Skip to main content
  • EN

I am currently working on my first larger V13 deployment outside of my lab. There are a few stumbling blocks here, because the procedure is slightly different from V12 and the Help Center is unfortunately not yet complete at this point in time (Veeam is working hard to change this quickly and have it complete soon).
One of these stumbling blocks was connecting the Veeam VBR V13 server to the Veeam ONE V13 server, which I would like to describe to you in this post. First off, my problem was a user/login issue.

Firewall Policies
If the servers are located in separate networks, the appropriate firewall policies must always be configured.
https://helpcenter.veeam.com/docs/one/userguide/ports.html?ver=13

Access to host management
Access to host management via port “10443” on the VBR server must be available, and the login details for “veeamso” and “veeamadmin” or an other Host Admin and Security Officer must be provided.

Creating users
When creating users, I made a crucial mistake that cost me a lot of time searching and testing.
In version 13 of the VBR, there are four different types of users in Host Management:

  • Host Admin
  • Security Officer
  • User
  • Service Account

I created and authorized a user with the role “User” to connect ONE to VBR. However, it was not possible to connect with this user, and I received the message “Specified user does not have permissions to add backup server.”

So, to test it, I gave the user the role of “Host Admin,” but I got the same error message. Apparently, both were wrong. I don’t want to log in to Veeam VBR from Veeam ONE with “veeamadmin” because the credentials are stored.
The solution itself was really simple. You need a user of the “Service Account” type for the connection (the other things were easy).
This is because service account users are not regulated by DISA STIG guidelines (password expiration after 60 days, etc.) and the handling of initializing the user is a little bit different.

I have received feedback from Jorge and Fabian from Veeam that a normal user would also work. However, after creating the user, you must log in with it once to properly initialize the account. Only then will it be activated correctly. This is therefore the alternative solution to the service account.

As I read in a comment from Jorge in the community, you can even delete the Veeam ONE user from the VBR server after installing the “Veeam Analytics Service” and only need it if you have to repair/reinstall the service. Once the service is installed, Veeam ONE communicates directly with the service via certificates.

Here is the process for creating a user:

Log in to Host Management with “veeamadmin” or another user with host admin rights.

Click on “Users and Roles” and add a new user via “Add.”
Enter the username, password, and description (descriptions for Veeam users are always very important for traceability!).

Now assign the user the role of “Service Account.”

Confirm the summary

Check that the account has the status “Active.”

Authorizing the user
The newly created service user requires the appropriate permissions.
Log in to the Veeam Backup & Replication Console.
Open “Users & Roles.”

Use “Add” to add a new user to the authorized users.
The “Name” field must be filled in with the Veeam ONE service account user (don’t be surprised, there is unfortunately no drop-down menu here) and assign the user the role “Veeam Backup Administrator.”

Enable Data Collection
To connect Veeam ONE to the VBR, data collection must be enabled on the VBR server. After enabling, you have 60 minutes to connect the ONE server, after which the function will be disabled again.

To do this, click on “Backup Infrastructure” in the “Veeam Host Management Console.” Then click on “Submit Request” under “Data Collection.”
The request for activation will now be set to “Waiting for approval.”

You must log in to Host Management with a “Security Officer” and confirm the request.

Connecting ONE with VBR
Log in to the Veeam One server with a user who is a member of the “Veeam ONE Administrators” group.
After logging in, open “Configuration” (or, if you have not yet added a source, you will be greeted with an “Infrastructure is missing” welcome screen, but you will still end up here).
Under “Data Collection,” click on “Data Source” and select “Add Server.”
Click “Veeam Backup & Replication.”

Enter the DNS name or IP address of the VBR server (DNS must be forward and reverse resolvable), leave other settings at default, and click “Next.”

Click “Add credentials.”

Select “Standard Account” and click “Next.”

Fill in all fields and click on “Finish.”

If other sources already exist, check that the correct credentials are selected and click on “Next.”

Click on “Finish” again in the summary.

The installation of the “Veeam Analytics Service” on the VBR server will now start, and Veeam ONE will start data collection on the VBR server after installation.

 

Original Post: https://petersvirtualworld.de/veeam-one-v13-with-a-veeam-vbr-v13/

@Rick Vanover I have something else besides ideas for the community 😂

Great tutorial, one only caveat, the problem when using newly created users in Host Management is not privileges itself, it is the very lovely requirement from DISA STIG to reset that newly created user password after first login.

 

So, if you have just login only once to let’s say petesteven with User role in Host Management, changed your pass, make sure you have Veeam Backup Admin Role in VBR, and use that in Veeam ONE, would have worked 100%.

 

Also, you can delete this account from VBR once it is added to VONE, as we do not use that user anymore.

 

Thanks for the guide!

Great tutorial, one only caveat, the problem when using newly created users in Host Management is not privileges itself, it is the very lovely requirement from DISA STIG to reset that newly created user password after first login.

 

So, if you have just login only once to let’s say petesteven with User role in Host Management, changed your pass, make sure you have Veeam Backup Admin Role in VBR, and use that in Veeam ONE, would have worked 100%.

 

Also, you can delete this account from VBR once it is added to VONE, as we do not use that user anymore.

 

Thanks for the guide!

This was probably my problem, that I hadn't logged in with the normal “user” after creating it. I hadn't assigned MFA either, as this isn't possible when connecting to ONE.
I had assigned the Veeam administrator role. The only change was really just the “service account.”

Thanks for the tip about deleting the user after connecting.

 

Great article Pete.  I ran in to this as well with VSPC v9 in a similar situation with having to log in to change the password first before it worked.  What Jorge said works each time as well as your instructions. 👍

@Rick Vanover I have something else besides ideas for the community 😂

:)!

Great tutorial, one only caveat, the problem when using newly created users in Host Management is not privileges itself, it is the very lovely requirement from DISA STIG to reset that newly created user password after first login.

 

So, if you have just login only once to let’s say petesteven with User role in Host Management, changed your pass, make sure you have Veeam Backup Admin Role in VBR, and use that in Veeam ONE, would have worked 100%.

 

Also, you can delete this account from VBR once it is added to VONE, as we do not use that user anymore.

 

Thanks for the guide!

I've edited the post and added the user activation and that both methods are possible, 
so that there won't be any misunderstandings.

Thanks for your feedback, I'm always learning something new (especially with a V13 deployment) :-)

 

Terms & ConditionsAccessibility statement