Problem : Running MS SQL backups from a third party scheduler (MS SQL Scheduler) with no hard coding of user ID or password refuses to use the NBU SQL userID and password in the windows registry.
Anybody found a better solution than what we have found to date?
So far found:
- It doesn't work and the use of the "encrypted file" appears to be a myth. There seems to be no recent documentation on this encrypted file creation and usage. So far support have recommend TECH5647 as the solution.
- Making the SQL user that NBU has in the registry with its encrypted password a local admin will work. For security reasons this is not a desirable solution. The NBU SQL user is set as a SQL admin on the box and in AD.
- Making the SQL backup user have read access to:
-- The registry location where the NBU user ID and password is kept +
-- The location where the BCH file is kept
-- NBU install area. Suspect it may require write access to the NBU log area.
TECH5647
In document TECH5647 it describes "By omitting the userID and passwords from the batch file, you can ensure that NetBackup for SQL Server will read the default parameters from an encrypted login file" and that file can be found under install_path\DbExt\Mssql\Logins\ when you followed the procedure described in the tech note.
That tech note is 14 years old and probably every related document, including the current manual, refers to the "encrypted file" without any explanation. Looks like the modern version of NBU doesn't create that file and probably 14 years ago didn't use the registry as a location to store the encrypted user ID and password.