Create e-mail alerts for windows server backups

How to create email alerts for backups in Windows Server 2008 R2 and Microsoft Small Business Server 2011

Backups are one of those things that often get neglected until you need to restore something. This is what getting alerts to put the problems in front of you are so important for backup systems. The built-in backup software for Windows Server 2008+ have some nice attributes: like free and can store many backups onto a local USB drive, but are lacking some critical components like email alerts. Happily, Windows Server has a way to handle this fairly easily. Maybe on the next version there will be an option to setup these alerts along with the backup job.

Below I have laid out a full manual procedure for creating alerts for backup warnings and errors. I suggest alerts also be created for backup success. The reason for the backup success goes along with my above comment about neglect. If your backups fail to even launch you will not typically get an error message as their will not be any event logs to trigger on. Having alerts for success may help when one day you wonder, Oh Yea, where are my backup success emails? The same procedure below can be used for success by changing the event filter and subject.

I have provided the XML for both the success and failure event filters. You can just past them into the manual XML filter dialog in place of creating them with the check boxes and pull downs. I have also provided complete XML imports for both Backup success and failure alerts. Remember to change the run as user and email parameters after, or before importing. Just copy and paste the import samples into an XML file and import.

These alert methods can and should  be used for other windows server events of interest as well. You can actually right-click on events in the event viewer and create alerts for the select event right there. However, be careful, it by default sets the default run as user to the current logged in user and is set to only run when that user is logged in. Not very helpful for monitoring errors on a server.

To create an alert for all Errors and warnings:

1.       Open Task Scheduler.
2.       Right-click on Event Viewer Tasks. Select Create Task.
a.       Enter a logical name for the task.
b.      Set a user for the task to run as. We suggest to use a dedicated account that is not a user or the administrator. The problem with using user accounts is that it breaks everything when the password is changed or the account disabled.
c.       Run whether user is logged on or not.
d.      Run with highest privileges: Unchecked
e.      Configure for Windows 7 / Windows Server 2008 R2
3.       Go to the Triggers tab.
a.       Press New.
b.      Begin the task: On an event.
c.       Custom event.
d.      Press New Event Filter.
i.      Logged: Anytime.
ii.      Event Level: Critical, Warning, Error.
iii.      By Source.
iv.      Event Source: backup.
v.      Press OK.
e.      Stop task if it runs longer than: 30 minutes.
f.        Enabled
g.       Press OK.
4.       Go to the Actions tab.
5.       Press new to create a new action.
a.       Action type: Send an e-mail.
b.      Fill out the From, To Subject and SMTP fields as appropriate.
c.       Press OK.
6.       Go to the Conditions tab.
a.       Uncheck everything.
7.       Go to the Settings tab
a.       Allow the task to be run on demand: Checked
b.      Run task as soon as possible after a scheduled start is missed: Checked
c.       Stop the task if it runs longer than: 1 hour.
d.      If the running task does not end when requested, force it to stop: Checked.
e.      If the task is already running, then the following rule applies: Run a new instance in parallel.
8.       Press Ok
9.       Set the password for the account used to run the task.

NOTES:
If you receive errors Event ID 202 Additional Data: Error Value: 2147746317 or Cannot modify or delete an object that was not added using the COM+ Admin SDK (0x8004020D), Check you have the correct SMTP parameters. This typically indicates an SMTP failure.
If you need more flexibility with email notifications, the free bmail command line mailer can be used. Find it here. Or Blat, Find it here.This utility can also be used to test email delivery as the task manager email delivery does not give you any real feedback.

Sample XML query for all backup errors and warnings.
<QueryList>
<Query Id=”0″ Path=”Application”>
<Select Path=”Application”>*SystemProvider[@Name=’Microsoft-Windows-Backup’] and (Level=1 or Level=2 or Level=3)</Select>
<Select Path=”Microsoft-Windows-Backup”>*SystemProvider[@Name=’Microsoft-Windows-Backup’] and (Level=1 or Level=2 or Level=3)</Select>
</Query>
</QueryList>

Sample XML query for Backup Success.
<QueryList>
<Query Id=”0″ Path=”Microsoft-Windows-Backup”>
<Select Path=”Microsoft-Windows-Backup”>*System[(Level=4 or Level=0) and (EventID=4)]</Select>
</Query>
</QueryList>

Sample Backup Failure Import

<?xml version=”1.0″ encoding=”UTF-16″?>
<Task version=”1.2″ xmlns=”http://schemas.microsoft.com/windows/2004/02/mit/task”>
<RegistrationInfo>
<Date>2011-09-10T16:22:33.4331453</Date>
<Author>MyDomain\Me</Author>
</RegistrationInfo>
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription>&lt;QueryList&gt;&lt;Query Id=”0″ Path=”Application”&gt;&lt;Select Path=”Application”&gt;*SystemProvider[@Name=’Microsoft-Windows-Backup’] and (Level=1 or Level=2 or Level=3)&lt;/Select&gt;&lt;Select Path=”Microsoft-Windows-Backup”&gt;*SystemProvider[@Name=’Microsoft-Windows-Backup’] and (Level=1 or Level=2 or Level=3)&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
</EventTrigger>
</Triggers>
<Principals>
<Principal id=”Author”>
<UserId>MyDomain\MyAlertServiceUser</UserId>
<LogonType>Password</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>false</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT1H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context=”Author”>
<SendEmail>
<Server>MySMTPServerName</Server>
<Subject>Backup failure</Subject>
<To>myadminemail@mydomain.com</To>
<From>mybackupserver.mydomain.com</From>
<Body></Body>
<HeaderFields />
<Attachments />
</SendEmail>
</Actions>
</Task>

Sample Backup Success Import

<?xml version=”1.0″ encoding=”UTF-16″?>
<Task version=”1.3″ xmlns=”http://schemas.microsoft.com/windows/2004/02/mit/task”>
<RegistrationInfo>
<Date>2011-09-11T09:21:48.2549243</Date>
<Author>MyDomain\Me</Author>
</RegistrationInfo>
<Triggers>
<EventTrigger>
<Enabled>true</Enabled>
<Subscription>&lt;QueryList&gt;&lt;Query Id=”0″ Path=”Microsoft-Windows-Backup”&gt;&lt;Select Path=”Microsoft-Windows-Backup”&gt;*SystemProvider[@Name=’Microsoft-Windows-Backup’] and EventID=20&lt;/Select&gt;&lt;/Query&gt;&lt;/QueryList&gt;</Subscription>
</EventTrigger>
</Triggers>
<Principals>
<Principal id=”Author”>
<UserId>MyDomain\MyAlertServiceUser</UserId>
<LogonType>Password</LogonType>
<RunLevel>LeastPrivilege</RunLevel>
</Principal>
</Principals>
<Settings>
<MultipleInstancesPolicy>Parallel</MultipleInstancesPolicy>
<DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
<StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>
<AllowHardTerminate>true</AllowHardTerminate>
<StartWhenAvailable>true</StartWhenAvailable>
<RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
<IdleSettings>
<StopOnIdleEnd>true</StopOnIdleEnd>
<RestartOnIdle>false</RestartOnIdle>
</IdleSettings>
<AllowStartOnDemand>true</AllowStartOnDemand>
<Enabled>true</Enabled>
<Hidden>false</Hidden>
<RunOnlyIfIdle>false</RunOnlyIfIdle>
<DisallowStartOnRemoteAppSession>false</DisallowStartOnRemoteAppSession>
<UseUnifiedSchedulingEngine>false</UseUnifiedSchedulingEngine>
<WakeToRun>false</WakeToRun>
<ExecutionTimeLimit>PT1H</ExecutionTimeLimit>
<Priority>7</Priority>
</Settings>
<Actions Context=”Author”>
<SendEmail>
<Server>MySMTPServerName</Server>
<Subject>Backup Success</Subject>
<To>myadminemail@mydomain.com</To>
<From>mybackupserver.mydomain.com</From>
<Body></Body>
<HeaderFields />
<Attachments />
</SendEmail>
</Actions>
</Task>