Kerberos authentication support in Veeam Recovery Orchestrator (VRO).

[magcware]

We would like to know if Kerberos support for Veeam Recovery Orchestrator is currently part of the product roadmap. Additionally, we would appreciate any information regarding:

Estimated timeline for implementation (if planned)
Possible workarounds or recommended best practices in the meantime

In our environment, the absence of Kerberos support introduces security and compliance challenges, making it difficult to fully integrate VRO into our disaster recovery strategy.

We strongly believe that adding Kerberos support would significantly enhance security posture and increase adoption in enterprise environments.

Case #07889743

[Alec King]

Hello,
Thanks for your post, I do understand your challenge in attempting to secure the environment.

Just to confirm that VRO does use Kerberos by default, when available; although communication will failback to NTLM if Kerberos cannot be used (this decision is taken on Windows OS side, as we use Negotiate protocol to call it)

Fully enforced Kerberos-only mode is on the roadmap for VRO.

However as a LOT of QA testing is required, I can't yet confirm what release vehicle we will ship that feature in. We hope to schedule that work soon.

[magcware]

Hello Alec king
Thank you for your previous clarification.

I would like to further confirm the following:

In a properly configured environment (correct SPN, DNS resolution, time synchronization, and Active Directory configuration), is it possible for Veeam Recovery Orchestrator to always authenticate using Kerberos, effectively avoiding fallback to NTLM?

In other words, if all Kerberos prerequisites are correctly met, can we ensure that authentication will consistently use Kerberos, or is there still a possibility that NTLM will be used regardless of the configuration?

This clarificatio