MFA lockout out

Post by **zerocoolb** » Mar 17, 2023 7:56 am this post

Hi Guys

i had to restore the whole configuration-db of one VBR to a new maschine, which had MFA enabled before. I then did everything and was able to login, i got to the MFA-Settings and enabled them, closed the console, open it back again, and i was locked-out.....i use postgre

Post by **Mildur** » Mar 17, 2023 8:04 am this post

Hello Besnik

Can you please open a support case?
There may be a way over database manipulation. But that's require a case with our customer support.
Please let me know the case number.

I deleted your comment in the other topic about the same issue.

Best,
Fabian

doktornotor · Post by **doktornotor** » Mar 17, 2023 8:10 am this post

Well, here's a quick hint on how to get rid of MFA without messing with DBs, directly in release notes:

MFA is not supported in the Veeam Backup & Replication Community Edition.

I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.

Post by **Mildur** » Mar 17, 2023 9:35 am this post

Thanks.
I tested in my lab and it works.

1. Delete the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\license\Lic*
2. Open Windows service management
3. Restart Veeam Backup Service
4. Login to the backup console
5. Install your license again
6. Reset or disable MFA for your account

I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.

A local administrator with direct access to the backup server can access all files and configurations on that server. It is impossible to prohibit such account from doing anything on the backup server.
In early stages of v12 development, we first have planned to not provide MFA for local admins. A local admin can just disable MFA or do much worst.
Solution: Don't let people remotely login to the server. Protect your backup server from unauthorized access.

Best,
Fabian

doktornotor · Post by **doktornotor** » Mar 17, 2023 10:35 am this post

Agreed, when someone got root/admin on the server, it's a lost game anyway.

MATUNBA · Post by **MATUNBA** » Jan 05, 2024 2:43 pm this post

Hi
Veeam 12 BRC
PostgreSQl 15
Standalone Server (not in Domain)

after i enabled the local User in Veeam 12 to use MFA, im unable to logon to the Management Console again

Failed to connect to Veeam "access denied"

is there an Workaround to disable MFA, or add an other User to the Console without entering the Console

when i try to connect by PSql Shell
Username [postgres]:
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: SSPI authentication failed for user "postgres"

thx
Matt

Jan 05, 2024 2:47 pm

Hi Matt

A method was shared in this topic.
You may also reach out to our support team which has a method to disable MFA through a database query.

Best,
Fabian

MATUNBA · Post by **MATUNBA** » Jan 05, 2024 4:51 pm this post

Hi Fabian
i will create an Support Case, the RegKey does not work for me.

cheers
Matt

Gorkadel · Post by **Gorkadel** » Feb 02, 2024 10:33 am this post

Hello,
We activated MFA but Veeam didn't show the QR code...
so we have to deactivate MFA for our only Veeam Account:

#MOD: SQL query removed

Post by **Mildur** » Feb 02, 2024 1:10 pm this post

Hello Gorka

Welcome to the forum.
I have remove the SQL query from your comment.
Please don't share them in the public. Database manipulation is only supported under guidance of our support team.

Best,
Fabian

R&D Forums

MFA lockout out

Re: MFA lockout out

Re: MFA lockout out

Re: MFA lockout out

Re: MFA lockout out

[MERGED] Access Denied after enabling MFA

Re: MFA lockout out

Re: MFA lockout out

Re: MFA lockout out

Re: MFA lockout out

Who is online