Hoping somebody can point out my mistake, I'm pretty sure it's obvious and I'm doing something rather foolish!
The environment I'm working in is running Veeam 6.5 and vSphere Client 4.0.0, VMWare vCenter Server 4.0.0
I'm attempting to run an application aware backup on a Domain Controller in my virtual environment but the backup is failing. The virtual DC has 2 NICs configured on it, 172 and 10 networks. My veeam backup server has a single NIC on the 10 network. Looking at the failure report, I'm getting:
Failed to prepare guest for hot backup. Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [172.<<REDACTED>>]. Account: [<<REDACTED>>]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [fe80::e447:d7cd:e348:a2de%13]. Account: [<<REDACTED>>]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [fe80::915e:5d8b:c3
Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [172.<<REDACTED>>]. Account: [<<REDACTED>>]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [fe80::e447:d7cd:e348:a2de%13]. Account: [<<REDACTED>>]. Win32 error:The network path was not found. Code: 53 Cannot connect to the host's administrative share. Host: [fe80::915e:5d8b:c3c6:1432%11]. Account: [<<REDACTED>>
Obviously the problem is that it's trying to communicate on the 172 network, not the 10, but I can't seem to find a way to force it onto the 10? Am I doing something incredibly foolish?
Firstly I'd check if there is a connection/route from Veeam to DC. If an ICMP traffic is blocked the you can try to use a UDP tracert utility from your Veeam server to your virtual DC's 10.x.x.x in order to check that. Please note, that if the outbound ICMP Destination Unreachable packets are blocked, then even UDP traceroute won’t work.
Unfortunately the destination unreachable packets are also blocked. The fun of a secure system.
I've got a persistent route configured to route all traffic through a known working gateway that has access though, so the 10 range IP should be accessible, it just doesn't appear to be trying to use it!
Just working through the article now. There was a time inconsistency of about 40 minutes that I've corrected, looking at port access etc at the moment.
VMWare tools show as OK, both IP addresses are listed in the vsphere summary page (172 and 10 networks) with the 172 being displayed first (assume this is why it's trying that one?) I'm unable to access the Admin share on either IP so I've fired it over to our firewall guys to take a look at.
Just remind them that support for this version has ended a year ago.
I'd try to force VIX using the registry value mentioned in the KB article, since you do not need network connection to VMs to backup them (just make sure you're using built-in administrator account or disable UAC).
Many thanks for your assistance.
I've now managed to get it working. It seems that my backup administrator user that I created isn't suitable and when I run it under the main domain\Administrator account, it works just fine. I'll need to speak to the client and get permission to use that account but that's a non-technical issue and the solution is now working.
Glad you've nailed it. Looks like both network and networkless attempts were failed in your case (the second one due to UAC). I remember that v6.5 logged only one error in this case in the job summary.
Why is Veeam not able to use domain users with Administrator privileges to solve this issue?
Some clients do not want to share domain or local administrator information and for such small businesses supporting them and its really affecting small businesses who provide backup tasks.
Issue still happening for jobs running under an account with administrator privileges on VBR
Because it's a Windows requirement if you want to backup a domain controller with the capabilities Veeam has.
You can use VMware tools quiescing as an alternative. Then you need to open the ntds.dit manually for restore with the Veeam Explorer for Active Directory (otherwise this happens automatically = easier to use)
With your second question, I'm not sure whether you are talking about the same topic. What are you trying to achieve? Are you a managed service provider trying to backup your clients? Can you describe your environment?
