Resolving Veeam Backup Errors for Domain Controllers with SentinelOne

Share This Post

Introduction

If you’re using Veeam to back up domain controllers and have recently installed or upgraded to SentinelOne Agent version 23.2.3.358, you might encounter backup failures.

This post will guide you through understanding the issue and provide a workaround to resolve it.

The Issue

After installing or upgrading to SentinelOne Agent 23.2.3.358 on a domain controller, Veeam backups may fail with the following error:

Processing SERVER Error: VSSControl: -805306334 Backup job failed. Cannot create a shadow copy of the volumes containing writer’s data. Cannot prepare the [NTDS] data for a subsequent restore operation. Cannot process NTDS data. Updating BCD failed. Cannot execute [SetIntegerElement] method of [\SERVER\root\wmi:BcdObject.Id=” {56a36c07-368c-11eb-bd3b-edf2c267e255}”,StoreFilePath=””]. COM error: Code: 0xd0000022

This error is triggered by the boot protection feature of SentinelOne, which interferes with the VSS (Volume Shadow Copy Service) process used by Veeam for backups.

Workaround Solution

Until a fix is provided by either Veeam or SentinelOne, you can use the following workaround to disable the boot protection feature in SentinelOne.

Retrieve the Passphrase

In the SentinelOne console, look up the passphrase for the affected machine. You’ll need this passphrase to make local changes on the machine.

Disable Safe Boot Protection

Log on to the machine with administrative privileges. Open an elevated Command Prompt or PowerShell and run the following commands:


    cd “C:\Program Files\SentinelOne\Sentinel Agent 23.2.3.358”
    .\SentinelCtl.exe config safeBootProtection false -k “PASSPHRASE”
   

Replace “PASSPHRASE” with the actual passphrase you retrieved from the SentinelOne console.

Restart the Machine (Optional)

While it’s not confirmed if a reboot is necessary, performing a restart of the machine immediately after making the change is recommended to ensure the new settings take effect.

Conclusion

By following these steps, you can temporarily resolve the backup errors caused by the SentinelOne Agent. Keep an eye out for updates from Veeam or SentinelOne that address this issue permanently. In the meantime, disabling the boot protection feature should allow your backups to proceed without errors.

For more technical tips and troubleshooting guides, stay tuned to our blog!

Feel free to reach out if you have any questions or need further assistance.

Happy troubleshooting!

More To Explore