Hi,
Just upgraded to Veeam 12 and would like to use gMSAs to enable Application Aware processing on domain controllers so I've got proper AD backups. The complexity is I've got multiple domains and no trusts between them.
If I create a proxy in each domain and add a gMSA for each domain that's a member of BUILTIN\Administrators on the respective DCs will Veeam automatically select the correct interaction proxy depending on the DCs domain?
i.e.
If I have
Domain 1: domain1\gmsa_domain1_veeam, domain1\veeam_proxy1 and domain1\dc1
Domain 2: domain2\gmsa_domain2_veeam, domain2\veeam_proxy2 and domain2\dc2
Will a backup job containing both DC VMs automatically select veeam_proxy1$ for dc1 and veeam_proxy2$ for dc2 so it can access the correct gMSA?
Cheers,
Martin.
-
martinbas
- Novice
- Posts: 3
- Liked: never
- Joined: Mar 22, 2022 5:35 pm
- Contact:
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Group Managed Service Accounts on multiple domains
Hello,
and welcome to the forums.
Asking the other way around... what did you see?
I would configure the guest interaction proxy static to avoid chances of random errors.
Best regards,
Hannes
and welcome to the forums.
Asking the other way around... what did you see?
I would configure the guest interaction proxy static to avoid chances of random errors.Best regards,
Hannes
-
martinbas
- Novice
- Posts: 3
- Liked: never
- Joined: Mar 22, 2022 5:35 pm
- Contact:
Re: Group Managed Service Accounts on multiple domains
Hi Hannes, sorry I missed your reply for some reason the notification didn't come through.
I haven't got the guest interaction proxies set up on the different domains at the moment so can't try this. I was hoping to get confirmation on if this will work before wasting time needlessly setting it up.
Cheers,
Martin.
I haven't got the guest interaction proxies set up on the different domains at the moment so can't try this. I was hoping to get confirmation on if this will work before wasting time needlessly setting it up.
Cheers,
Martin.
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Group Managed Service Accounts on multiple domains
Hello,
yes, static configuration would work. Automatic depends on the job configuration. That's why I asked which errors you have seen. If you would put machines of both domains into the same job with automatic selection, then it would very likely fail often.
Best regards,
Hannes
yes, static configuration would work. Automatic depends on the job configuration. That's why I asked which errors you have seen. If you would put machines of both domains into the same job with automatic selection, then it would very likely fail often.
Best regards,
Hannes
-
martinbas
- Novice
- Posts: 3
- Liked: never
- Joined: Mar 22, 2022 5:35 pm
- Contact:
Re: Group Managed Service Accounts on multiple domains
Hi Hannes,
Thanks for confirming automatic proxy selection won't work. It'll be a bigger job than hoped then to switch to group managed service accounts. Our current backup jobs include VMs in a mixture of domains and we use VMware tags to map to credentials with automatic selection of the proxy.
Good to know it will work though if we split our backup job by domain so we can statically configure the proxy.
Thanks,
Martin.
Thanks for confirming automatic proxy selection won't work. It'll be a bigger job than hoped then to switch to group managed service accounts. Our current backup jobs include VMs in a mixture of domains and we use VMware tags to map to credentials with automatic selection of the proxy.
Good to know it will work though if we split our backup job by domain so we can statically configure the proxy.
Thanks,
Martin.
Who is online
Users browsing this forum: Google [Bot] and 112 guests