2. Restricted remote access. Do your Windows/Linux/Share/Deduplication backup destinations have custom, strict ACL security that has ONLY the Veeam service account granted the access? Or are you still running with the defaults where, for example, all Domain Admins will have Full Control access to anything stored in your Windows-based backup repository?
as this is something that has bothered me for awhile.
My repository is a QNAP NAS attached to the veeam server as a mapped drive via iSCSI
the path is V:\Backups
I set the windows acl on the Backups folder(via the security tab in windows explorer) to only allow access to the DOMAIN\VeeamService (Domain Admin) account and made sure all objects under inherit permissions.
next I tried to run a backup from veeam endpoint on my computer that backs up to the veeam repository using the VeeamService account
and was rewarded with the following error message
5/20/2016 3:22:51 PM :: Error: Access is denied. --tr:Error code: 0x00000005 Cannot create folder. Folder path: [V:\Backups\DOMAIN_VEEAMService]. --tr:FC: Failed to create directory. Directory path: [V:\Backups\DOMAIN_VEEAMService]. --tr:Failed to call DoRpc. CmdName: [FcCreateDir]. Access is denied. Cannot create folder. Folder path: [V:\Backups\DOMAIN_VEEAMService].
checked all the effective permissions on the V:\Backups\DOMAIN_VEEAMService folder. DOMAIN\VeeamService has full access and ownership.
reverted permission on the Backups folder back to full permission for SERVERNAME\Administrators and backups started working again.
Am I crazy and missing something here or do I need to open a support case with veeam? Has anyone else tried to restrict permission on a repository/target to only the veeam service account and been successful?