+3Is there a way to test the encryption key on backups without having to run a restore? I ran into a situation recently where the encryption password did not work on restored data. I want to setup Enterprise Manager for everyone, but in the interim, I’d like to manually test each encryption key and reset it/run a new full backup if need be.
Is there a way to recover an encryption key with Service Provider Console?
Best answer by Mildur
We are testing it with the Configuration Restore Wizard.
In the Restore Wizard, there is a step to put in the password. If it works, the configuration backup was correctly decrypted. I assume it will work with the backup files too.
If you need to test it, install vbr on a second server and import the restore points.
VSPC cannot decrypt the passwords.
PS:
Or you can use the extract utility. It will ask for the password too.
Extract Utility - User Guide for VMware vSphere (veeam.com)
extract.exe -dir [-vm vmname] [-host hostname] [-password backupkey] pathtobackupDisplaying List of Machines in Backup - User Guide for VMware vSphere (veeam.com)
+12We are testing it with the Configuration Restore Wizard.
In the Restore Wizard, there is a step to put in the password. If it works, the configuration backup was correctly decrypted. I assume it will work with the backup files too.
If you need to test it, install vbr on a second server and import the restore points.
VSPC cannot decrypt the passwords.
PS:
Or you can use the extract utility. It will ask for the password too.
Extract Utility - User Guide for VMware vSphere (veeam.com)
extract.exe -dir [-vm vmname] [-host hostname] [-password backupkey] pathtobackupDisplaying List of Machines in Backup - User Guide for VMware vSphere (veeam.com)
+3We are testing it with the Configuration Restore Wizard.
In the Restore Wizard, there is a step to put in the password. If it works, the configuration backup was correctly decrypted. I assume it will work with the backup files too.
If you need to test it, install vbr on a second server and import the restore points.
VSPC cannot decrypt the passwords.
PS:
Or you can use the extract utility. It will ask for the password too.
Extract Utility - User Guide for VMware vSphere (veeam.com)
extract.exe -dir [-vm vmname] [-host hostname] [-password backupkey] pathtobackupDisplaying List of Machines in Backup - User Guide for VMware vSphere (veeam.com)
Thank you!!!!
+12Happy to help :)
+14Let me hijack this question 😉
Does anyone have any idea how to easily test encryption passwords for backups stored in object storage? So without having to setup a fresh VBR installation and import the backups there?
+3Let me hijack this question 😉
Does anyone have any idea how to easily test encryption passwords for backups stored in object storage? So without having to setup a fresh VBR installation and import the backups there?
This same solution I used might do the trick. Run the extract utility and enter the encryption password when it asks for it. That will tell you for sure if the password is working or not.
+12You cannot run the extract utility against an object storage bucket :)
VBR is required to read the objects and make any sense of it.
+14Exactly thats the problem. If we could mount a S3/blob with the extract utility, it would be easy 😅
+8crazy idea here, what about sure backup?
in V12, as we will be allowed to run a backup directly to S3, would be possible to spin a SureBackup also from an S3 location?
and to read that machine, it will need to decrypt the backup to spin up the VM.
right? or am I in Friday mode and I need a beer?
🤣
cheers-
+14The problem is that you won't notice if anyone has maliciously changed the encryption password. As long as it present in the VBR configuration you will be able use the backups. But as soon as they keys get deleted, you can't decrypt your backups anymore.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
