top of page

Microsoft Azure Recovery Services Agent (MARS) #1

We have typically 2 types of people:

The one,who already lost data

and the one,who will lose data!

Data breaches are a fixture on the nightly news. And each breach is worse than the last — from supermarkets to financial companies, from 100K affected to 10 Billion affected users.

For example: Aadhar – 1.1 billion users data breach Date: The breach was discovered in March 2018.

At this point, your reaction probably goes no further than a barely audible “meh.That's none of my business” Sad, but true.🤣

In spite of that, when it comes to your company’s data, a breach isn’t the only way it can up and leave you. In fact, many large (and very notable) data loss stories have nothing to do with hackers and a subsequent data breach.

Here’s what we’ve got for you.

In this article we will show you how to solve some common problems with the Microsoft Azure Recovery Services (MARS) backup agent on servers and Windows devices.

MARS is a cloud backup solution that supports Windows Server and Windows client Operating systems. It is a great option if you need a simple, without confusion, offsite backup. The MARS agent is used by Azure Backup to back up files, folders, and system state from on-premises machines and Azure VMs to a backup Recovery Services vault in Azure.

Connection to the Service

One of the frustrations I have experienced with the MARS agent is when opening the Management Console snap-in (MMC). MARS times out while connecting to the back-end services. The easiest way to avoid this problem is to install the agent while logged into the server or PC with a local administrator account. Using Run as Administrator from a standard user’s desktop is creating the problem.

Once the agent is installed and you have registered the device with Azure, you can switch back to a standard, user-account desktop. At the end, you can open the console (Run as Administrator).

One thing to notice, you need local admin privileges to access the console. Make sure you follow best practices by removing admin privileges from users. Therefore, users will not have access to Azure Recovery Services on their devices.

Overcome space problem

On end-user devices, free space can be a particular issue. This is especially true on devices that use low-capacity, Solid-State Drives (SSDs). It could be extremely useful to understand how the MARS agent backs up files.

The first time the MARS agent runs a backup job, it uses a Volume Shadow Copy Service (VSS) snapshot to create a Virtual Hard Disk (VHD) in a scratch folder, and stores Checksums for each block of data.

You can specify the location of the scratch folder as the agent is installed.

On the consecutive runs, modified files are isolated using USN Journal tracking and a new VHD is created with an updated file layout. New Checksums are compared against the initial checksums to identify changed blocks on files in the current backup set.

Any changed blocks are then sent to the Azure vault as blobs. Once the backup job is completed, the differential VHD is merged with the VHD that was created the first time the agent ran on the device, and the checksums in the scratch folder are updated.

To make the initial backup, you will need between 5 percent and 10 percent of free space on the volume. After the initial backup job has completed, the VHD expands and contracts as needed. If you face errors because of a lack of free space on the volume, gradually add folders to the backup set each time the backup runs.

If you are having problems with free space, you can check the amount of space being used by VSS using the vssadmin cmd.

This is shown here:

vssadmin list shadowstorage

It is also possible to change the location of the agent scratch folder after installation by modifying the ScratcLocation value in the following registry keys:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Azure Backup\Config\CloudBackupProvider]

Device Notifications

The MARS agent does not support local notifications but does write to the Event Log (CloudBackup/Operational) on each device. This can be accessed without any special privileges. Because MARS is primarily intended for backing up server workloads, the lack of local device notifications should not be a surprise.

In spite of that, you will need to check the Recovery Services dashboard in the Azure Management Portal. The other option is to set up email notifications. These strategies will ensure backup jobs are completing successfully.

TRADEMARK LEGAL NOTICE All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.

bottom of page