We’re evaluating replacing out Windows VBR-servers with VSA, and I have set up a pilot machine. We need AD authentication to work for this, and I have joined the VSA to our domain.
The main issue we have is that authentication is extremely slow and even if I can get “connected” pretty quick when I log in from the VBR-console, it can then take several minutes just to get past the splash screen. Even once logged in, I can get kicked out with some authentication error and “too many retries”. Also adding the AD-group to the “Veeam Administrator” role took forever and several retries.
My strong suspicion is that SSSD used for this, is doing forest-wide queries, and since we are a huge company with many domains and trusts this is what takes time and causes timeouts. We’ve worked around this in other self-managed linux systems by using ldap as provider instead of “ad”, and limiting scope with ldap_serarch_base and filters, but not sure this is an option here, and pretty sure it wouldn’t be supported.
Anyone has any ideas how to get past this? We don’t have access to SAML as far as I know.
