Solved

Veeam hardened repository configuration error while adding linux server


Userlevel 2

Hi, I am new to Veeam and trying to test Immutability. When i configure linux server as per the first step i am getting error. am i missing anything here? i tried enabling ports on Linux host still the same.

 

3/15/2022 3:58:56 PM Error    Testing Veeam Data Mover service connection Error: No connection could be made because the target machine actively refused it IP_address :6162
                              No connection could be made because the target machine actively refused it ipaddress:6162

 

icon

Best answer by Chris.Childerhose 16 March 2022, 15:55

View original

16 comments

Userlevel 7
Badge +20

I would suggest you check the Firewall on the Linux box as it may be blocking the port required and noted in the error - 6162.  Let us know.

Userlevel 7
Badge +16

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Userlevel 7
Badge +20

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Yes and thanks for the correction there Joe. :smiley:

Userlevel 7
Badge +16

Could be any firewall in between the two systems.Or the local windows firewall on the Veeam server if it is activated…

But it should be definitely a firewall problem...

Yes and thanks for the correction there Joe. :smiley:

I did not want to correct you :fearful:  Just a little addition….

Userlevel 7
Badge +11

Is the backup server and the repository in the same subnet? You said this happens when trying the first initial setup? or it was working and then stopped working?

Userlevel 2

yes they are and there are no linux firewall enabled. After searching logs i see below error i have required Sudo permission for the account.

 

[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Exception during certificate storage initialization
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |boost::filesystem::directory_iterator::construct: Permission denied: "/opt/veeam/transport/certs/client"
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [n/a].
[16.03.2022 11:07:33.211] <139882166994752>          | Generating stop signal (CtrlC thread).
[16.03.2022 11:07:33.211] <139882144802560>          | CtrlC thread received stop signal. Exiting.
[16.03.2022 11:07:33.211] <139882144802560>          | Thread finished. Role: 'Ctrl-C thread'.
[16.03.2022 11:07:33.211] <139882166994752>          | Ctrl-C thread stopped.
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752> imm      |   Disconnecting from immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service... ok.
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service...
[16.03.2022 11:07:33.211] <139882166994752>          |   Disconnecting from environment service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service... ok.
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Fatal error
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Permission denied
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |[InotifyMonitor] Failed to add watch to event monitor
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
 

Userlevel 2

Yes this is new configuration i am testing this for the first time as we are planning to implement Veeam with Immutability option. Veeam server is Windows will be using Linux Hardened repository. I am trying to add Linux server in Managed system till testing connection its all fine. I am using Veeam 11 version. 

Userlevel 7
Badge +11

How confident are you that the time is accurate on both servers? Are they using the same time server?

Userlevel 2

yes they are on the same time zone. 

Userlevel 7
Badge +20

yes they are and there are no linux firewall enabled. After searching logs i see below error i have required Sudo permission for the account.

 

[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Exception during certificate storage initialization
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |boost::filesystem::directory_iterator::construct: Permission denied: "/opt/veeam/transport/certs/client"
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [n/a].
[16.03.2022 11:07:33.211] <139882166994752>          | Generating stop signal (CtrlC thread).
[16.03.2022 11:07:33.211] <139882144802560>          | CtrlC thread received stop signal. Exiting.
[16.03.2022 11:07:33.211] <139882144802560>          | Thread finished. Role: 'Ctrl-C thread'.
[16.03.2022 11:07:33.211] <139882166994752>          | Ctrl-C thread stopped.
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752> imm      |   Disconnecting from immutable repository service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> imm      | Stopping immutable repository service... ok.
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service...
[16.03.2022 11:07:33.211] <139882166994752>          |   Disconnecting from environment service...
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Operation not permitted
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Failed to send SIGTERM to child process.
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
[16.03.2022 11:07:33.211] <139882166994752> tpl      | Stopping Environment service... ok.
[16.03.2022 11:07:33.211] <139882166994752>          | ERR |Fatal error
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |Permission denied
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |[InotifyMonitor] Failed to add watch to event monitor
[16.03.2022 11:07:33.211] <139882166994752>          | >>  |An exception was thrown from thread [139882166994752].
 

You should look to use the one-time credentials for adding this repo for better security.

Userlevel 2

Like ? i tried also option if sudo does not work use su - . Still the same.

Userlevel 7
Badge +20

Check this article that explains hardened repositories - https://helpcenter.veeam.com/docs/backup/hyperv/hardened_repository.html#:~:text=The%20immutability%20period%20is%20extended%20only%20for%20the,again%20so%20they%20can%20be%20deleted%20or%20modified.

Yes this link is Hyper-V but still applies.

Userlevel 7
Badge +7

Check the privileges of your user? Is it sudoers for the installation of datamover?

Userlevel 2

yes it has Sudoers permission and even tried putting Root credentials does not work. only RHEL linux i can see another error. is it because of cert “access denied” error?

 

[16.03.2022 14:45:38.572] <140737338287872> imm      | Performing filesystem scan... Failed.
[16.03.2022 14:45:38.572] <140737338287872> imm      | ERR |Immutable locks retention thread has failed.
[16.03.2022 14:45:38.572] <140737338287872> imm      | >>  |Immutability service is being stopped.
[16.03.2022 14:45:38.572] <140737338287872> imm      | >>  |An exception was thrown from thread [140737353983808].
[16.03.2022 14:45:38.572] <140737338287872>          | Thread finished. Role: 'immutable locks retention'.
[16.03.2022 14:45:38.572] <140737353983808> imm      | Service: shutdown.
 

Userlevel 2

to test i added it using “linux account” i can add linux server and scan all volumes. If i change it to “single user” it fails at connecting stage.

Userlevel 7
Badge +20

to test i added it using “linux account” i can add linux server and scan all volumes. If i change it to “single user” it fails at connecting stage.

This is the permissions for the backup repository folder that is causing this.  I had similar issues when first doing this with the Single-Use credentials and found this article helpful - Veeam Hardening Linux Repository – Part 1 | StarWind Blog (starwindsoftware.com)

This is by a Veeam Vanguard and explains how to create the user in Linux.

Also there is this guide by Veeam - Step 3. Specify Credentials and SSH Settings - User Guide for VMware vSphere (veeam.com)

Comment