Question

Veeam VBR in AVS

  • 20 December 2022
  • 7 comments
  • 158 views

Userlevel 6
Badge +1

We are migrating some of our VMs to Azure (AVS) using vmware HCX. We just migrated a VBR to the AVS environment.

So Veeam when Veeam tried to backup a VM in the AVS environment, we get this error: 

11/14/2022 10:53:45 PM :: Processing bbbbbbVM Error: Failed to open VDDK disk [[vsanDatastore] c9d37263-be7b-37b8-2875-08c0eb40d47a/bbbbbbVM.vmdk] ( is read-only mode - [true] )
Logon attempt with parameters [VC/ESX: [vc.4bc149b43878428757ed53.westus2.avs.azure.com];Port: 443;Login: [userdite@abd.lcl];VMX Spec: [moref=vm-1073];Snapshot mor: [snapshot-1084];Transports: [nbd];Read Only: [true]] failed because of the following errors:
Failed to open disk for read.
Failed to upload disk. Skipped arguments: [vddkCo  

Looks like a permission issue with using the CloudAdmin account (which is the account with the highest privilege) that we are allowed to use in AVS.

We can do backups using agent based install but looking for other alternatives. Thanks.


7 comments

Userlevel 7
Badge +20

Hi,

 

Sounds like you’re using network mode, you can’t use that if so, you MUST use hot-add mode.

 

see below links:

https://helpcenter.veeam.com/docs/backup/vsphere/vmware_cloud_aws.html?ver=110

 

https://www.veeam.com/kb2414

 

https://kb.vmware.com/s/article/85239

Userlevel 7
Badge +7

I agree with @MicoolPaul above.  Try adding a VM in the vSAN cluster and rerun the backup job.  If you still get this error look at your permissions.

 

If you get stuck you can check out Veeam KB 2414 for more info.  The KB says VMC on Dell and AWS, but the setup is the same fro VMC deployments (AWS, Dell, Azure).

Userlevel 6
Badge +1

Thanks much for your comments. The VBR in AVS is already setup as Virtual Appliance. The VBR is the proxy and repo as well since this is a small environment for testing. The cloudadmin has low level file operations permission for the datastore and update VM’s metadata. What other permission should I look at? 

 

As mentioned above the repo is in the same AVS environment since we don’t have access to additional vPC (Virtual Network) outside of the current AVS environment to create . Having said that, I don’t think that is the cause of the error. We would be proposing to have the repo outside of the AVS or use blob storage once v12 comes out.

 

What other options should I look at? Thanks.

 

 

Userlevel 7
Badge +7

@spider32 Here is a link to the required vCenter permissions needed - https://helpcenter.veeam.com/docs/backup/permissions/installation.html?ver=110.   Obviously, a few of these are not available in the VMC vCenter but the majority of these are.  I’d check and make sure the account you are using has all the proper vCenter permissions.

Userlevel 6
Badge +1

Yes, permissions still on my list to check. 

I did a manual test to hot-add and was able to add the disk from the VM to my Veeam proxy (VBR). 

 

Userlevel 6
Badge +1

Had a ticket opened with Veeam. We checked the settings and did a few troubleshooting steps outlined in https://www.veeam.com/kb2008.

Checked https://helpcenter.veeam.com/docs/backup/permissions/backup.html?ver=110 against the cloudadmin permissions, we seem to be lacking the Enable/Disable Methods on the Global Level.

We’ll reach out to our Microsoft/VMware contact and request them to add the permissions above. Hope this solves the issue.

Thanks for all the suggestions.

 

 

 

Userlevel 6
Badge +1

The issue with this is that port 902 on the esxi hosts were blocked. MS tested that it was open at their end. When I tested the connection, I only did port 443 on the esxi hosts, I dropped the ball on that one. Anyway, instead of working with our Networking and our provider’s, just pointed our VBR to route directly to Azure instead of going back on-prem then going out. This is still POC so did not ask any more question as to their routing preferences but I’m sure they will make improvements once we do production traffic. Thanks for all the ideas.  

Comment