Monitoring and reporting for Veeam Data Platform
Post Reply
EmergeTech
Service Provider
Posts: 2
Liked: 1 time
Joined: Jun 14, 2018 7:33 am
Full Name: Darryl Smith
Contact:

Connecting Veeam One to Remote Customer Server

Post by EmergeTech » 1 person likes this post

Hi all,

As a MSP, I'm attempting to use Veeam ONE to connect to all our customer servers running Veeam Backup and Replication so that I can monitor them all from one pane of glass and not have to remote into each individual server.

I've opened ports 135 and 445 on the customer's firewall to the server running Veeam B&R at the customer's site. However, when I try to add the server to Veeam ONE, I get the following error message:
Veeam ONE Monitor could not connect to <servername>. The object exporter specified was not found. (Exception from HRESULT: 0x80070776)
The Firewall packet capture indicates that traffic to the customer B&R server is hitting the server on Port 135 without issue.

Any help to put me back on the right path and get this sorted would be greatly appreciative.

Thanks in advance.
Dima P.
Product Manager
Posts: 14396
Liked: 1568 times
Joined: Feb 04, 2013 2:07 pm
Full Name: Dmitry Popov
Location: Prague
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Dima P. »

Hello Darryl.

Can you please confirm that account your to access Veeam B&R server meets following requirements? Thanks
EmergeTech
Service Provider
Posts: 2
Liked: 1 time
Joined: Jun 14, 2018 7:33 am
Full Name: Darryl Smith
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by EmergeTech »

Hi Dmitry,

I'm entering the credentials for the local administrator account on the remote server.

Cheers
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Vitaliy S. »

Does this happen on all Veeam backup servers? Can you please tell me if you're able to remotely connect to WMI of that backup server? If not, then make sure that this firewall configuration is also applied.
Jeffreym
Influencer
Posts: 23
Liked: 1 time
Joined: Mar 01, 2018 2:54 am
Full Name: Jeffrey Marr
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Jeffreym »

Hi,
I work for an MSP as well and we were trying to do the same but was told but support that it was not possible. I would really be interested if you were able to get it working.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Vitaliy S. »

Hi Jeffrey,

That's absolutely possible. Can you please give me the case ID where you were told that it was not possible? Also can you please describe the network you have between your site and customers"? Do you have VPN connection between these sites?

Thanks!
Jeffreym
Influencer
Posts: 23
Liked: 1 time
Joined: Mar 01, 2018 2:54 am
Full Name: Jeffrey Marr
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Jeffreym »

Hi,
Thanks for the reply, the case # was 3093497. There is no VPN connect between the sites. we have opened the requested firewall ports between us and them and locked them down to only respond to our WAN IP. No windows firewalls turned on. Is a VPN required to make it work?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Vitaliy S. »

VPN will make the connection more secure and will not expose your backup server to the internet. Some companies have restrictions on this matter. The easiest way to check out if all ports are open or not is to run a WMI test which should show if you're able to connect to the remote server or not.

On a side note, can you please clarify the main use case for you to connect to these backup servers? Do you manage them? Do you need to check job states or there is something else you want to do?
Jeffreym
Influencer
Posts: 23
Liked: 1 time
Joined: Mar 01, 2018 2:54 am
Full Name: Jeffrey Marr
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Jeffreym »

We are a MSP that provides managed and cloud backup to all of our clients. We currently us the VAC to manage the backups. we would like to use the reporting functions of the software to help us with being proactive with their environment. Do you have a certain test that's good to for the WMI testing?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Vitaliy S. »

Got it! Well you can try to use a Wbemtest tool to verify this, but I'm pretty sure you will need to open way more dynamic ports to make it work. If you would like to have more visibility into customers infrastructures, then scheduling pre-built reports and dashboards might solve the case. All reports will land into your inbox and if there is an issue you will be able to RDP or use Remote backup console to fix the backup related problem.
Jeffreym
Influencer
Posts: 23
Liked: 1 time
Joined: Mar 01, 2018 2:54 am
Full Name: Jeffrey Marr
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Jeffreym »

So your saying I need a VPN connection then, because the the dynamic port requirement?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Vitaliy S. »

Not sure about dynamic ports (need to verify that), but regardless of that, the backup server should have a public IP address and you should configure port forwarding/firewall rules on the gateway (customer site) to route traffic from the remote public network (your site) to that backup server. VPN will make your WAN connection act as if you're running both servers in one network.
quinnvanorder
Influencer
Posts: 15
Liked: 16 times
Joined: Jan 31, 2019 2:25 am
Full Name: Quinn Van Order
Location: Seattle WA
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by quinnvanorder »

This thread is probably too dead to resurrect, but I am in the exact same boat, and have hit the same roadblock with Support. Basically, for the life of me I cannot get WBEMTest to connect to any remote device.

In opening a ticket with support, I was informed that BEM is supposed to act as a broker to One, so by adding BEM to one, nothing further should be needed for One to enumerate the components. However when adding BEM to One, it can see the existence of components, but is unable to communicate with any of them. I ended up as a test trying to directly add machines to One, and it has yet to succeed unless we open a BOVPN tunnel, which isn't an option at scale.

I am also getting the exact same error mentioned above when attempting to connect via wmi / wbemtest of: "The object exporter specified was not found"

I went through the documents referenced, applied all workarounds, and while WBEMTest works fine on the client's LAN, it can never reach into the LAN from the WAN. Interestingly, if I give WBEMTest deliberately incorrect credentials, I immediately get an access denied message, so it is getting far enough to authenticate before it fails. As this point, Veeam support seems to suspect the issue is a protocol level failure on Msft's end with WMI, but seeing this exact same set of symptoms leads me to believe it is an issue with Veeam.

Bigger picture here, I feel like I am missing some obvious easier way to make this connection. Having to make a huge set of port rules and local permission changes per device doesn't seems scalable. Is there no way to drop some agent in place on all servers that have Veeam, and have that agent know how to "phone home" to a One instance? Or more to the point, is this just a case where One is not designed to administer anything larger than a single LAN? If so, is there an equivalent to ONE designed for MSP's?
Automate all the things!
Shestakov
Veteran
Posts: 7328
Liked: 781 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Shestakov »

Hello quinnvanorder,

Could you provide the support case number you have opened?

Thanks!
quinnvanorder
Influencer
Posts: 15
Liked: 16 times
Joined: Jan 31, 2019 2:25 am
Full Name: Quinn Van Order
Location: Seattle WA
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by quinnvanorder » 2 people like this post

As an update to this, I found the answer to the bug at hand, but was informed that Veeam One is not to be used this way.

I ended up getting on a call with our Veeam reps, and they indicated that Veeam One is not designed to run over the WAN. It is technically possible to do, and I was able to finally solve the problem listed on this server; aside from all listed ports, you also need to be sure you can ping the device by its name, that was the cause of the wbemtest failure.

However in making this run over the internet, a massive array of ports must be opened, it doesn't work over snat so each device would need its own external IP, and some of the required ports are blocked by default by some ISP's including Comcast, so you would have to call per client to open this up.

After speaking with the veeam reps, we have taken a different approach.

1) We utilize BEM to administer all devices. (pro tip, create a DNS zone called 'Veeam' and add that as an alternate dns lookup value. Then you can just add A records for the external IP's of each device by name)
2) We utilize VAC for monitoring and reporting
3) We have Veeam One installed on each local instance for gathering more detailed local logs, the idea being we can dive into that to investigate any weird longer term issues. It is possible that VAC can do all that Veeam One can do, we have not done a deep dive into this product, being more focused on configuring BEM at scale.

Bigger picture here, it seems like frequently Veeam makes the design assumption that all infrastructure will be on one network. This is not ever the case for the MSP model. Having Veeam one instead rely on an agent that could phone home over a single port and negotiate anything further it needs over upnp or similar would be magical. Same with BEM, while it uses a much more reasonable set of ports, it is still annoying to configure at scale. Any monitoring product should support the option to drop a small MSI in place that can phone home to a central server.
Automate all the things!
Shestakov
Veteran
Posts: 7328
Liked: 781 times
Joined: May 21, 2014 11:03 am
Full Name: Nikita Shestakov
Location: Prague
Contact:

Re: Connecting Veeam One to Remote Customer Server

Post by Shestakov »

Thanks for the details, Quinn Van Order!
We will take your case and request into account.
Post Reply

Who is online

Users browsing this forum: No registered users and 17 guests