Error ID: 4387 for MABS if not domain joined. But what about in a disaster situation when there is no domain?

Hello MABS-MAN,

Welcome to the Microsoft Q&A and thank you for posting your questions here.

I understand that you are having an Error ID: 4387 for MABS if not domain joined. Also, asking what about in a disaster situation when there is no domain.

The situation is that Error ID: 4387 occurs with Microsoft Azure Backup Server (MABS) if the host server is not domain joined. Also, in a disaster situation, if there is no domain to join, it makes it challenging to restore server backups from the Azure repository.

To resolve the issue:

1. Set up a temporary domain controller on a new server. Then, join the MABS server to the temporary domain. Then, restore the real domain controller backups from the Azure repository. After, decommission the temporary domain and rejoin the MABS server to the restored domain.
2. Configure the MABS server in a workgroup and make sure proper network configuration and authentication settings. Then, restore the necessary backups from the Azure repository- https://learn.microsoft.com/en-us/answers/questions/1331520/error-id-4387-during-the-installation-of-mabs
3. Identify and restore the domain controller backups from the Azure repository and once the domain controllers are operational, join the MABS server to the restored domain. Then, proceed with the restoration of other servers.

I hope this is helpful! Do not hesitate to let me know if you have any other questions or clarifications.

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

@MABS-MAN Thank you for contacting us on Microsoft Q&A platform. Happy to help!

If you have a disaster situation and you are getting error "Error ID: 4387" then you could follow below mentioned suggestion to get your DC back up and running.

Disaster Recovery Plan

• You can create another domain on your DR site.
• Create a new windows VM, join it to domain and install MABS on it.
• While registering, please register your DR MABS server to same vault.
• In the case of disaster, where your DC is down or DC and MABS server both our down. (Even your storage is attacked by ransomware)
• You can use this DR MABS server and use add external DPM option in order to restore the vaulted data of your primary MABS server to this MABS server. https://learn.microsoft.com/en-us/azure/backup/backup-azure-alternate-dpm-server
• Once the data is restored, then you can bring up your DC and get your primary MABS server up and running as well. Also, if your MABS server is also down and storage is infected by ransomware then you can use below article to rebuild MABS Server. https://learn.microsoft.com/en-us/azure/backup/backup-azure-microsoft-azure-backup#move-mabs-to-a-new-server

Note: The most important thing which you need to execute this recovery plan is your encryption passphrase as Microsoft does not keep it and we don't have a way to recover it.

** Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful **

Hi @MABS-MAN ,

As temporary domain is not a good solution, there are two effective ways to accomplish backup restoration and domain redundancy using secondary MABS servers and Azure AD DS:

 A) Set Up Secondary MABS Server with On-Prem Secondary Domain Controller (DC):

 1. Set Up a Secondary Domain Controller (DC) On-Prem:

 Purpose: To provide domain redundancy in case the primary Domain Controller (DC) fails.

 Steps:

 Install a new Windows Server (same version as the primary DC).

 Promote the server to a secondary DC to replicate Active Directory (AD) data.

 Ensure that AD replication between the primary and secondary DC is working fine.

 This ensures that even if the primary DC is down, your secondary DC will handle authentication and management of your domain.

 2. Set Up the Secondary MABS Server On-Prem:

  Purpose: To have a backup MABS server on-prem that can restore data if the primary MABS server goes down.

 Steps:

Install MABS (Microsoft Azure Backup Server) on the secondary server.

 Register the secondary MABS server with the Azure Recovery Services Vault (RSV) for backup restoration.

 Ensure the secondary MABS server is configured to communicate with your secondary DC to restore the necessary domain and machine data.

 B) Set Up Azure Active Directory Domain Services (Azure AD DS) and MABS in Azure:

 1. Set Up Azure AD DS:

 Purpose: To enable domain services in Azure in case your on-prem AD is unavailable (e.g., in a disaster recovery situation).

 Steps:

 Create and configure Azure AD DS in the Azure portal.

 Sync your on-prem AD to Azure AD to replicate users and group data.

 Set up a site-to-site VPN or ExpressRoute between your on-prem network and Azure to enable communication.

 2. Set Up a New MABS Server in Azure:

 Purpose: To have a backup MABS server in Azure that can handle backup and restore operations if the on-prem MABS is down.

 Steps:

 Deploy a new VM in Azure for MABS.

 Install MABS on the VM in Azure.

 Register the new MABS server with your Azure Recovery Services Vault.

 Ensure the MABS server in Azure can authenticate using Azure AD DS if needed (or direct access to Azure AD).

 The new MABS server will be able to restore data from the Azure vault using Azure AD DS for domain authentication.

 Summary Solution:

 On-Prem: Set up a secondary DC and secondary MABS server to ensure local redundancy and availability.

 Azure: Set up Azure AD DS for domain services in Azure and deploy a new MABS server in Azure for disaster recovery scenarios.

 This ensures that no matter what happens—whether the primary MABS or the entire on-prem site goes down—you can restore backups either from the secondary MABS server on-prem or the MABS server in Azure.

Please let me know if you face any challenge here, I can help you to resolve this issue further

Please provide your valuable comments

Please do not forget to "Accept the answer” and “upvote it” wherever the information provided helps you, this can be beneficial to other community members.it would be greatly appreciated and helpful to others.