-
- Service Provider
- Posts: 45
- Liked: 5 times
- Joined: Feb 05, 2015 12:44 pm
- Full Name: Besnik Qerimi
- Contact:
MFA lockout out
Hi Guys
i had to restore the whole configuration-db of one VBR to a new maschine, which had MFA enabled before. I then did everything and was able to login, i got to the MFA-Settings and enabled them, closed the console, open it back again, and i was locked-out.....i use postgre
i had to restore the whole configuration-db of one VBR to a new maschine, which had MFA enabled before. I then did everything and was able to login, i got to the MFA-Settings and enabled them, closed the console, open it back again, and i was locked-out.....i use postgre
-
- Product Manager
- Posts: 10170
- Liked: 2717 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: MFA lockout out
Hello Besnik
Can you please open a support case?
There may be a way over database manipulation. But that's require a case with our customer support.
Please let me know the case number.
I deleted your comment in the other topic about the same issue.
Best,
Fabian
Can you please open a support case?
There may be a way over database manipulation. But that's require a case with our customer support.
Please let me know the case number.
I deleted your comment in the other topic about the same issue.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 113
- Liked: 40 times
- Joined: Mar 07, 2018 12:57 pm
- Contact:
Re: MFA lockout out
Well, here's a quick hint on how to get rid of MFA without messing with DBs, directly in release notes:

I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.MFA is not supported in the Veeam Backup & Replication Community Edition.

-
- Product Manager
- Posts: 10170
- Liked: 2717 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: MFA lockout out
Thanks.
I tested in my lab and it works.
1. Delete the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\license\Lic*
2. Open Windows service management
3. Restart Veeam Backup Service
4. Login to the backup console
5. Install your license again
6. Reset or disable MFA for your account
In early stages of v12 development, we first have planned to not provide MFA for local admins. A local admin can just disable MFA or do much worst.
Solution: Don't let people remotely login to the server. Protect your backup server from unauthorized access.
Best,
Fabian
I tested in my lab and it works.
1. Delete the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication\license\Lic*
2. Open Windows service management
3. Restart Veeam Backup Service
4. Login to the backup console
5. Install your license again
6. Reset or disable MFA for your account
A local administrator with direct access to the backup server can access all files and configurations on that server. It is impossible to prohibit such account from doing anything on the backup server.I believe someone already mentioned that here as sort of bad design, since it's pretty easy to bypass MFA with regedit.
In early stages of v12 development, we first have planned to not provide MFA for local admins. A local admin can just disable MFA or do much worst.
Solution: Don't let people remotely login to the server. Protect your backup server from unauthorized access.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 113
- Liked: 40 times
- Joined: Mar 07, 2018 12:57 pm
- Contact:
Re: MFA lockout out
Agreed, when someone got root/admin on the server, it's a lost game anyway.
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 05, 2024 2:32 pm
- Full Name: Matthias Unterrieder
- Contact:
[MERGED] Access Denied after enabling MFA
Hi
Veeam 12 BRC
PostgreSQl 15
Standalone Server (not in Domain)
after i enabled the local User in Veeam 12 to use MFA, im unable to logon to the Management Console again
Failed to connect to Veeam "access denied"
is there an Workaround to disable MFA, or add an other User to the Console without entering the Console
when i try to connect by PSql Shell
Username [postgres]:
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: SSPI authentication failed for user "postgres"
thx
Matt
Veeam 12 BRC
PostgreSQl 15
Standalone Server (not in Domain)
after i enabled the local User in Veeam 12 to use MFA, im unable to logon to the Management Console again
Failed to connect to Veeam "access denied"
is there an Workaround to disable MFA, or add an other User to the Console without entering the Console
when i try to connect by PSql Shell
Username [postgres]:
psql: error: connection to server at "localhost" (127.0.0.1), port 5432 failed: FATAL: SSPI authentication failed for user "postgres"
thx
Matt
-
- Product Manager
- Posts: 10170
- Liked: 2717 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: MFA lockout out
Hi Matt
A method was shared in this topic.
You may also reach out to our support team which has a method to disable MFA through a database query.
Best,
Fabian
A method was shared in this topic.
You may also reach out to our support team which has a method to disable MFA through a database query.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Jan 05, 2024 2:32 pm
- Full Name: Matthias Unterrieder
- Contact:
Re: MFA lockout out
Hi Fabian
i will create an Support Case, the RegKey does not work for me.
cheers
Matt
i will create an Support Case, the RegKey does not work for me.
cheers
Matt
-
- Lurker
- Posts: 1
- Liked: never
- Joined: Feb 02, 2024 10:20 am
- Full Name: Gorka de Medra
- Contact:
Re: MFA lockout out
Hello,
We activated MFA but Veeam didn't show the QR code...
so we have to deactivate MFA for our only Veeam Account:
#MOD: SQL query removed
We activated MFA but Veeam didn't show the QR code...
so we have to deactivate MFA for our only Veeam Account:
#MOD: SQL query removed
-
- Product Manager
- Posts: 10170
- Liked: 2717 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: MFA lockout out
Hello Gorka
Welcome to the forum.
I have remove the SQL query from your comment.
Please don't share them in the public. Database manipulation is only supported under guidance of our support team.
Best,
Fabian
Welcome to the forum.
I have remove the SQL query from your comment.
Please don't share them in the public. Database manipulation is only supported under guidance of our support team.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 63 guests