Change SSO login for physical computer

ms.premium · Post by **ms.premium** » Mar 16, 2019 7:21 am this post

Hi
I have an issue with Veeam 9.5 update 4.0. I want to back up from physical computers and this is my Scenario:
1- In AD, make a domain user name as Veeam@contoso.com for veeam backup uses.
2- In Veeam Backup Create Protection Group and add PC1.contoso.com, PC2.contoso.com into this group.
3- With AD GPO, Veeam@contoso.com have local admin permission of each PCs.
4- Create schedule job for sample group to make backup from physical computer (PC1, PC2)
My Problem:
- Change SSO login from authenticated users to Veeam@contoso.com
For example, before backup start, current session PC1 is user1@contoso.com. When backup start (in state “Creating VSS snapshot”), session user1@contoso.com changed to the veeam.contoso.com.
When backup tasks finish with successful state, veeam@contoso.com is current session and user1@contoso.com was logged off.
In my network firewall uses sso login to apply policy. When this problem was happened all of my policy was disabled.
Can u guide me for solve this problem?
tnx a lot

Post by **HannesK** » Mar 18, 2019 5:59 pm this post

Hello,
I moved the topic to Veeam Agent for Windows forum.

Just to clarify that I understand the problem. user1@contoso.com is working on the PC. When the backup starts, then the user gets logged off from his desktop?

In my network firewall uses sso login to apply policy. When this problem was happened all of my policy was disabled.

could you also describe a little bit more what that means? I currently don't see how a firewall fits to this issue.

Thanks,
Hannes

ms.premium · Post by **ms.premium** » Apr 08, 2019 10:53 am this post

hi,
my firewall policy based on sso authentication. that means when a user login to the windows, my firewall check user session for authentication. when this process complete, user can use internet or other futures. but when veeam backup authenticate windows with its user name to connect windows, current session changed to veeam user.
for example: Sophi (real windows user) login to windows normally (this time current user is Sophi), when veeam backup wants to start a job, login with veeam user, current user at this time change to veeam user(current user in windows OS is Veeam).
in this case real user(Sophi) can not authenticate with my firewall policy, because current session(current user login on windows) is "Veeam".

Post by **HannesK** » Apr 08, 2019 11:34 am this post

Hello,
okay, thanks for the explanation.

As you mentioned, that the issue starts when VSS snapshot is created, two questions:
1) does the the "Veeam Agent for Windows" run as local system?
2) did you activate application aware processing with the veeam@contoso.com user? (usually not required on workstations)

Best regards,
Hannes

ms.premium · Post by **ms.premium** » Apr 09, 2019 5:43 am this post

hello,
1) Veeam Agent for Windows deployed to domain computers with veeam backup app. and start normally. I see agent icon in windows taskbar side of Clock.
2) no i don't use application aware processing in my job.

my problem is when veeam backup wants to connect a pc and start its job, windows user session change to the veeam user agent that i config in main allpication. this subject conflict with firewall because firewall detect veeam user instead current user login.
thanks

Post by **HannesK** » Apr 09, 2019 6:50 am this post

Hello,
got it. I just wanted to make sure there is no "easy workaround".

I see no way to avoid the login to the computer as it is the authentication mechanism which allows / denies a backup server to start backup jobs. The only workaround I see is that you allow veeam@contoso.com to communicate with the internet.

Best regards,
Hannes

Change SSO login for physical computer

Re: Change SSO login for physical computer

Re: Change SSO login for physical computer

Re: Change SSO login for physical computer

Re: Change SSO login for physical computer

Re: Change SSO login for physical computer