Authentication to Domain Controller

[Paul L]

I couldn't find this anyplace (been searching for a solution for a week), so thought I'd pass it along in case anyone else runs into this situation. In our environment, we have a normal user network, and we have a number of very strictly controlled networks, firewalls tightened down to only the ports required for the apps running on the network.

Along comes Veeam backup to replace our Arcserve. We put all Veeam proxy, repository and management servers on the normal network. The three tightened down networks all have physical servers, so agents are being used. Ports are opened in the firewalls as per Veeam documentation, including port 6160, between these networks and our Veeam infrastructure servers. Once ports are opened, the agents install fine, scanning of infrastructure works fine, but backups fail with: Failed to connect to <server>:6160. That's all, nothing else.

Logs show something about CCredentials, but not that they actually failed, or why. Additionally, the same credentials work for all servers, VMs and physicals, on the normal network. Anyway, watching the firewalls, shows us multiple, random high port connections being created to the domain controllers on each network. Opening the entire dynamic range of 49152 to 65535, from the controlled networks to the domain controllers used by those networks (domain controllers are on the normal network), fixed the issue. It would have been nice if the error actually said "Failed to verify authentication of supplied credentials", or something like that. Not, "failed to connect on port 6160."

[Dima P.]

Hello Paul.

Can you please check that Veeam B&R server name is resolvable from the machine with agent installed? Thanks!