Comprehensive data protection for all workloads
Post Reply
Coldfirex
Enthusiast
Posts: 86
Liked: 15 times
Joined: May 22, 2015 1:41 pm
Full Name: Alan Shearer
Contact:

ADV190023

Post by Coldfirex »

Howdy,

Does Veeam (B&R, One, AHV, etc.) support LDAPS? Specifically LDAPS with Channel binding and LDAP signing support.

We are preparing for this Microsoft patch which will eventually require it.
https://portal.msrc.microsoft.com/en-US ... /ADV190023
Gostev
Chief Product Officer
Posts: 31809
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: ADV190023

Post by Gostev »

Hi - looks like in the end, there will be no changes until mid/late 2020:
https://techcommunity.microsoft.com/t5/ ... a-p/921536
Coldfirex
Enthusiast
Posts: 86
Liked: 15 times
Joined: May 22, 2015 1:41 pm
Full Name: Alan Shearer
Contact:

Re: ADV190023

Post by Coldfirex »

Good link Gostev.
Yes, I know that the switchover was pushed back. I am building a list of all of our applications that use LDAP so we can verify functionality though. Where do the Veeam products stand?
Gostev
Chief Product Officer
Posts: 31809
Liked: 7300 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: ADV190023

Post by Gostev »

We never use simple LDAP bind to our knowledge, so we don't expect to be impacted by this change, whenever it happens. Thanks!
Coldfirex
Enthusiast
Posts: 86
Liked: 15 times
Joined: May 22, 2015 1:41 pm
Full Name: Alan Shearer
Contact:

Re: ADV190023

Post by Coldfirex »

Perfect, thanks!
dv8tor
Novice
Posts: 7
Liked: 2 times
Joined: Jan 18, 2016 12:54 am
Full Name: Chris H
Contact:

Re: ADV190023

Post by dv8tor » 1 person likes this post

Hi guys,

This may be better in a thread of its own, but based on the thread advisory (even though Veeam uses LDAPS themselves), if your vCenter server is changed from (say) integrated authentication to LDAPS and your vCenter credentials in Veeam are in NETBIOS form <domain\user>, I have found that we had failed backups. Veeam reports correctly in the job logs that the user credentials are invalid but the GUI reports 'an unhandled exception being thrown during the licensing process.' I'm using v10, but not sure if it is also relevant to older versions.

If we changed our vCenter auth identity back to integrated authentication, the backups are successful.

Changing the credentials in Veeam from NETBIOS to FQDN, then changing our vCenter back to LDAPS also shows success (so exactly what I wanted).

Just an FYI for people out there. I had an open ticket with Veeam (#04169735) and have let them know the same. Maybe the GUI error needs to be a little more defined, but the changing of credential type would definitely be a must do for people moving from integrated to LDAPS authentication for their vCenter servers.

Chris
nmdange
Veteran
Posts: 528
Liked: 144 times
Joined: Aug 20, 2015 9:30 pm
Contact:

Re: ADV190023

Post by nmdange » 1 person likes this post

I'd recommend using a local vcenter account for Veeam, so Veeam can still talk to VCenter even if Active Directory has an issue.
dv8tor
Novice
Posts: 7
Liked: 2 times
Joined: Jan 18, 2016 12:54 am
Full Name: Chris H
Contact:

Re: ADV190023

Post by dv8tor »

Agreed- this was a grandfathered configuration (which I am looking at changing when I upgrade to vSphere 7) I will admit but it's still worth a mention for those in the same boat.

Chris
Post Reply

Who is online

Users browsing this forum: Google [Bot], veremin and 312 guests