MFA lockout out

[zerocoolb]

Hi Guys

i had to restore the whole configuration-db of one VBR to a new maschine, which had MFA enabled before. I then did everything and was able to login, i got to the MFA-Settings and enabled them, closed the console, open it back again, and i was locked-out.....i use postgre

[Mildur]

Hello Besnik

Can you please open a support case?
There may be a way over database manipulation. But that's require a case with our customer support.
Please let me know the case number.

I deleted your comment in the other topic about the same issue.

Best,
Fabian

[doktornotor]

Well, here's a quick hint on how to get rid of MFA without messing with DBs, directly in release notes:

MFA is not supported in the Veeam Backup & Replication Community Edition.

I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.

[Mildur]

Thanks.
I tested in my lab and it works.

1. Delete the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\license\Lic*
2. Open Windows service management
3. Restart Veeam Backup Service
4. Login to the backup console
5. Install your license again
6. Reset or disable MFA for your account

I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.

A local administrator with direct access to the backup server can access all files and configurations on that server. It is impossible to prohibit such account from doing anything on the backup server.
In early stages of v12 development, we first have planned to not provide MFA for local admins. A local admin can just disable MFA or do much worst.
Solution: Don't let people remotely login to the server. Protect your backup server from unauthorized access.

Best,
Fabian

[doktornotor]

Agreed, when someone got root/admin on the server, it's a lost game anyway.

[MATUNBA]

Hi
Veeam 12 BRC
PostgreSQl 15
Standalone Server (not in Domain)

after i enabled the local User in Veeam 12 to use MFA, im unable to logon to the Management Console again

Failed to connect to Veeam "access denied"

is there an Workaround to disable MFA, or add an other User to the Console without entering the Console

when i try to connect by PSql Shell
Username [postgres]:
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: SSPI authentication failed for user "postgres"

thx
Matt

[Mildur]

Hi Matt

A method was shared in this topic.
You may also reach out to our support team which has a method to disable MFA through a database query.

Best,
Fabian

[MATUNBA]

Hi Fabian
i will create an Support Case, the RegKey does not work for me.

cheers
Matt

[Gorkadel]

Hello,
We activated MFA but Veeam didn't show the QR code...
so we have to deactivate MFA for our only Veeam Account:

#MOD: SQL query removed

[Mildur]

Hello Gorka

Welcome to the forum.
I have remove the SQL query from your comment.
Please don't share them in the public. Database manipulation is only supported under guidance of our support team.

Best,
Fabian

[scolledge]

This could be a pretty big issue. We have an admin user and 2 other admin users, myself and my colleague, and after 3 months of a fresh install and new setup because a new storage solution, suddenly our MFA app generated codes don't work. Thank goodness for the solution provided of removing the license and that we have local admin rights to do it. Otherwise we would be locked out. We tried resetting MFA and turning it back on again, got a new QR code and registered it, tried logging in and the codes are still not valid. So we leaving it off for now, as this must be some kind of bug that needs to be fixed.

Any word on whether it has been officially identified as a bug?

[Mildur]

Hi Sean,

It's best to reach out to our support team as requested by our forum policy. They will investigate the situation together with the logs.
From there, we can determine whether it’s a known bug, a new bug, or expected behavior.

Thank you,
Fabian