Backup VM's in DMZ - Firewall Ports

[KiwiJJ]

Hi,
I have some Windows and Linux servers in a DMZ and the backup server sits in the internal network.

What ports do I need to open on our firewall to allow traffic from the DMZ to Internal to allow the servers in the DMZ to be backed up.
(All traffic can flow from internal to DMZ)

Actually, the error message I got is:

Creating snapshot VssGAConn: Failed to connect. Errors: "Cannot connect to the host's administrative share. Host: [x.x.x.x]. Account: [xxx\xxx]. Win32 error:Logon failure: unknown user name or bad password. Code: 1326 "

Does this mean that I need to let some Active Directory port through ?

thanks,

John

[KiwiJJ]

No need to worry about this. Have turned off VSS for the servers concerned and they back up fine. Will wait until v5 which supposedly resolves this issue.

cheers,

John

[Vitaliy S.]

John,

Reading back through your error message, I would check if you've provided correct user credentials in VSS job options to access your VMs. But...as far as I know machines in DMZ cannot talk back to the production, in your case with the backup server, though meaning Veeam VSS cannot be used in DMZ networks.

To workaround it, please enable VMware Tools Quiescence to have consistent backups of your VMs, but, as you've mentioned it correctly - the upcoming v5 release will not require direct network connection to guest VM in order for Veeam VSS to work.

[KiwiJJ]

Hi Vitaliy,
Yes, the correct credentials were supplied. The previous person in the job had allowed the firewall traffic through with no restrictions and this issue happened when I tightened up the firewall rules. I have turned on VMWare Tools Quiescence and turned off Veeam VSS and it works fine. I will turn Veeam VSS back on when we go to v5.

thanks,

John