- 
				pkelly_sts
- Veteran
- Posts: 600
- Liked: 66 times
- Joined: Jun 13, 2013 10:08 am
- Full Name: Paul Kelly
- Contact:
Which hosts need access to Admin$ for agent deployment?
I'm trying to continue backing up some VMs that have been moved into a DMZ & security (firewall) tightened up but wanted to confirm exactly which machines need the access.
So, given the following scenario, what needs access to admin$ on the backed-up VMs:
Primary Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local SAN) also a Proxy Server
Primary Proxy VM1
Primary Proxy VM2
Primary Proxy VM3
Job 1: Local Backup job + Backup Copy job (to DR site)
DR Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local DR SAN) Also a Proxy Server
DR Proxy VM1
DR Proxy VM2
DR Proxy VM3
Job 1: Local backup job (of a few smaller VMs) + Backup Copy job (to Primary site)
Job 2: Replica job, Source is Primary Site SAN, Destination is DR Site SAN
So, in the replication job running at the DR site but "pulling" from the primary site, which element uploads the agent files:
1) The DR B&R Server
2) The DR Proxy VMs
3) The Primary Site Proxy VMs (of which the Primary site B&R server is also a proxy for the DR site B&R)
Thanks,
Paul
			
			
									
						
										
						So, given the following scenario, what needs access to admin$ on the backed-up VMs:
Primary Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local SAN) also a Proxy Server
Primary Proxy VM1
Primary Proxy VM2
Primary Proxy VM3
Job 1: Local Backup job + Backup Copy job (to DR site)
DR Site:
FC SAN Storage (both VMFS & Backup volumes)
Physical B&R Server (Direct-attach SAN to local DR SAN) Also a Proxy Server
DR Proxy VM1
DR Proxy VM2
DR Proxy VM3
Job 1: Local backup job (of a few smaller VMs) + Backup Copy job (to Primary site)
Job 2: Replica job, Source is Primary Site SAN, Destination is DR Site SAN
So, in the replication job running at the DR site but "pulling" from the primary site, which element uploads the agent files:
1) The DR B&R Server
2) The DR Proxy VMs
3) The Primary Site Proxy VMs (of which the Primary site B&R server is also a proxy for the DR site B&R)
Thanks,
Paul
- 
				Vitaliy S.
- VP, Product Management
- Posts: 27692
- Liked: 2907 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Hi Paul,
Direct network connection to the backed up VMs is not required, since interaction with Guest OS can be performed via VIX API (VMware Tools). As soon as backup server can reach your source ESXi hosts, then you should be fine.
Let me know if that helps!
			
			
									
						
										
						Direct network connection to the backed up VMs is not required, since interaction with Guest OS can be performed via VIX API (VMware Tools). As soon as backup server can reach your source ESXi hosts, then you should be fine.
Let me know if that helps!
- 
				pkelly_sts
- Veteran
- Posts: 600
- Liked: 66 times
- Joined: Jun 13, 2013 10:08 am
- Full Name: Paul Kelly
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Hmm, I think we've had a similar conversation before now that you say that. Thing is, in this case the VSS side of this job consistently fails (I've configured the job to ignore rather than fail on quiescing for now) so it seems the fail-to-VIX-if-needed doesn't appear to be working in our case.
I recall there's a way you can change the overall default to use VIX instead but I'd rather avoid that if I can.
Can you suggest anything I should look at before I log a call with support?
Paul
			
			
									
						
										
						I recall there's a way you can change the overall default to use VIX instead but I'd rather avoid that if I can.
Can you suggest anything I should look at before I log a call with support?
Paul
- 
				foggy
- Veeam Software
- Posts: 21180
- Liked: 2162 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Paul, please note that either disabling UAC or using Domain Administrator account is required to perform application-aware image processing work over VIX.
			
			
									
						
										
						- 
				pkelly_sts
- Veteran
- Posts: 600
- Liked: 66 times
- Joined: Jun 13, 2013 10:08 am
- Full Name: Paul Kelly
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Ah, thanks for that. I do remember seeing somewhere previously that "THE" Domain Admin account must be used and I deeply frowned upon it as a very bad thing (and still think so) but now I understand the reason, i.e. that it's the only other way around UAC other than disabling it, then this gives me something to go back to the security bods with & let them decide which they want to give up (if they want clean backups of course!).
Thanks,
Paul
			
			
									
						
										
						Thanks,
Paul
- 
				pkelly_sts
- Veteran
- Posts: 600
- Liked: 66 times
- Joined: Jun 13, 2013 10:08 am
- Full Name: Paul Kelly
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Actually, there is still another option, that is to open the necessary ports to access Admin$ directly, i.e. my original thinking.
Knowing that, if we choose, we can avoid the need by disabling UAC, if TPTB don't want to give up either UAC or Domain Admin creds, then which hosts require access to Admin$, B&R server or source/destination proxies, or all of the above?
Regards,
Paul
			
			
									
						
										
						Knowing that, if we choose, we can avoid the need by disabling UAC, if TPTB don't want to give up either UAC or Domain Admin creds, then which hosts require access to Admin$, B&R server or source/destination proxies, or all of the above?
Regards,
Paul
- 
				Vitaliy S.
- VP, Product Management
- Posts: 27692
- Liked: 2907 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Backup server should have access to the Guest OS, as runtime process in the backed up VM is managed by the backup server. Thanks!
			
			
									
						
										
						- 
				pkelly_sts
- Veteran
- Posts: 600
- Liked: 66 times
- Joined: Jun 13, 2013 10:08 am
- Full Name: Paul Kelly
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Thanks Vitaliy, I'll give that a go.
			
			
									
						
										
						- 
				ousturali
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: Dec 08, 2014 4:07 pm
- Full Name: OrcunUsturali
- Contact:
[MERGED] Backing up Virtual Machines which has more than 2 n
Hi 
we are trying to backup some vm's which have 2 Ethernet cards ,and the external ip address is firstly detected at virtual center ,
When we try to backup with veeam ,it tries to make connection to this external Ip address for backup and gives this error
""connect to the host's administrative share""
I could not find a way to change or this nic selection at veeam ,
how can this be achived ??
Thanks
			
			
									
						
										
						we are trying to backup some vm's which have 2 Ethernet cards ,and the external ip address is firstly detected at virtual center ,
When we try to backup with veeam ,it tries to make connection to this external Ip address for backup and gives this error
""connect to the host's administrative share""
I could not find a way to change or this nic selection at veeam ,
how can this be achived ??
Thanks
- 
				Vitaliy S.
- VP, Product Management
- Posts: 27692
- Liked: 2907 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up Virtual Machines which has more than 2 nics
Direct network access to the backed up VM is not required, most likely you have a different issue, that prevents you from having successful backup job run.
			
			
									
						
										
						- 
				ousturali
- Influencer
- Posts: 11
- Liked: 1 time
- Joined: Dec 08, 2014 4:07 pm
- Full Name: OrcunUsturali
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Hi Vitaliy,
I had read the above conversation ,according to the above info there are some options for succesfull backups
1-let the veaam server ,logon to the vm with admin credentals (yes all pc are in domain ,)
2-Veeam server can access each ESX server (they are in the same lan)
3-Disable UAC (yes this is also done )
but still the vm's which have more then 1 ethernet are having strange problems in backup.
But the other vm's do not have any problems while backip up.
any other ideas?
REgards.
			
			
									
						
										
						I had read the above conversation ,according to the above info there are some options for succesfull backups
1-let the veaam server ,logon to the vm with admin credentals (yes all pc are in domain ,)
2-Veeam server can access each ESX server (they are in the same lan)
3-Disable UAC (yes this is also done )
but still the vm's which have more then 1 ethernet are having strange problems in backup.
But the other vm's do not have any problems while backip up.
any other ideas?
REgards.
- 
				Vitaliy S.
- VP, Product Management
- Posts: 27692
- Liked: 2907 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Which hosts need access to Admin$ for agent deployment?
Number of NICs does not matter, your VMs can be even located in the DMZ with no network access at tall. Please let our technical team take a look at the debug logs, as it is hard to say what is wrong without seeing this info. BTW, do you have VMware tools up & running on these VMs? Are they up-to-date?
			
			
									
						
										
						Who is online
Users browsing this forum: No registered users and 23 guests