Comprehensive data protection for all workloads
Post Reply
DeadEyedJacks
Veeam ProPartner
Posts: 141
Liked: 25 times
Joined: Oct 12, 2015 2:55 pm
Full Name: DeadEyedJacks
Location: UK
Contact:

AD Protected User can't use Veeam Console remotely

Post by DeadEyedJacks » Jan 10, 2019 3:25 pm 1 person likes this post

Hi,
Is it expected behaviour that an Active directory user who is in the "Protected Users" group is unable to connect to Veeam Backup and Replication server when launching console from a remote server?
"Failed to connect to Veeam Backup & Replication Server: The logon attempt failed"
NB As soon as user account is removed from "Protected Users" you are able to connect.
TIA

foggy
Veeam Software
Posts: 18278
Liked: 1564 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: AD Protected User can't use Veeam Console remotely

Post by foggy » Jan 10, 2019 4:44 pm

Most likely it is NTLM authentication, which is not allowed for "Protected Users" group members while required when connecting remotely. We will add this note to the corresponding documentation section, thanks for the heads up!

hke
Lurker
Posts: 2
Liked: never
Joined: Oct 08, 2019 11:48 am
Contact:

Re: AD Protected User can't use Veeam Console remotely

Post by hke » Oct 08, 2019 11:56 am

Will this issue (lack of Kerberos support for console connections) be fixed or just documented?

As you know, NTLM authentication is much weaker than Kerberos and protecting critical backup assets from passed hashes and other exploits is a top priority for many customers.

foggy
Veeam Software
Posts: 18278
Liked: 1564 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: AD Protected User can't use Veeam Console remotely

Post by foggy » Oct 11, 2019 2:38 pm

Yes, we have a requirement to support Kerberos-only authentication for backup infrastructure connections logged for the future versions.

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 18 guests