Hello, I have version 12 installed on a Server in our domain. I have checked the users and roles area and am unable to determine how this is happening, but anytime I enter correct active directory credentials for a user, I am able to authenticate in the console and it works fine?
What can I do to resolve this?
+10
Please confirm Veeam B&R is installed on a Domain Controller?
This is a red-flag worst practice. Honestly we should block this on the installer, will put this as a feature request.
+12
No settings to transfer as those are stored in the DB on the VBR server. You just need to install the console and connect to Veeam server.
That would not solve the situation „get the backup server off the domain controller“.
Please see this user guide page. It explains how to migrate the backup server and it’s configuration to another machine.
https://helpcenter.veeam.com/docs/backup/vsphere/vbr_config_migrate.html?ver=120
best,
Fabian
+10
To
+12
To
And your production domain
Best,
Fabian
+20
Check out your user & role mapping within VBR: https://helpcenter.veeam.com/docs/backup/vsphere/configuring_users.html?ver=120
And then enumerate the users & groups that have permissions relative to this. That’ll be the reason why
+17
Hi
What specifically is the issue you’re experiencing? Is anyone allowed to logon, local & domain, or is nobody allowed to logon? I kinda am not understanding the problem you’re having.
Hello, the current problem is that anyone can login that is on the domain. I have checked permissions and am unable to figure out how, there is no local admin association on this server to my knowledge. It is actually a domain controller. I understand a DC is poor practice, but were limited in hardware and for a couple reasons this is what works for us.
+17
I checked users and roles, I have only one group remaining in there relative to admins. When I connect to localhost over port 9392, it just allows anyone to sign in.
I am actually using credentials of a regular new user who I just created and they are not a member of any local admin group or group. Is there anywhere else other than users and roles that I can check for permission settings ?
+20
I checked users and roles, I have only one group remaining in there relative to admins. When I connect to localhost over port 9392, it just allows anyone to sign in.
I am actually using credentials of a regular new user who I just created and they are not a member of any local admin group or group. Is there anywhere else other than users and roles that I can check for permission settings ?
No there is not as this controls access to the console. The only other thing I can think of is because of it being on a DC that is the problem right there. If you can send a screenshot of the Users & Roles screen that might help more as we are just guessing at this point.
+17
I checked users and roles, I have only one group remaining in there relative to admins. When I connect to localhost over port 9392, it just allows anyone to sign in.
I am actually using credentials of a regular new user who I just created and they are not a member of any local admin group or group. Is there anywhere else other than users and roles that I can check for permission settings ?
No...no other area in Veeam deals with user logons. As Chris suggests, could you share a screenshot, removing/blurring any sensitive org info?
Here is the screenshot. If I modify this one to say a specific user, it doesnt work any different. I am using multiple generic accounts with no permissions other than our users group, which is not an admin group at all. It just lets everyone in. I am thinking its a bug with version 12.
I added a separate domain admin account ( not the one im logging in with ) and it does not change. We are on 12.1.1.56
License community free edition.
Yes Rick, Unfortunately I have no other units that can be used to host the recovery console. It appears it requires too much memory / cpu etc. to even consider on my end, unless I am wrong.
Ok, is there a way I can keep the SQL part on the current server and remove the console ? I dont know how to do that. I see the migration utility in the console to backup and move.
Sorry for all the questions.
How do you import settings that just pertain to the console, without having all the stuff transfer ?
+20
How do you import settings that just pertain to the console, without having all the stuff transfer ?
No settings to transfer as those are stored in the DB on the VBR server. You just need to install the console and connect to Veeam server.
I can try to migrate the whole thing to a separate Virtual Machine, but I dont expect that to go well. I just dont have the hardware.
+9
Yes Rick, Unfortunately I have no other units that can be used to host the recovery console. It appears it requires too much memory / cpu etc. to even consider on my end, unless I am wrong.
In this case, get a Mini PC, this works greatly! From what you have said, I can tell your environment is not so big. Therefore, use Acemargic and can serve your needs. This is a need addition to my lab and can vouch for it.
+20
Are you trying to prevent users from logging in? You need to check the Local Administrators group to ensure only specific users are located there as anyone in this group can access the console/server.
+20
Check here also for Users & Roles with explanations as well - Managing Users and Roles - User Guide for VMware vSphere (veeam.com)
+20
Hello, the current problem is that anyone can login that is on the domain. I have checked permissions and am unable to figure out how, there is no local admin association on this server to my knowledge. It is actually a domain controller. I understand a DC is poor practice, but were limited in hardware and for a couple reasons this is what works for us.
You need to go through the link I posted for Users & Roles. This will then prevent any users from logging in.
+17
By default, the local computer Administrators group is added to the Veeam Users & Roles. All Domain Admins are in local computers’ Administrators group. So, any Domain Admin would be able to login.
+20
Here is the screenshot. If I modify this one to say a specific user, it doesnt work any different. I am using multiple generic accounts with no permissions other than our users group, which is not an admin group at all. It just lets everyone in. I am thinking its a bug with version 12.
You need to get rid of Domain Admins and specify users.
+20
Also are you on Version 12.1 or 12 RTM?
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
