[What (else) is new in v11 - VII] Persistent guest agent

Thank you @vNote42 for sharing, could you please let me want to know the use of this component, and where is it used?

Awesome share @vNote42 , thank you i hadn’t read that in the release notes

It is used if you enable application aware processing for a windows VM; that way Veeam will prepare the VM/application and do additional tasks. This process is always removed from the VM afterwards. With the persistent agent Veeam doesn't have to deploy it for every job run; less firewall configuration and better security.

Have the release notes already been published?
 

Nope any available documentation (the sharing of which is prohibited at present) indicates as it’s not GA yet it’s subject to change still. Not long now!

I am waiting for the “what’s new” document as well 

I think this is only a temporary plan? After it is announced on February 24 and waiting for the official document to confirm, thank you @vNote42, @MicoolPaul  and @regnor for your help. 

This will make things much easier for our clients definitely.  Looking forward to this one. 

Did anyone in the community already try the new persistent guest agents? I’m currently setting them up for a customer, but during the backup Veeam always fails over to the non-persistent way, which then fails because of missing access to Admin$ and blocked firewall ports. The logs aren’t that detailed about whats happening with the persistent guest agent or within the guest itself.

You probably know this: https://helpcenter.veeam.com/docs/backup/vsphere/runtime_process.html?ver=110#persistent-agent-components. There you find the flow chart to use persistent agent.

Did not see this up to now.

Yes, I've already checked that article. So far everything looks good and the components are getting deployed according to the logs. But at the final step Veeam goes back to the traditional way without a detailed error.

I've opened a case and will see what support can find.

I will use it soon, in august for approx 50 Windows Agents.

Hi, @regnor ! Any news about this issue? I would be very interested!

@vnote42 and @regnor , if this server is not domain joined, perhaps following registry-key will solve your problem (already had to do that if not having access to admin$ for a non domain joined server) : 

LocalAccountTokenFilterPolicy (DWORD) put on 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

More info : Can't access ADMIN$ share using a local user or LAPS account – Support (pdq.com)

Thanks for this input, Nico! The access to admin$ shouldn’t be necessary with persistent guest agent → agent is already running in VM.

@vNote42 Unfortunately it is still not working and support is still investigating.

@Nico Losschaert Thanks for asking. We've tried this key and even completely disabled UAC, but still the connection is failing.

How did you see backup failed over to non-persistent agent? I did not see in GUI-log what agent the job uses.

I think you'll see in the GUI that the persistent agent isn't reachable. At least the logs show which way is used.

In our case we see the following:

Failed to inject guest runtime using guest interaction proxy, failing over to backup server
Failed to inventory guest system: Veeam Guest Agent is not started

The non-persistent way is also not working as the Admin Shares aren't available.

Ah, I see. The first Failed-message I know. It is green-marked. I guess the second is red?

Yes it is. The backup server itself can't connect to the guest VM, so finally guest processing is falling.

I hope to receive a solution on Monday or else I'll setup an alternative.

Hey guys, have either of you done a packet capture on this yet? I’d expect this to be a firewall issue. Be good to validate the port we see Veeam connect to is as expected and the endpoint’s firewall is permitting it and we see the traffic on that device.

@MicoolPaul I've created a Wireshark capture for Veeam Support from both the proxy and the guest. It doesn't look like they've found the cause in those captures as we have a new remote session on Monday. 

The necessary ports are reachable which we have verify via powershell. And you can also see in the logs that the proxy is able to connect to the guest, it starts uploading all other Helper files and then it just fails.

What antivirus is being used? 🙂

None, except for Windows Defender 😉

I've also posted it in the forums: https://forums.veeam.com/post424005.html?sid=d92af730896c5f80f565449959eb3704#p424005

So, today support came to the conclusion that it's a bug withing the guest interaction proxy and not directly with the persistent guest agent. We're waiting for the hotfix/patch now.

Thanks for the update!