0

We have a server which has its system partition C: on one disk and another partition on a second disk. Both partitions are encrypted by VeraCrypt. The partition on the second disk has been added to the system favorite volumes in VeraCrypt, so it gets mounted quite early during bootup via PBA (Pre-Boot-Authentication), and then is accessible as usual by its drive letter (in this case, D:).

We would like to run Acronis Backup 11.7 on that server to -ehm- backup it. While it has no problem with the encrypted system partition, it obviously is not able to deal with the partition on the second disk. It seems that it uses the wrong volume ID, probably because it is querying the OS only for "hardware" disks.

The following image demonstrates the problem:

Acronis backup sources configuration

While it recognized the partitions on the system disk correctly, this is not true for the second disk. The volume ID shown there belongs to the raw (encrypted) partition, not to the partition as mounted (decrypted) by VeraCrypt.

This is clearly demonstrated by the following image (note that the volume ID shown by Acronis indeed is that of the raw partition which has no mount point, while the mount point D: has another volume ID):

Volume IDs as shown by mountvol

Is there any way to make Acronis image the encrypted partition on the second drive correctly?

Some notes:

  • Yes, I know that the image will be unencrypted (unless I activate the appropriate option in the backup settings); this does not matter because the images will be stored in a location which is encrypted with VC as well.

  • And yes, I know that I will get an unencrypted system / data disk when I restore this image; that also doesn't matter because you can't get around this when you want to image an encrypted partition from within the running system.

  • For testing purposes, I have removed the second partition from the backup source, have created an empty folder in C:, and have linked D: to it, by an NTFS junction as well as by mounting the correct volume to it via mountvol. In each case, Acronis has archived the system partition correctly, including the junction, but not the contents (destination) of the junction, so this didn't lead to anywhere.

  • And interestingly enough, Acronis is not even able to take a file backup from that second disk; if we try that, we get exactly the same error as with the volume backup, as shown in the following picture:

Acronis error message

I it would help, I could provide a full error log.

Binarus
  • 558
  • 5
  • 16
  • We ran into such a problem too (with truecrypt) ... but sorry, we couldn't find a (stable) solution. So we just stopped using acronis and installed veeam. Sorry, I know is isn't really helping. – bjoster Mar 22 '19 at 11:57
  • @bjoster Veeam explicitly states that they can **not** image VC-encrypted partitions unless they are on the system disk (see here: https://forums.veeam.com/veeam-agent-for-windows-f33/issues-backing-up-veracrypt-drives-t52976.html). Either they are wrong, or you didn't notice that my problem relates to a partition on a **non-system** disk. Can you definitely confirm that this works for you? – Binarus Mar 23 '19 at 05:47
  • omg, I skipped the NON SYSTEM DISK part, sorry. You are right - all or out machines are using one sys/data volume. – bjoster Mar 25 '19 at 10:29

0 Answers0