• EN
Solved

gMSA V12

  • 14 February 2023
  • 6 comments
  • 735 views
A
Userlevel 2
  • Aquais
  • Not a newbie anymore
  • 2 comments

Now that 12 is out and we can officially get our hands on gMSA it seems the documentation is a bit lacking. My migration to V12 went smooth and EASY! Didn’t even get to finish my lunch before it had completed. 

I am using gMSA within my environment for other applications so I have familiarity with this functionality. I was able to link the gMSA within the Managed Credentials (like normally), however I don’t see gMSA being an option for linking to a physical agent job within V12. I just see the typical standard account settings. I made sure my physical agents are on version 6 now and also did a rescan of them, which then did another transport update. I then updated the running services to use the gMSA account on the actual veeam services, but again nothing is showing up. 

 

Anyone have any insight to this before I open a case on this?

icon

Best answer by Mildur 14 February 2023, 23:10

View original

6 comments

Chris.Childerhose
Userlevel 7
Badge +20

Based on the help page from what I can see using gMSA for agent jobs is not listed.  Unless someone else can chime in that has been able to.

Using Group Managed Service Accounts - User Guide for VMware vSphere (veeam.com)

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
A
Userlevel 2

Thank you Chris. I have checked out this document prior to posting here. It has almost the same information as the Veeam 12 User Guide; which doesn’t really go into much about this except some extra little goodies for quick powershell scripts. 

Chris.Childerhose
Userlevel 7
Badge +20

Yeah, I have not used the gMSA as yet so never tried to test with Agents.  Hopefully some others can chime in.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
Mildur
Userlevel 7
Badge +12

Hi @Aquais 

 

gMSA is available for guest application aware processing of windows guest VMs. It‘s not available for managing Veeam Agent.

If you want to use Veeam Agents without storing credentials in VBR, you may check out protection groups for pre-installed agents.


Best,

Fabian

 

Product Management Analyst @ Veeam Software
A
Userlevel 2

Fabian -thank you for this response. Do you have any specific notes on this? Why is this only limited to Windows Guest VMs? Seems it really should be the other way around: with Windows VMs be limited to vCenter limitations and that the agent should have a lot more hooks and increased functionality. 

“If you want to use Veeam Agents without storing credentials in VBR, you may check out protection groups for pre-installed agents.” - Yes this is exactly what I am concerned about and was hoping that gMSA was the solution for that. Currently my Veeam Agents are setup in a protection group for a few different reasons such as bandwidth limiting and for scheduling. Can you provide documentation on Veeam Agents not storing passwords?

 

Thank you kindly!

D
Userlevel 6
Badge +4

Aquais, 

Not sure you need documentation about it :)

When you try to install “standard” agent, you will have to provide local admin credential for veeam to install it.

When you install pre-installed agent, you have to perform all the step manually. You never enter account/password of the endpoint you backup.

 

I use pre installed on all my DC to avoid password storage and I hope gmsa solve this issue :) .

Comment


Terms & Conditions