这周所有点的backup exec备份全部失败,错误提示如下:

 

The job failed with the following error: Failed to log on to Microsoft Windows.

Ensure that your logon credentials are correctly entered and that they meet the following minimum requirements to log on to a Windows computer:

 - The credentials used are a member of the Backup Operators group.

   - For Windows Vista/2008 and later, the credentials have the Log on as a batch job privilege.

 Additional privileges may be required to access resources on the Windows computer.

由于所有点的都失败,所以怀疑是账号问题,检查发现此账号属于domain admins组,权限已经非常大了。重新建立job连resource 也提示错误"Connection with server failed. Hit <F5> to retry",所以更加确认是账号问题.search到一个link,http://www.symantec.com/connect/forums/connection-server-failed-hit-f5-retry-1  有如下说明:

the Backup Exec user to the setting “Log on as a batch job” in the Default Domain Controllers Policy/Computer Configuration/Windows Settings/Security Settings/Local Policies/User Rights Assignment/ Once you’ve added the Backup Exec user   ,检查default domain policy后发现备份用户不在这里,将其加入进去后在server gpupdate /force后正常。所以总结如下

1:默认的log on as a batch job是有backup operators和administrators,所以只要做策略将备份用户加入到所有服务器的本地管理员组中即可。

2:为了更加细化控制备份用户的权限,可以将 log on as a batch job的两个默认的组删除掉,将备份的用户加入进去即可。