Discussions specific to managed agent-based backups
Post Reply
gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 03, 2019 3:42 am

This is a new install as of today, so all versions are current. Adding an Ubuntu 18.04.2 agent (already installed) to B&R fails with

Code: Select all

Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for 'veeamagentid' utility for OS platform 'Unknown'
B&R logs in as user veeam, shell /bin/bash, with the following modified sudoers file (since the KB article references some binaries that on Ubuntu are in different paths than the article states)

Code: Select all

Defaults:veeam !requiretty
veeam ALL=(root) NOPASSWD: /bin/hostname
veeam ALL=(root) NOPASSWD: /bin/uname
veeam ALL=(root) NOPASSWD: /usr/bin/arch
veeam ALL=(root) NOPASSWD: /bin/cat
veeam ALL=(root) NOPASSWD: /usr/bin/test
veeam ALL=(root) NOPASSWD: /bin/mkdir
veeam ALL=(root) NOPASSWD: /bin/rmdir
veeam ALL=(root) NOPASSWD: /bin/chown
veeam ALL=(root) NOPASSWD: /usr/bin/whoami
veeam ALL=(root) NOPASSWD: /usr/bin/id
# veeam ALL=(root) NOPASSWD: /tmp/*/veeamagentid
veeam ALL=(root) NOPASSWD: /usr/sbin/veeamagentid 
# Agent config/backup
veeam ALL=(root) NOPASSWD: /usr/bin/veeamconfig
# Agent deployment
veeam ALL=(root) NOPASSWD: /usr/bin/apt
veeam ALL=(root) NOPASSWD: /sbin/modinfo
# veeam ALL=(root) NOPASSWD: /bin/rpm
# FLR Restore via console
veeam ALL=(root) NOPASSWD: /bin/sh
veeam ALL=(root) NOPASSWD: /usr/bin/touch
veeam ALL=(root) NOPASSWD: /bin/chmod
veeam ALL=(root) NOPASSWD: /tmp/VeeamAgent*-*-*-*
veeam ALL=(root) NOPASSWD: /bin/rm
veeam ALL=(root) NOPASSWD: /bin/ps
veeam ALL=(root) NOPASSWD: /bin/mv
I tried leaving the default

Code: Select all

/tmp/*/veeamagentid
, which doesn't exist there, and added

Code: Select all

/usr/sbin/veeamagentid 
, where it actually is, to no avail.

How do I add this physical standalone linux machine to B&R?

HannesK
Veeam Software
Posts: 4202
Liked: 519 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by HannesK » Jun 03, 2019 6:56 am

Hello,
the easiest way to find out is monitoring /var/log/auth.log where you can see which command fails.

I was able to install on Debian 9 with this sudoers file. Ubuntu should be similar. But as said, just check auth.log

Code: Select all

Defaults:username !requiretty
username ALL=(root) NOPASSWD: /bin/hostname
username ALL=(root) NOPASSWD: /bin/uname
username ALL=(root) NOPASSWD: /bin/arch
username ALL=(root) NOPASSWD: /bin/cat
username ALL=(root) NOPASSWD: /usr/bin/test
username ALL=(root) NOPASSWD: /bin/mkdir
username ALL=(root) NOPASSWD: /bin/rmdir
username ALL=(root) NOPASSWD: /bin/chown
username ALL=(root) NOPASSWD: /usr/sbin/whoami
username ALL=(root) NOPASSWD: /usr/bin/id
username ALL=(root) NOPASSWD: /tmp/*/veeamagentid

# Agent config/backup
username ALL=(root) NOPASSWD: /usr/bin/veeamconfig

# Agent deployment Debian 9
username ALL=(root) NOPASSWD: /usr/bin/apt
username ALL=(root) NOPASSWD: /sbin/modinfo
username ALL=(root) NOPASSWD: /usr/bin/whoami
username ALL=(root) NOPASSWD: /bin/systemctl
username ALL=(root) NOPASSWD: /usr/bin/arch
username ALL=(root) NOPASSWD: /usr/bin/dpkg-query
username ALL=(root) NOPASSWD: /usr/bin/dpkg
username ALL=(root) NOPASSWD: /usr/bin/apt-get
username ALL=(root) NOPASSWD: /bin/sh


If you have a final sudoers file for Ubuntu 18.04, please share it with the community :-)

Thanks,
Hannes

PS: from a security perspective it makes not sense anyway as you have to allow /bin/sh...

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 03, 2019 4:23 pm

I get

Code: Select all

Jun  3 09:20:56 box sshd[2567]: Unable to negotiate with 192.168.1.x port 6590: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth]
Jun  3 09:20:56 box sshd[2569]: Accepted password for veeam from 192.168.1.x port 6591 ssh2
Jun  3 09:20:56 box sshd[2569]: pam_unix(sshd:session): session opened for user veeam by (uid=0)
Jun  3 09:20:56 box systemd-logind[1187]: New session 4 of user veeam.
Jun  3 09:20:56 box systemd: pam_unix(systemd-user:session): session opened for user veeam by (uid=0)
Jun  3 09:20:57 box sudo:    veeam : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/whoami
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session opened for user root by veeam(uid=0)
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session closed for user root
Jun  3 09:20:57 box sudo:    veeam : command not allowed ; TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl is-active veeamservice
Jun  3 09:20:57 box sudo:    veeam : command not allowed ; TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/systemctl start veeamservice
Jun  3 09:20:57 box sudo:    veeam : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/hostname
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session opened for user root by veeam(uid=0)
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session closed for user root
Jun  3 09:20:57 box sudo:    veeam : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/uname -v
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session opened for user root by veeam(uid=0)
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session closed for user root
Jun  3 09:20:57 box sudo:    veeam : TTY=pts/1 ; PWD=/ ; USER=root ; COMMAND=/bin/uname -r
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session opened for user root by veeam(uid=0)
Jun  3 09:20:57 box sudo: pam_unix(sudo:session): session closed for user root
Jun  3 09:20:57 box sshd[2646]: Received disconnect from 192.168.1.x port 6591:11: Connection terminated by the client.
Jun  3 09:20:57 box sshd[2646]: Disconnected from user veeam 192.168.1.x port 6591
Jun  3 09:20:57 box sshd[2569]: pam_unix(sshd:session): session closed for user veeam
Jun  3 09:20:57 box systemd-logind[1187]: Removed session 4.
Jun  3 09:20:57 box systemd: pam_unix(systemd-user:session): session closed for user veeam

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 03, 2019 4:36 pm

so I added '/bin/systemctl' to the sudoers file. now i get no more permission denied errors in auth.log.

but B&R still gives me the same error about 'veeamagentid'. Notice that

even though '/usr/sbin/veeamagentid' has been added to sudoers, i cannot run veeamagentid without sudo when logged in as veeam. so veeamagentid needs permissions elsewhere to successfully query the agent id. but none of this shows up in auth.log

HannesK
Veeam Software
Posts: 4202
Liked: 519 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by HannesK » Jun 05, 2019 7:34 am

I added a lot more for Debian. any issues in other (veeam) logs?

Just to remind you: from a security perspective it makes no sense to reduce the sudo commands. So I'm not sure whether it's worth to investigate further.

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 05, 2019 7:08 pm

Nothing shows up in the veeam logs.

Care to elaborate why restricting which commands the veeam user can sudo, as opposed to any command, makes no sense?

Thank you!

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 05, 2019 7:47 pm

also, using

Defaults:veeam !requiretty
veeam ALL=(ALL) NOPASSWD: ALL

in sudo doesn't work either. it can't find veeamagentid, per the (useful) error message. It is not a permissions problem.

thanks

HannesK
Veeam Software
Posts: 4202
Liked: 519 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by HannesK » Jun 07, 2019 5:28 am

Hello,
okay, if you cannot even deploy with root permissions, then it is time to involve support. Please post the case number here for reference.

About your security question:
HannesK wrote:PS: from a security perspective it makes not sense anyway as you have to allow /bin/sh...

Best regards,
Hannes

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 07, 2019 6:42 am

Case # 03597594

thank you Hannes

esquia
Lurker
Posts: 1
Liked: never
Joined: Jun 13, 2019 3:48 pm
Full Name: Michael Esquia
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by esquia » Jun 13, 2019 4:09 pm

Hello everyone,

I received the same error on one of my Ubuntu 18.04 LTS servers. My other Ubuntu servers installed the Veeam agent and backup with no errors. As prior post mention, the error is not attributed to permissions; which is true. After reviewing the /var/log/syslog file I noted the error following errors,

[time stamp] gpgconf: running /usr/bin/gpg-agent failed (exitcode=2): General error
[time stamp] gpgconf: fatal error (exit status 1)


After researching the gpg-agent and attempting to start the agent to no avail; I realized that I was able to start the agent for an account with a home directory. The account I am using did not have a home directory. I executed the command mkhomedir_helper <username> and /usr/bin/gpg-agent. Afterwards, I was able to install the agent with no errors.

Hope this assists,
Michael

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 13, 2019 6:28 pm

I think you mean the home dir for the user the agent installs under (in your case, I installed as root).

There is also the user B&R uses to connect to the machine (in my case, not root, but has sudo privileges)

gaia
Influencer
Posts: 14
Liked: never
Joined: Jun 02, 2019 4:31 am
Full Name: Eddie
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by gaia » Jun 18, 2019 3:20 pm

Hannes, AFAIK /bin/sh is only required for restores.

HannesK
Veeam Software
Posts: 4202
Liked: 519 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by HannesK » Jun 19, 2019 7:26 am

I tested it at that day of my post and /bin/sh was required for installation on Debian. That might be different on other distributions.

Yes, I also remember /bin/sh being required for restore.

baber
Expert
Posts: 660
Liked: 3 times
Joined: Nov 21, 2013 12:02 pm
Full Name: Babak Seyedi nejad
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by baber » Oct 13, 2019 5:32 am

Today I have faced with this error , also my os distribution is Redhat 7.6 . I had to say it was working last week but 2-3 days it is appearing this error

how did you solved this isuue?

HannesK
Veeam Software
Posts: 4202
Liked: 519 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Unable to install backup agent: cannot connect to 192.168.1.x Error: Failed to get path for

Post by HannesK » Oct 14, 2019 5:57 am

@baber : please contact support. As mentioned earlier in a private message: please do not ask about technical issues without opening a case first!

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests