• EN
Solved

Veeam hardened repository configuration error while adding linux server

R
Userlevel 2

Hi, I am new to Veeam and trying to test Immutability. When i configure linux server as per the first step i am getting error. am i missing anything here? i tried enabling ports on Linux host still the same.

 

3/15/2022 3:58:56 PM Error    Testing Veeam Data Mover service connection Error: No connection could be made because the target machine actively refused it IP_address :6162
                              No connection could be made because the target machine actively refused it ipaddress:6162

 

icon

Best answer by Chris.Childerhose 16 March 2022, 15:55

View original

16 comments

Chris.Childerhose
Userlevel 7
Badge +20

I would suggest you check the Firewall on the Linux box as it may be blocking the port required and noted in the error - 6162.  Let us know.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
JMeixner
Userlevel 7
Badge +17

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Chris.Childerhose
Userlevel 7
Badge +20

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Yes and thanks for the correction there Joe. :smiley:

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
JMeixner
Userlevel 7
Badge +17

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Yes and thanks for the correction there Joe. :smiley:

I did not want to correct you :fearful:  Just a little addition….

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
haslund
Userlevel 7
Badge +14

Is the backup server and the repository in the same subnet? You said this happens when trying the first initial setup? or it was working and then stopped working?

Check out my blog on https://rasmushaslund.com - Rasmus is a Veeam Certified Trainer and passionate about all community work.
R
Userlevel 2

yes they are and there are no linux firewall enabled. After searching logs i see below error i have required Sudo permission for the account.

 

[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Exception during certificate storage initialization
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |boost::filesystem::directory_iterator::construct: Permission denied: "/opt/veeam/transport/certs/client"
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [n/a].
[16.03.2022 11:07:33.211] <139882166994752>          | Generating stop signal (CtrlC thread).
[16.03.2022 11:07:33.211] <139882144802560>          | CtrlC thread received stop signal. Exiting.
[16.03.2022 11:07:33.211] <139882144802560>          | Thread finished. Role: 'Ctrl-C thread'.
[16.03.2022 11:07:33.211] <139882166994752>          | Ctrl-C thread stopped.
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752> imm      |   Disconnecting from immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service... ok.
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service...
[16.03.2022 11:07:33.211] <139882166994752>          |   Disconnecting from environment service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service... ok.
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Fatal error
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Permission denied
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |[InotifyMonitor] Failed to add watch to event monitor
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
 

R
Userlevel 2

Yes this is new configuration i am testing this for the first time as we are planning to implement Veeam with Immutability option. Veeam server is Windows will be using Linux Hardened repository. I am trying to add Linux server in Managed system till testing connection its all fine. I am using Veeam 11 version. 

haslund
Userlevel 7
Badge +14

How confident are you that the time is accurate on both servers? Are they using the same time server?

Check out my blog on https://rasmushaslund.com - Rasmus is a Veeam Certified Trainer and passionate about all community work.
R
Userlevel 2

yes they are on the same time zone. 

Chris.Childerhose
Userlevel 7
Badge +20

yes they are and there are no linux firewall enabled. After searching logs i see below error i have required Sudo permission for the account.

 

[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Exception during certificate storage initialization
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |boost::filesystem::directory_iterator::construct: Permission denied: "/opt/veeam/transport/certs/client"
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [n/a].
[16.03.2022 11:07:33.211] <139882166994752>          | Generating stop signal (CtrlC thread).
[16.03.2022 11:07:33.211] <139882144802560>          | CtrlC thread received stop signal. Exiting.
[16.03.2022 11:07:33.211] <139882144802560>          | Thread finished. Role: 'Ctrl-C thread'.
[16.03.2022 11:07:33.211] <139882166994752>          | Ctrl-C thread stopped.
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752> imm      |   Disconnecting from immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service... ok.
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service...
[16.03.2022 11:07:33.211] <139882166994752>          |   Disconnecting from environment service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service... ok.
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Fatal error
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Permission denied
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |[InotifyMonitor] Failed to add watch to event monitor
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
 

You should look to use the one-time credentials for adding this repo for better security.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
R
Userlevel 2

Like ? i tried also option if sudo does not work use su - . Still the same.

Chris.Childerhose
Userlevel 7
Badge +20

Check this article that explains hardened repositories - https://helpcenter.veeam.com/docs/backup/hyperv/hardened_repository.html#:~:text=The%20immutability%20period%20is%20extended%20only%20for%20the,again%20so%20they%20can%20be%20deleted%20or%20modified.

Yes this link is Hyper-V but still applies.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
BertrandFR
Userlevel 7
Badge +8

Check the privileges of your user? Is it sudoers for the installation of datamover?

R
Userlevel 2

yes it has Sudoers permission and even tried putting Root credentials does not work. only RHEL linux i can see another error. is it because of cert “access denied” error?

 

[16.03.2022 14:45:38.572] <140737338287872> imm      | Performing filesystem scan... Failed.
[16.03.2022 14:45:38.572] <140737338287872> imm      | ERR |Immutable locks retention thread has failed.
[16.03.2022 14:45:38.572] <140737338287872> imm      | >>  |Immutability service is being stopped.
[16.03.2022 14:45:38.572] <140737338287872> imm      | >>  |An exception was thrown from thread [140737353983808].
[16.03.2022 14:45:38.572] <140737338287872>          | Thread finished. Role: 'immutable locks retention'.
[16.03.2022 14:45:38.572] <140737353983808> imm      | Service: shutdown.
 

R
Userlevel 2

to test i added it using “linux account” i can add linux server and scan all volumes. If i change it to “single user” it fails at connecting stage.

Chris.Childerhose
Userlevel 7
Badge +20

to test i added it using “linux account” i can add linux server and scan all volumes. If i change it to “single user” it fails at connecting stage.

This is the permissions for the backup repository folder that is causing this.  I had similar issues when first doing this with the Single-Use credentials and found this article helpful - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)

This is by a Veeam Vanguard and explains how to create the user in Linux.

Also there is this guide by Veeam - Step 3. Specify Credentials and SSH Settings - User Guide for VMware vSphere (veeam.com)

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech

Comment


Terms & Conditions