can backup or restore the following components of your management server:

  • Databases.
  • Registry settings.
  • Account information.
  • Configuration files.

Important:

  • The DataBackupRestore.exe program is only designed to help you back up the Sophos management server's configuration from a default installation location. If you have chosen to install to a non-default installation location please read the section Backing up from, or restoring to, a non-default installation location for more information.
  • Sophos recommends that you copy any backed-up data to external secure storage.
  • The tool should be run as a user who is a member of the Windows group "Sophos Console Administrators" to avoid the error mentioned in article 117706.
  • The DataBackupRestore.exe program is installed as part of the 'Management Server' component. Therefore it will not be available on a database-only installation (i.e. on a remote SQL Server installation).
  • If the registry string 'DatabaseConnectionMS' (HKLM\Software\[Wow6432Node]\Sophos\EE\Management Tools) references the 'Data Source' as '(local)' the backup will fail with:
    The instance name (local) is not a local SQL Server instance
    Build FAILED.

    In this situation please specify the -dbinstance=<serverName> option. Please see the usage options below for more details.
  • This tool should not be used to backup the databases on a remote SQL Server instance.  I.e. you can not use -dbinstance to specify a remote SQL Server.  The backup will fail with:
    The instance name [RemoteServerAddressAndInstance] is not a local SQL Server instance
    Build FAILED.

    To backup the databases on a remote SQL Server instance use BackupDb.bat as mentioned in article 110380.
  • When backing up an upgraded installation the following error may be shown in the backup log:
    Warning: Cannot find file C:\Program Files (x86)\Sophos\Update Manager\cac.pem
    This is a known issue (DEF77246) but does not cause an issue as the information cac.pem contains is backed up from the registry. This message can safely be ignored however we have provided a workaround to the error for completeness. Please see: How do I avoid the warning message regarding cac.pem?

Known to apply to the following Sophos product(s) and version(s)

Enterprise Console 5.2.1
Enterprise Console 5.2.0
Enterprise Console 5.1.0
Enterprise Console 5.0.0

What To Do

Locating and running the DataBackupRestore.exe program

Note: The program should be run from a command prompt.  If you have User Account Control (UAC) enabled and are not logged on as the Administrator account you will see the error: The requested operation requires elevation when attempting to run the program.  Either:

  • Elevate the command prompt.
  • Log on as the Administrator account (not an account which is just a member of the Administrators group) as this is account is not affected by UAC.
  • Temporarily disable UAC (requires a reboot).
  1. Select Start | Run | Type: cmd.exe | Press return.
  2. Browse to the folder containing the program:
    • Windows 64-bit type: cd "C:\Program Files (x86)\Sophos\Enterprise Console\"
    • Windows 32-bit type: cd "C:\Program Files\Sophos\Enterprise Console\"
  3. To display the usage option type just the program name: DataBackupRestore.exe -?

Usage options

The available options are:

DataBackupRestore.exe [-Action=action] [-SubSystem=subsystem] [-DataSourceType=datasourcetype] [-DBInstance=dbinstance] [-ExcludeDB] [-S]

Parameter Description
-action The action to be performed. This parameter is mandatory.
Possible Values: Backup, Restore.
-subsystem The sub-system which the action can be performed on.
Default value: All
Possible Values: SEC, Patch, Encryption (5.1+), Security (5.2+), All
-datasourcetype The data source type in the sub-system.
Default value: All
Possible Values: Database, Registry, SecureStore, All
-dbinstance The database server instance name. Specify this to avoid using the instance name from registry. The value must be a local instance name, e.g. (local)\SOPHOS.
If option is not specified the following registry value is used:
HKLM\Software\[Wow6432Node]\Sophos\EE\Management Tools\Database Installer | Instance
If the key does not exist and -dbinstance is not specified then (local)\SOPHOS is used.
-ExcludeDB The switch to exclude database backup or restore. This can be used if databases are managed by DBAs and other users do not have the permission to access the database. This qualifier can only be used when -DataSourceType=All has been specified.
-LocationSpecific The switch to force the location specific resources to be restored. It has no effect during a backup process. This qualifier can only be used when -Action=Restore and -DataSourceType=All has been specified. It has no effect on a backup.
-S Silent Mode. No user interaction (confirmation) during a restore.

Example usage options

The table below shows some of the more common commands you may want to use.

I want to... Command
backup everything DataBackupRestore.exe -action=backup
restore everything DataBackupRestore.exe -action=restore
backup just the database DataBackupRestore.exe -action=backup -datasourcetype=database
backup everything but the database DataBackupRestore.exe -action=backup -datasourcetype=all -ExcludeDB
restore just the database DataBackupRestore.exe -action=restore -datasourcetype=database
restore everything but the database DataBackupRestore.exe -action=restore -datasourcetype=all -ExcludeDB

For a practical example see the 'Enterprise Console 5.x server to server migration guide' in the documents section of the website. 

Where are the files backed up to?

Windows 7 or 2008...

Component Backed up to...
File name Location
Database SOPHOS50.bak or SOPHOS51.bak or
SOPHOS52.bak or
SOPHOS521.bak
SEC 5.0
SQL Server instance backup folder.
e.g., C:\Program Files (x86)\Microsoft SQL Server\MSSQL.10.SOPHOS\MSSQL\Backup\
Note: This folder path is resolved with respect to the SQL server service.
SEC 5.1+
C:\ProgramData\Sophos\ManagementServer\backup\Databases\
SOPHOSPATCH.bak or SOPHOSPATCH51.bak or
SOPHOSPATCH52.bak
SOPHOSENC51.bak or
SOPHOSENC52.bak
SophosSecurity.bak (5.2+)
Account information SEC_SecureStore.bak C:\ProgramData\Sophos\ManagementServer\backup\
Registry Certificate Store CertificationManager.reg
Management Tools Registry key ManagementTools.reg
Management Server registry key ManagementServer.reg
Sophos Enterprise Console registry key
SophosEnterpriseConsole.reg
Patch server private key Patch.reg
Patch server public key EEPatch.reg
Patch configuration files Various C:\ProgramData\Sophos\ManagementServer\backup\Patch\
Console configuration files Various C:\ProgramData\Sophos\ManagementServer\backup\Enterprise Console\

Windows XP or 2003...

Component Backed up to...
File name Location
Database SOPHOS50.bak or SOPHOS51.bak or
SOPHOS52.bak or
SOPHOS521
SEC 5.0
SQL Server instance backup folder.
e.g., C:\Program Files (x86)\Microsoft SQL Server\MSSQL.10.SOPHOS\MSSQL\Backup\
Note: This folder path is resolved with respect to the SQL server service.
SEC 5.1+
C:\Documents and Settings\All Users\Application Data\Sophos\ManagementServer\backup\Databases\
SOPHOSPATCH.bak or SOPHOSPATCH51.bak or
SOPHOSPATCH52.bak
SOPHOSENC51.bak or
SOPHOSENC52.bak
SophosSecurity.bak (5.2+) 
Account information SEC_SecureStore.bak C:\Documents and Settings\All Users\Application Data\Sophos\ManagementServer\backup\
Registry Certificate Store CertificationManager.reg
Management Tools registry key ManagementTools.reg
Management Server registry key ManagementServer.reg 
Sophos Enterprise Console registry key SophosEnterpriseConsole.reg
Patch server private key Patch.reg
Patch server public key EEPatch.reg
Patch configuration files Various C:\Documents and Settings\All Users\Application Data\Sophos\ManagementServer\backup\Patch\
Console configuration files Various C:\Documents and Settings\All Users\Application Data\Sophos\ManagementServer\backup\Enterprise Console\

Backing up from, or restoring to, a non-default installation location

Backing up or restoring the configuration files will fail if you have not installed the Enterprise Console to the default location. In order to use the DataBackupRestore.exe program the configuration files must be in the default program files locations:

  • Windows 64-bit: %programfiles(x86)%\Sophos\Enterprise Console\
  • Windows 32 and 64-bit: %programfiles%\Sophos\Enterprise Console\

For example if you installed the console to 'C:\NonDefault\Sophos\Enterprise Console\' and attempted to backup or restore the management server's configuration you will see several errors returned in the command prompt window:

Warning: Cannot find file C:\Program Files\Sophos\Enterprise Console\<THE_FILE_NAME>.config

Using the DataBackupRestore.exe program for non-default installation locations is not currently supported. We may look to support non-default installation locations in the future.

Note: These files are not a requirement of a full backup and should only be preserved if you have manually changed values under the guidance of Support.

How do I avoid the warning message regarding cac.pem?

Please note that the message is only a warning and will not affect the backup/restoring process.  The warning occurs because the cac.pem file is located in a different folder when the installation has been upgraded from a previous version and not a fresh installation.  We have provided the necessary steps below to workaround the warning.

  1. In Notepad.exe open the file: "C:\Program Files (x86)\Sophos\Enterprise Console\MetaData\Sec.xml"
  2. Locate the section: <LocationSpecificConfiguration>
  3. Locate the line:
    <FileLocation inProgramFilesX86="true">Update Manager\cac.pem</Filelocation>
    and change the path to the cac.pem file:
    <FileLocation inProgramFilesX86="true">SUM\cac.pem</Filelocation>
  4. Save and close the file.
  5. Re-run the backup command.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments