RESTful knowledge exchange
Post Reply
kosov.janko
Influencer
Posts: 18
Liked: 1 time
Joined: Oct 07, 2015 12:58 pm
Contact:

Security Scopes Rebuild fails

Post by kosov.janko »

Dear Veeam team,

Our use case:
1. We assign in VM-123 VEM restore scope to user1.
2. Over time we assign this VM-123 VEM restore scope to additional 9 other users: user{2..10}.
3. After some time we delete this VM-123, without removing VM-123 VEM restore scope from users user{1..10} (its a rather tedious task).
4. We assign in VM-456 VEM restore scope to user{1..10}.

... But now the internal process "Security Scopes Rebuild" starts failing for those users user{1..10}, as the VM-123 does not exists any more... and the users do not see VM-456 now.

Question: Is there a purge / clean-up method, which would remove zombie VMs (VM does not exist on vCenter, but is mentioned in users' VM scope), so that "Security Scopes Rebuild" would be successful again? Ideally something that can be triggered periodically via API?

Or are we going the wrong way about this problem at all?

Thanks for your answers!
oleg.feoktistov
Veeam Software
Posts: 1912
Liked: 635 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Security Scopes Rebuild fails

Post by oleg.feoktistov »

Hi,

You mean you need to remove VM-123 VEM restore scope as a whole when VMs this restore scope contains are no longer in vCenter?
If so, with RESP API you can get the restore scope ID by sending GET request to /security/accounts/{id}/scopes endpoint
and then delete it by sending DELETE request to /security/accounts/{id}/scopes/{id} endpoint.
You need to build a loop, though, to query that for each account you assigned this restore scope to.

Best regards,
Oleg
kosov.janko
Influencer
Posts: 18
Liked: 1 time
Joined: Oct 07, 2015 12:58 pm
Contact:

Re: Security Scopes Rebuild fails

Post by kosov.janko »

Dear Oleg,

thank you for your answer. I'm aware of this possibility. But as mentioned... it is tedious...

Is there an alternative already implemented in Veeam...?

Br, Blaž
oleg.feoktistov
Veeam Software
Posts: 1912
Liked: 635 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Security Scopes Rebuild fails

Post by oleg.feoktistov »

Currently there isn't. This implementation and endpoint structure is based on logic that we assign a restore scope to a user, not vice versa.
kosov.janko
Influencer
Posts: 18
Liked: 1 time
Joined: Oct 07, 2015 12:58 pm
Contact:

Re: Security Scopes Rebuild fails

Post by kosov.janko »

Oleg thank you for your answer.

Additional question: how can I in user's restore scope, VM(s) that were already deleted?
oleg.feoktistov
Veeam Software
Posts: 1912
Liked: 635 times
Joined: Sep 25, 2019 10:32 am
Full Name: Oleg Feoktistov
Contact:

Re: Security Scopes Rebuild fails

Post by oleg.feoktistov »

Can you, please, clarify your question? I'm sorry, I couldn't understand it. Thank you!
kosov.janko
Influencer
Posts: 18
Liked: 1 time
Joined: Oct 07, 2015 12:58 pm
Contact:

Re: Security Scopes Rebuild fails

Post by kosov.janko »

What is the best way to find zombie VMs in user's restore scope?

Should one do: https://helpcenter.veeam.com/docs/backu ... ml?ver=100
Will EnterpriseAccountHierarchyScope.State tell me that VM is missing from VC?

Or should I ask VEM for each VM found in scope if it still exists via https://helpcenter.veeam.com/docs/backu ... ml?ver=100

Thank you!

Br, Blaž
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Security Scopes Rebuild fails

Post by veremin »

Or should I ask VEM for each VM found in scope if it still exists via https://helpcenter.veeam.com/docs/backu ... ml?ver=100
This, basically you need to compare two VM lists (restore scope and actual virtual infrastructure) and spot discrepancies there. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests