Hello,   I am trying to install XCP for SMB on a windows 2022 server and I an getting a "no connection to active directory" error. I am unable to find any resource or workaround for this. Is anyone able to help with this? I assume I am not the first user to experience this.   C:\>xcp activate XCP SMB 1.9.4P1; (c) 2025 NetApp, Inc.; Error: no connection to Active Directory ... View more

Introduction: A Decade on the Frontlines With over a decade in cybersecurity—back when we still called it Infosec—I’ve battled ransomware strains like Locky, WannaCry, NotPetya, Conti, ALPHV, REvil, and LockBit. Most were stopped, but some slipped through, causing catastrophic damage to businesses— because we were missing the essential visibility at the data layer.   The Attack That Changed My Perspective In the early weeks of COVID-19 lockdowns, a major pharmaceutical company was hit by ransomware. The attacker bypassed perimeter defences using a phishing email. An employee unknowingly opened the email following a link, giving the attacker his credentials and  access to his computer, which the adversary  escalated to Domain admin rights and thereby was able to access all internal systems. After gaining full access, the attacker went undetected for 48 hours, exfiltrated some data and encrypted the company’s crown jewels and its Active directory — triggering a multi-extortion attack. The organisation had to shut down all network connectivity and restore access gradually. Some Employees were locked out for nearly two weeks, halting critical business operations. Initial damage estimates were $6 million (no ransomware paid), but the real cost likely exceeded $20 million. Recovery dragged on for six months, exposing glaring gaps in the organization’s resilience during a global emergency.   In hindsight:  I dissected this particular attack and many more with my peers.  Three recurring issues stood out: Timing: The attack began Friday evening—before the weekly backup. By Monday, mission-critical files were encrypted, and backups were compromised. Visibility: There were no alerts at the storage layer to flag encryption activity. Chaotic Restore Process and Capability Gaps: Recovery was nightmare. Backups were often encrypted or incomplete, disk space was insufficient for restores, and there was no workflow to validate data before reintegration. Forensic analysis was slow, and prioritization of critical data was guesswork.   What Was Missing Data-Level Detection: Immediate alerts when encryption started Automated Snapshots: Triggered at the first sign of ransomware. Immutable Backups: Protected from tampering. Easy restore process: That validated data before reintegration to avoid reinfection. Risk-Based Prioritisation: Assigned protection policies based on business-criticality, which could also be used for recovery.   The Reality of Ransomware in 2025 Average cost per attack: $5.5M–$6M, up 17% from 2024 [purplesec.us] Average downtime: 24–30 days [sqmagazine.co.uk] Global impact: 4,701 ransomware incidents in the first nine months of 2025 (+34% YoY) [deepstrike.io] Recovery costs: $1.5M on average, even without paying ransom [sophos.com] Projected annual global cost by 2031: $265B [getastra.com] These numbers underscore a harsh truth: ransomware isn’t just an IT problem—it’s a business continuity crisis that can only be overcome with a healthy resilience strategy.     How NetApp Could Have Changed the Outcome Netapp Ransomware Resilience provides: Data-Level Detection and Immediate Alerts NetApp® Ransomware Resilience delivers advanced protection by combining storage-layer intelligence with AI-driven security. This ensures threats are detected early and mitigated before they impact your business. Early Ransomware Detection: Operates at the storage layer to identify encryption patterns that traditional security tools often miss. AI-Driven Breach Detection: Detects suspicious user behaviors that may indicate potential data exfiltration attempts. Automated Snapshots on Detection Instead of waiting for scheduled backups, NetApp can trigger instant snapshots the moment suspicious activity is detected, preserving clean recovery points even minutes before an attack escalates. One Click User Access Blocking on storage layer: Immediately restricts malicious or compromised user access at the storage layer to contain the threat without disrupting forensic analysis Immutable Backups and Simplified Restore Backups stored with NetApp are tamper-proof, ensuring attackers cannot encrypt or delete them. Combined with streamlined restore workflows, this dramatically reduces downtime. Clean Restore NetApp’s clean restore feature provides a guided process for recovering ONTAP storage workloads : from setup through analysis, planning and curating a recovery point, removing malware, recovering the workload and reporting. Risk-Based Protection Policies Ransomware Resilience provides visibility into gaps in the ransomware resilience posture and enables risk-based prioritization workloads , so critical workloads get the highest level of protection automatically.   Lessons Learned Ransomware attacks are inevitable, but catastrophic damage is not. The combination of data-level detection, fast response , and rapid restore capabilities can transform recovery from a six-month ordeal into a matter of hours or days.   Call to Action If you’re serious about ransomware resilience, it’s time to rethink your strategy. Explore how NetApp Ransomware Resilience  can help you stay ahead of adversaries and protect what matters most. NetApp addresses the needs of CISOs, Security Practitioners, Storage and Infrastructure teams by dramatically improving key metrics: Mean Time to Detect (MTTD): From days to minutes. Mean Time to Contain (MTTC): From hours or days to minutes. Mean Time to Recover (MTTR): From months to days—with full recovery, not partial fixes. This means faster detection, quicker containment, and complete recovery—turning ransomware resilience from a buzzword into a business reality. Explore how NetApp Ransomware Resilience can help you stay ahead of adversaries and protect what matters most. Click here for more ... View more

After performing an XCP copy, I deleted some data on the source volume. However, when I ran XCP sync, the deleted data was not removed from the target volume.   Is it possible to perform a full synchronization, similar to rsync, where deleted data on the source is also removed from the target? ... View more

Hi all,   I have configured a Tamperproof Snapshot with snaplock.    During DST time change from summer to winter time (-1 hour), NTP server update time to ONTAP. After getting new time, the least tamperproof snapshot has suddenly expired and deleted after creating a new one by scheduler.   Is this the expected behaviour during Daylight Saving time change to get one TPS suddenly removed ? When the next DST time change from winter to summer occur, will we get more snapshot keeped by system due to time change (+ 1 hour) ??   I have found no KB explaining this expected behaviour.   Thanks for your help. Vincent ... View more

I am using a FAS2750 with a physical windows server (DL360Gen10) running veeam backup to a Vsphere cluster. The connection from the veeam server to the FAS is in directsan mode (ISCSI). I am not using storage integration because i dont have enterprise plus veeam licenses. The storage network is 10GBE, i am running the veeam backups to local SAS disks in the (physical) VEEAM server. The network connection to the storage network is 2x 10GBE with multipathing enabled and active in the ISCSI configuration. We also have on older Equallogic ps4210 SAN in place for archiving purposes. The problem is, when a VM is running on the FAS2750, i am getting very slow single disk backup speeds (30MBps). When multiple vm's are backed up at the same time the combined read speed of the FAS gets up to about 150MBps, but if a single vm with a large disk is backed up the speed is stuck at +-30MBps. When i migrate the same VM to a datastore hosted on the Equallogic ps4210, the backup speed is up to 300MBps+. Veeam bottleneck indication is 99% source if I backup from the datastore hosted on the FAS2750, when I backup the same vm from a datastore hosted on the equallogic the bottleneck idication of VEEAM is target. Can there be a setting on the FAS2750 which is limiting my backup speed? Or how can I monitor on the FAS whats limiting my backup speed. ... View more