-
- Enthusiast
- Posts: 86
- Liked: 15 times
- Joined: May 22, 2015 1:41 pm
- Full Name: Alan Shearer
- Contact:
ADV190023
Howdy,
Does Veeam (B&R, One, AHV, etc.) support LDAPS? Specifically LDAPS with Channel binding and LDAP signing support.
We are preparing for this Microsoft patch which will eventually require it.
https://portal.msrc.microsoft.com/en-US ... /ADV190023
Does Veeam (B&R, One, AHV, etc.) support LDAPS? Specifically LDAPS with Channel binding and LDAP signing support.
We are preparing for this Microsoft patch which will eventually require it.
https://portal.msrc.microsoft.com/en-US ... /ADV190023
-
- Chief Product Officer
- Posts: 31809
- Liked: 7300 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: ADV190023
Hi - looks like in the end, there will be no changes until mid/late 2020:
https://techcommunity.microsoft.com/t5/ ... a-p/921536
https://techcommunity.microsoft.com/t5/ ... a-p/921536
-
- Enthusiast
- Posts: 86
- Liked: 15 times
- Joined: May 22, 2015 1:41 pm
- Full Name: Alan Shearer
- Contact:
Re: ADV190023
Good link Gostev.
Yes, I know that the switchover was pushed back. I am building a list of all of our applications that use LDAP so we can verify functionality though. Where do the Veeam products stand?
Yes, I know that the switchover was pushed back. I am building a list of all of our applications that use LDAP so we can verify functionality though. Where do the Veeam products stand?
-
- Chief Product Officer
- Posts: 31809
- Liked: 7300 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: ADV190023
We never use simple LDAP bind to our knowledge, so we don't expect to be impacted by this change, whenever it happens. Thanks!
-
- Enthusiast
- Posts: 86
- Liked: 15 times
- Joined: May 22, 2015 1:41 pm
- Full Name: Alan Shearer
- Contact:
Re: ADV190023
Perfect, thanks!
-
- Novice
- Posts: 7
- Liked: 2 times
- Joined: Jan 18, 2016 12:54 am
- Full Name: Chris H
- Contact:
Re: ADV190023
Hi guys,
This may be better in a thread of its own, but based on the thread advisory (even though Veeam uses LDAPS themselves), if your vCenter server is changed from (say) integrated authentication to LDAPS and your vCenter credentials in Veeam are in NETBIOS form <domain\user>, I have found that we had failed backups. Veeam reports correctly in the job logs that the user credentials are invalid but the GUI reports 'an unhandled exception being thrown during the licensing process.' I'm using v10, but not sure if it is also relevant to older versions.
If we changed our vCenter auth identity back to integrated authentication, the backups are successful.
Changing the credentials in Veeam from NETBIOS to FQDN, then changing our vCenter back to LDAPS also shows success (so exactly what I wanted).
Just an FYI for people out there. I had an open ticket with Veeam (#04169735) and have let them know the same. Maybe the GUI error needs to be a little more defined, but the changing of credential type would definitely be a must do for people moving from integrated to LDAPS authentication for their vCenter servers.
Chris
This may be better in a thread of its own, but based on the thread advisory (even though Veeam uses LDAPS themselves), if your vCenter server is changed from (say) integrated authentication to LDAPS and your vCenter credentials in Veeam are in NETBIOS form <domain\user>, I have found that we had failed backups. Veeam reports correctly in the job logs that the user credentials are invalid but the GUI reports 'an unhandled exception being thrown during the licensing process.' I'm using v10, but not sure if it is also relevant to older versions.
If we changed our vCenter auth identity back to integrated authentication, the backups are successful.
Changing the credentials in Veeam from NETBIOS to FQDN, then changing our vCenter back to LDAPS also shows success (so exactly what I wanted).
Just an FYI for people out there. I had an open ticket with Veeam (#04169735) and have let them know the same. Maybe the GUI error needs to be a little more defined, but the changing of credential type would definitely be a must do for people moving from integrated to LDAPS authentication for their vCenter servers.
Chris
-
- Veteran
- Posts: 528
- Liked: 144 times
- Joined: Aug 20, 2015 9:30 pm
- Contact:
Re: ADV190023
I'd recommend using a local vcenter account for Veeam, so Veeam can still talk to VCenter even if Active Directory has an issue.
-
- Novice
- Posts: 7
- Liked: 2 times
- Joined: Jan 18, 2016 12:54 am
- Full Name: Chris H
- Contact:
Re: ADV190023
Agreed- this was a grandfathered configuration (which I am looking at changing when I upgrade to vSphere 7) I will admit but it's still worth a mention for those in the same boat.
Chris
Chris
Who is online
Users browsing this forum: Google [Bot], veremin and 312 guests