Our setup is currently as follow: Veeam server in seperated VLAN, guest processing is now running with VIX with the domain\administrator account.
Regarding the KB we must use the administrator account as it has the -500 at the end of the SID.
For safety purpose we want to disable the global domain\administrator account and use another domain admin. Since I change the account, the backup jobs failing because of failing guest processing.
When I test the guest processing, the difference is that administrator successfully can make connection with Guest OS via VIX (after failing over to backup server for guest interaction). Another account fails at this step as well.
I could open 445 between the VLANS’, but I’m not sure that I break security if I do so.
Are there best practise available for this kind of setup? Disabling UAC would not be the best option for us :).