IBM Support

QRadar: Restoring a backup failed due to an incorrect host name

Troubleshooting


Problem

An attempt to restore a backup from an old appliance to new appliance failed with the following error: "Unable to restore backup archive".

Symptom

Symptom /store/backup/backup.nightly.Qradar_3.26_07_2015.config.1437978744.tgz does not exist. Failed to extract backup.


Jul 28 09:00:12::ffff:10.x.x.x [hostcontext.hostcontext] [BackupServices_restore] com.q1labs.hostcontext.backup.BackupRecoveryEngine: [ERROR] [NOT:0000003000][10.10./- -] [-/- -]Unable to execute restore request
Jul 28 09:00:12::ffff:10.x.x.x.x[hostcontext.hostcontext] [BackupServices_restore] com.q1labs.configservices.hostcontext.exception.RestoreException: Unable to restore backup archive

Jul 28 09:53:15 ::ffff:10.x.x.x [hostcontext.hostcontext] [Thread-860] ComponentOutput: [ERROR] [NOT:0000003000][10.x.x.x/- -] [-/- -]ErrorStream backup_extract: Tue Jul 28 09:53:15 EDT 2015 [backup.sh] ERROR: /store/backup/backup.nightly.Qradar_3.26_07_2015.config.1437973398744.tgz does not exist
Jul 28 09:53:15 ::ffff:10.x.x.x [hostcontext.hostcontext] [Thread-860] ComponentOutput: [ERROR] [NOT:0000003000][10.x.x.x/- -] [-/- -]ErrorStream backup_extract: Tue Jul 28 09:53:15 EDT 2015 [backup.sh] ERROR: Failed to extract backup

Cause

This may be caused if the host name on the old appliance was different than the one on the new appliance. In this case, the old appliance's host name was Qradar (capital Q), but the host name on the new appliance was qradar (lower case q). This caused the backup to be named with upper case Q which is failing to restore due to file name mismatch.

Environment

QRadar 7.2.5

Diagnosing The Problem

Verify that the host name from the old appliance matches the host name from the new appliance and that the backup file name matches these host names accordingly.

Resolving The Problem

Accordingly, rename the backup file, so that the Old Backup host name matches the New Backup host name. Copy the backup into the backup inbound folder. Alternatively, if the backup is on a Windows system, go to the QRadar web user interface. Then, perform the following Admin Tab > Backup and Recovery > Upload Archive. Restore again using the newly named Backup.


Where do you find more information?


[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Installation","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21963260

Page Feedback