Veeam Community- Localhost allowing anyone to login

Are you trying to prevent users from logging in?  You need to check the Local Administrators group to ensure only specific users are located there as anyone in this group can access the console/server.

Check here also for Users & Roles with explanations as well - Managing Users and Roles - User Guide for VMware vSphere (veeam.com)

Check out your user & role mapping within VBR: https://helpcenter.veeam.com/docs/backup/vsphere/configuring_users.html?ver=120

And then enumerate the users & groups that have permissions relative to this. That’ll be the reason why

Hi @mschreiberjr -

What specifically is the issue you’re experiencing? Is anyone allowed to logon, local & domain, or is nobody allowed to logon? I kinda am not understanding the problem you’re having.

Hello, the current problem is that anyone can login that is on the domain.   I have checked permissions and am unable to figure out how, there is no local admin association on this server to my knowledge. It is actually a domain controller. I understand a DC is poor practice, but were limited in hardware and for a couple reasons this is what works for us.

You need to go through the link I posted for Users & Roles.  This will then prevent any users from logging in.

@mschreiberjr - Ah, ok; the only way this could be is if you have a group added to Veeam Users & Roles, for example Domain Users, which would allow anyone with a Domain acct to login.

By default, the local computer Administrators group is added to the Veeam Users & Roles. All Domain Admins are in local computers’ Administrators group. So, any Domain Admin would be able to login.

I checked users and roles, I have only one group remaining in there relative to admins.  When I connect to localhost over port 9392, it just allows anyone to sign in. 

I am actually using credentials of a regular new user who I just created and they are not a member of any local admin group or group.  Is there anywhere else other than users and roles that I can check for permission settings ?   

No there is not as this controls access to the console.  The only other thing I can think of is because of it being on a DC that is the problem right there.  If you can send a screenshot of the Users & Roles screen that might help more as we are just guessing at this point.

No...no other area in Veeam deals with user logons. As Chris suggests, could you share a screenshot, removing/blurring any sensitive org info?

Here is the screenshot.  If I modify this one to say a specific user, it doesnt work any different.  I am using multiple generic accounts with no permissions other than our users group, which is not an admin group at all.   It just lets everyone in.  I am thinking its a bug with version 12.

 

 

Here is the screenshot.  If I modify this one to say a specific user, it doesnt work any different.  I am using multiple generic accounts with no permissions other than our users group, which is not an admin group at all.   It just lets everyone in.  I am thinking its a bug with version 12.

You need to get rid of Domain Admins and specify users.

Also are you on Version 12.1 or 12 RTM?

I added a separate domain admin account ( not the one im logging in with ) and it does not change.   We are on 12.1.1.56   

License community free edition.

 

 

Here is the screenshot.  If I modify this one to say a specific user, it doesnt work any different.  I am using multiple generic accounts with no permissions other than our users group, which is not an admin group at all.   It just lets everyone in.  I am thinking its a bug with version 12.

Well, as Chris stated...add only specific users. 

I’ve never seen Veeam login behavior like you’re experiencing. I guess it could be a bug when installed on a DC. I use v12.1 and do not have that logon issue. I suggest contacting Veeam Support to see if they have a fix and/or if they’ve heard of this issue with Veeam installed on a DC. 

Well the only thing left is to move it off the DC.  That seems to be the only anomaly here probably causing the issue.

Please confirm Veeam B&R is installed on a Domain Controller?

This is a red-flag worst practice. Honestly we should block this on the installer, will put this as a feature request.

Yes Rick, Unfortunately I have no other units that can be used to host the recovery console.  It appears it requires too much memory / cpu etc. to even consider on my end, unless I am wrong. 

If you just need the console that can be installed on any decent machine.  It is the main VBR program and such that needs resources.

On my laptop when I run the console to connect to one of my servers over VPN it uses just under 500MB to start but when it gets going that drops.

Ok, is there a way I can keep the SQL part on the current server and remove the console ?   I dont know how to do that. I see the migration utility in the console to backup and move. 

Sorry for all the questions.   

Yes just go in to Add/Remove Programs and click on Veeam Backup & Replication - Uninstall.  Then during the uninstall you can select just the console part as it allows selecting single components.

To @Chris.Childerhose point → You can install B&R on a Windows PC (Win 10, 11, etc.). Do everything possible to get it off of the domain controller.

How do you import settings that just pertain to the console, without having all the stuff transfer ?