I went through a backup security hardening to make it harder for ransomware to spread from our domain into our backups as well. I setup a whole separate domain for Veeam, and then followed the following document to set least permissive, granular permissions on the vCenter account that we use for backup, restores, and replication. https://www.veeam.com/veeam_backup_9_0_ ... ons_pg.pdf
This all works great except for replication. I am no longer using a vCenter administrator account in Veeam to connect to vCenter. I created a new account and set permissions based on that document. I continue to get access denied errors though on the replication jobs from one datacenter to another. I had a case open (02382789) but was told to use an administrator account. I said that defeats the whole purpose, and why have this document released if it's not possible. Here is the error in the log:
[17.11.2017 17:02:43] <01> Error Failed UpdateNetworkAdapter2Vm. VmRef: [vm-285935], Nic: , PortGroup: [Backup-VM Local], ConnectAtPowerOn: [True]. (System.Exception)
[17.11.2017 17:02:43] <01> Error Fault "NoPermissionFault", detail "<NoPermissionFault xmlns="urn:vim25" xsi:type="NoPermission" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><object type="VirtualMachine">vm-285935</object><privilegeId>VirtualMachine.Config.EditDevice</privilegeId></NoPermissionFault>" (Veeam.Backup.ViSoap.ViServiceFaultException)
[17.11.2017 17:02:43] <01> Error VimApi.NoPermission
I then tried to remove the options of re-ip and separate virtual networks, but still continue to get the error. Any idea what I need to do? Thanks.