VBR using IP address as destination fails

[UT2015]

Hi,

we have a file copy job in VBR 12.3.2.4165 which is copying the Veeam config from a hardened repo additionally to a Windows file share. Since the user used to access the destination server is member of the "Protected Users" group, the job is failing with "Failed to connect to installer service".

When checking the destination server in VBRs backup infrastructure (Microsoft Windows) it shows in the properties of the server in the credentials tab when clicking "Ports..." that VBR tries to connect to "\\IP-ADDRESS\ADMIN$".

This will not work, because connecting to the ip address will force a fallback to NTLM instead of using Kerberos for authentication.

I don't see anywhere a fixed ip configured for this server.

Does anybody know why Veeam is using an ip address instead of FQDN here? Is there a way to keep the VBR-user in "Protected Users" group and use Kerberos?

Best regards,
UT2015

[david.domask]

Hi UT2015,

Please open a Support Case for this issue as is noted when creating a topic -- we will not be able to provide meaningful troubleshooting over the forums.

Per Microsoft's article, Protected Users group is possible with Kerberos as long as AES is used for authentication, but unclear why the file copy job would be failing to reach the installer service when its a member of the Protected Users group.

Similarly, you may consider re-adding the target managed Window Server with Deployment Kits, and avoid the need to use / store credentials on the Backup Server entirely.