-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
suppression of this nagging email notification
Hi, is there a way to turn off this email from coming every day? I don't want to encrypt the configuration because I can keep track of my passwords separately. Thanks
Warning Skipping credentials backup because the encryption is disabled. This will complicate the restore process significantly. Enable configuration backup encryption to stop receiving this warning.
Warning Skipping credentials backup because the encryption is disabled. This will complicate the restore process significantly. Enable configuration backup encryption to stop receiving this warning.
-
- Product Manager
- Posts: 10083
- Liked: 2679 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: suppression of this nagging email notification
Hello Rob
There is a registration key to disable this warning.
However please note encrypting the configuration backup is considered best practice.
Best,
Fabian
There is a registration key to disable this warning.
However please note encrypting the configuration backup is considered best practice.
Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication
Key: ConfigurationBackupSuppressEncryptionWarning
Type: DWORD
Value 1
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
Thanks for this tip. On the topic of config encryption, it says that backups are unrecoverable if the password for this is lost. Don't you guys think this is a little dangerous? Or maybe I'm not understanding this correctly?
For me, there is no need to encrypt, or even backup the configuration at all because the environment is very simple. I can stand up a new OS and install Veeam easily, and then just scan the repository and restore. If the default is to "encourage" people to encrypt it, sure that's secure, but what's more likely.. Losing your backups to a hack, or losing them because you forgot the password?
For me, there is no need to encrypt, or even backup the configuration at all because the environment is very simple. I can stand up a new OS and install Veeam easily, and then just scan the repository and restore. If the default is to "encourage" people to encrypt it, sure that's secure, but what's more likely.. Losing your backups to a hack, or losing them because you forgot the password?
-
- Product Manager
- Posts: 10083
- Liked: 2679 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: suppression of this nagging email notification
One reason to encrypt backups is that if they get stolen, an attacker cannot leverage the content. Backup files contains your entire data in a compressed format. Why downloading the production data from the file server when one could have access to compressed production data via the backup files. Data theft is a danger this days for some companies or organizations.
With Veeam Backup & Replication, there is an option to still gain access to the backup files in case you forgot it. Enterprise manager provides a feature named "password loss protection": https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
It may sound dangerous. But it also protects you against data theft. That's how encryption works. Without the key, you don't get access to the data.Don't you guys think this is a little dangerous? Or maybe I'm not understanding this correctly?
With Veeam Backup & Replication, there is an option to still gain access to the backup files in case you forgot it. Enterprise manager provides a feature named "password loss protection": https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
Yeah, I get the concept. Secure backups in case they get compromised.. AND it's a good thing that's left off by default, because I would bet that the chances of compromised backups are far less likely than a poor IT admin who wrote the password somewhere and forgot it, then he's up the creek after a hardware disaster.
You may want to check with support and get statistics on that, how many opened a case with their backups compromised vs people who lost their password (who don't have enterprise) and are desperate to get their backups. Not the most scientific, but the results might be interesting.
In my opinion you're creating more problems than preventing them by asking people to turn on credential encryption every day with email notifications.
You may want to check with support and get statistics on that, how many opened a case with their backups compromised vs people who lost their password (who don't have enterprise) and are desperate to get their backups. Not the most scientific, but the results might be interesting.
In my opinion you're creating more problems than preventing them by asking people to turn on credential encryption every day with email notifications.
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
Glad you mentioned support statistics! This "nagging notification" feature was added exclusively based on the request from our technical support management, based on all the massive support case load from customers who did not realize their configuration backups do not include credentials.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
Is there a way to encrypt only the credentials, and not the actual backups? I may be missing something, but I couldn't find it.
This would seem to be the most elegant approach, force the encryption of credentials on by default.
This would seem to be the most elegant approach, force the encryption of credentials on by default.
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
No, definitely not as it's a single file. Also, not encrypting this part provides a hacker all information about the backup infrastructure thus helping to move laterally in the environment, so I don't consider it a non-sensitive information that is fine to have unencrypted.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
You may have misunderstood, or I didn't explain it clearly. I'm asking if it's possible to *only* encrypt the credentials, to force that by default, but leave the backups un-encrypted unless the user chooses to turn that on.
This way, the creds are protected with that master password, the hacker can't learn anything without it, and if the admin starts from scratch on a rebuilt Veeam server, he can choose not to import the old configuration backup and still be able to access the repository without a password.
This way, the creds are protected with that master password, the hacker can't learn anything without it, and if the admin starts from scratch on a rebuilt Veeam server, he can choose not to import the old configuration backup and still be able to access the repository without a password.
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
No, it's not possible as the configuration file is a single file and everything in it is being encrypted. Besides, we don't want leaving some parts of it unencrypted for the reason explained above: giving a hacker full unencrypted documentation to the entire backup infrastructure.
Note that we cannot "force encryption by default" as the user needs to provide the password interactively before we can start encrypting.
Note that we cannot "force encryption by default" as the user needs to provide the password interactively before we can start encrypting.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
Ok, I still think there is a disconnect or misunderstanding, I'm not saying "back up PART of the configuration file" - I understand it's one file. I'm talking about the *actual data on the repositories*. Does that also get encrypted?
When you go to the menu > configuration backup, where it says loss prevention disabled, and you hover the mouse, it says "your backups will be unrecoverable if the password is lost"
Is this just badly worded? Cause if it's only backing up the *configuration*, and I choose not to import that in another veeam installation, I can just manually enter the credentials, right? That means the backups aren't unrecoverable if the password is lost. Shouldn't that say "your backup CONFIGURATION upon import will be lost", something like that?
When you go to the menu > configuration backup, where it says loss prevention disabled, and you hover the mouse, it says "your backups will be unrecoverable if the password is lost"
Is this just badly worded? Cause if it's only backing up the *configuration*, and I choose not to import that in another veeam installation, I can just manually enter the credentials, right? That means the backups aren't unrecoverable if the password is lost. Shouldn't that say "your backup CONFIGURATION upon import will be lost", something like that?
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
This says your encrypted configuration backups will be unrecoverable if you lose their encryption password, which makes sense.
This does not talk about "actual data on the repositories". If those backups are encrypted, you will need a password from them too in order to perform a restore. But you don't need anything other than their password.
This does not talk about "actual data on the repositories". If those backups are encrypted, you will need a password from them too in order to perform a restore. But you don't need anything other than their password.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
It says "your backups will be unrecoverable" not "your encrypted configuration backups will be unrecoverable" - it's misleading
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
This is a shared UI control used in a dozen places, which is why it does not mention the specific backup type. What it says should be read in the context of the dialog where the control is placed, in this case Configuration Backup dialog.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
Ok, well, it's still misleading
I'm giving you my feedback as a user, I appreciate that it's a "shared dialog" and might save some time for the UI team or whoever is responsible. But from the POV as someone exploring the software, it looks like "enable backup file encryption" means their BACKUP FILES are going to be encrypted, not just the configuration files. Especially the popup about "your backups will be unrecoverable"
"enable configuration backup file encryption" makes more sense, because users don't think about this the way you do necessarily in terms of "in the context of where they are"

"enable configuration backup file encryption" makes more sense, because users don't think about this the way you do necessarily in terms of "in the context of where they are"
-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
-
- Product Manager
- Posts: 2589
- Liked: 712 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: suppression of this nagging email notification
Looks feasible, will check with devs.
-
- Expert
- Posts: 219
- Liked: 63 times
- Joined: Feb 18, 2013 10:45 am
- Full Name: Stan G
- Contact:
Re: suppression of this nagging email notification
It's the Veeam configuration back-up, it's not your actual data back-up.
If you don't encrypt your configuration back-up, all the passwords stored by Veeam are not included in this configuration back-up.
For example the user/password you use to do application aware processing.
Or the password you use to encrypt off-site back-ups.
If you don't encrypt your configuration back-up, all the passwords stored by Veeam are not included in this configuration back-up.
For example the user/password you use to do application aware processing.
Or the password you use to encrypt off-site back-ups.
-
- Expert
- Posts: 176
- Liked: 19 times
- Joined: Aug 15, 2014 11:21 am
- Full Name: Rob
- Contact:
Re: suppression of this nagging email notification
ITP-Stan, yes, I'm aware of this already. Where this thread ended up is that the text describing this function is a little misleading.
-
- Product Manager
- Posts: 2589
- Liked: 712 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: suppression of this nagging email notification
We will alter the label text a little with the following release.
/Cheers!
/Cheers!
-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 21, 2023 4:16 pm
- Contact:
Re: suppression of this nagging email notification
Hi, We have already set this key but we still receive the warning. Is it right configured? Do we need to do something aditional?Mildur wrote: ↑Jul 24, 2023 5:14 am Hello Rob
There is a registration key to disable this warning.
However please note encrypting the configuration backup is considered best practice.
Best,Code: Select all
HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication Key: ConfigurationBackupSuppressEncryptionWarning Type: DWORD Value 1
Fabian
Thanks and blessings
https://drive.google.com/file/d/1NZbggF ... sp=sharing
-
- Product Manager
- Posts: 10083
- Liked: 2679 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: suppression of this nagging email notification
Hi Urko
I see you are using V12 or later. The location of the key is correct.
Maybe try a restart of the backup service (or backup server).
Please open a case with our support team if you still get the warning.
Best,
Fabian
I see you are using V12 or later. The location of the key is correct.
Maybe try a restart of the backup service (or backup server).
Please open a case with our support team if you still get the warning.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 21, 2023 4:16 pm
- Contact:
Re: suppression of this nagging email notification
Hi, I tried to restart backup service, reboot the machine, after registration key. But nothing happens, the notification arrives in the email anyway " Warning Skipping server certificate backup because encryption is disabled"
if you can't give me any further instructions, I'll open a case
Thanks, greetings
if you can't give me any further instructions, I'll open a case
Thanks, greetings
-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 21, 2023 4:16 pm
- Contact:
Re: suppression of this nagging email notification
Hi, this is my Windows Server 2022 Datacenter, version 21H2
and Veeam backup and replication 11.0.1.1261
I've restarted service but I have still the notification, can I do something more?
thanks in advance

-
- Chief Product Officer
- Posts: 31960
- Liked: 7436 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: suppression of this nagging email notification
You should upgrade to V12.
Who is online
Users browsing this forum: DanielJ, Ivan239, MSuzuki, Regnor and 106 guests