Skip to main content

When you try to install or upgrade the Veeam Backup Enterprise Manager 12.1, it might fail to create a website, and the error code is 0x80070020.

 

 

You can follow the instructions to open the logs folder and try to check the cause of the issues. The folder path is C:\ProgramData\Veeam\Setup\Temp.

 

 

I noticed the error message: The process cannot access the file because it is being used by another process. Failed to create website. Error code: 0x80070020.

 

 

Bae on Veeam KB1992 https://www.veeam.com/kb1992, this known issue--Local antivirus or antimalware software interferes with installation.

In my case, the Windows Defender Advanced Threat Protection caused this issue. Unfortunately, I cannot temporarily disable the Microsoft Defender Advanced Thread Protection service. The service properties greyed out.

 

 

Also, I don't want to offboard the server from the Windows Defender Advanced Threat Protection and risk it.

Please follow the steps to set Microsoft Defender Antivirus to passive mode by setting the following registry key and rebooting the server.

 

Path: HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection

Name: ForceDefenderPassiveMode

Type: REG_DWORD

Value: 1

 

You can run Setup.exe to install the Veeam Backup Enterprise Manager 12.1 again. The error will gone and installed successfully.

 

 

Remember to remove the registry key and reboot the server after the installation.

Amazing how AV interferes with many things. Glad you got a workaround.


Good ole A/V back to being an installer hinderance. Good troubleshooting to get it resolved Cary. Thanks for sharing!


I love these kind of guides. @CarySun, do you have a primary AV running on this server? I assume it is a server since you are setting the Microsoft Defender Antivirus to passive mode. On client PC, this behaviour is by default. If I remember correctly, the “SC STOP servicename” should be able to fix this. I do not have a stuck service and cannot test this :-)


@Iams3le Thank you for providing the information. Unfortunately, The SC seems to no longer work to stop the service in my case. (There is a policy to prevent it).

On Windows Server 2022, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, or Windows Server 2012 R2, you must set Microsoft Defender Antivirus to passive mode manually.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide

Honestly, I don’t like to set passive mode for installing an application. I hope Veeam can solve this issue for the next patch if it’s a known issue.


@Iams3le Thank you for providing the information. Unfortunately, The SC seems to no longer work to stop the service in my case. (There is a policy to prevent it).

On Windows Server 2022, Windows Server 2019, Windows Server, version 1803 or newer, Windows Server 2016, or Windows Server 2012 R2, you must set Microsoft Defender Antivirus to passive mode manually.

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/switch-to-mde-troubleshooting?view=o365-worldwide

Honestly, I don’t like to set passive mode for installing an application. I hope Veeam can solve this issue for the next patch if it’s a known issue.

Gotcha! I also overlooked this “Microsoft Defender Advanced Thread Protection”. BTW, I will create a guide for my blog on how to set Microsoft Defender Antivirus to passive mode. Thank you for the post idea! 


Great! Thank you @CarySun 


Thanks for this thread @CarySun ! A slightly different alternative because I didn’t want to reboot the box: Go into the device’s page on Defender and turned on “Troubleshooting mode”, which allows admins to make adjustments for 4 hours. After a few minutes, I was able to disable tamper protection. I then closed/reopened the security center, and was able to disable the real-time protection toggles and cloud protection toggles. I’m not 100% sure which of those things allowed it to install, but it worked! This machine also has Sentinel One installed, but it’s managed by our security provider, I did not touch Sentinel One. 

 

Cheers!


@chughes I believe there are other ways to solve issues. I provided one of them. Thank you for sharing your experience.

 


Thanks for this thread @CarySun ! A slightly different alternative because I didn’t want to reboot the box: Go into the device’s page on Defender and turned on “Troubleshooting mode”, which allows admins to make adjustments for 4 hours. After a few minutes, I was able to disable tamper protection. I then closed/reopened the security center, and was able to disable the real-time protection toggles and cloud protection toggles. I’m not 100% sure which of those things allowed it to install, but it worked! This machine also has Sentinel One installed, but it’s managed by our security provider, I did not touch Sentinel One. 

 

Cheers!

This is a great workaround for those that prefer not to reboot. Nice find!


Hi,

It also helps with Veeam ONE installation :-)


Hi,

It also helps with Veeam ONE installation :-)

Great to hear that.  Too bad it has to be done this way.


Comment