Comprehensive data protection for all workloads
Post Reply
GRick
Lurker
Posts: 2
Liked: never
Joined: Jun 16, 2023 4:11 pm
Full Name: G.
Contact:

Surebackup and PowerShell Scripts

Post by GRick »

I'm hoping someone can confirm what I think is the issue with running PowerShell scripts on SureBackup VMs.

Essentially, my scripts fail to connect to the restored VM due to what seems to be an IP masquerading issue (or something of that sort):
My scripts are simple service checks and DNS changes but it doesnt get there, it fails at connecting:

If I run (I'm only testing the connection before I run the actual script)

Code: Select all

Enter-PSSession -ComputerName "VM masqueraded IP" -Credential domain\user 
I'm prompted to enter my password as expected but this error is shown:
Enter-PSSession : Connecting to remote server IP failed with the following error message: WinRM cannot complete the operation. Verify that the specified
computer name is valid, that the computer is accessible over the network, and that a firewall exception for the WinRM service is enabled and allows access from this
computer. By default, the WinRM firewall exception for public profiles limits access to remote computers within the same local subnet. For more information, see the
about_Remote_Troubleshooting Help topic.
To get around this issue, I've added the Veeam IP to the restored VM as well as the VMs IP to the Veeam server:

Code: Select all

Set-Item WSMan:\localhost\Client\TrustedHosts -value IP_address -force
Listener
Address = *
Transport = HTTP
Port = 5985
Hostname
Enabled = true
URLPrefix = wsman
CertificateThumbprint
ListeningOn = 127.0.0.1, IP, ::1, fe80::5efe:172.18.15.163%5

Listener
Address = *
Transport = HTTPS
Port = 5986
Hostname = ServerName
Enabled = true
URLPrefix = wsman
CertificateThumbprint = 159D62EDF184DB9862F321F659D37FDA3BA0D6DD
ListeningOn = 127.0.0.1, IP, ::1, fe80::5efe:172.18.15.163%5

What's curious to me is that connecting and running PowerShell commands against the VM in prod it works fine, but not in the Surebackup environment. The only difference I see is the masqueraded IP.

FYI, I'm able to ping and RDP into the restored VM from the Veeam backup server via the masqueraded IP as expected but not PowerShell commands.
Support case ID: Case # 07225939 - SureBackup Custom Scripts (I dont think the engineer understood my issue).

I would appreciate any input!
Andreas Neufert
VP, Product Management
Posts: 7074
Liked: 1507 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Surebackup and PowerShell Scripts

Post by Andreas Neufert »

My guess is that you work with enabled Windows Firewalls on the Guest VMs. Windows detect our virtual lab environment as a unknown network and applies "public network" firewall policies. Which in this case blocks WinRM connections by default.

You can define maybe an rule for it in the public network firewall rule for the server that you try to connect from.
GRick
Lurker
Posts: 2
Liked: never
Joined: Jun 16, 2023 4:11 pm
Full Name: G.
Contact:

Re: Surebackup and PowerShell Scripts

Post by GRick »

We use micro-segmentation tool for our firewall rules. But I agree, this seems to be a firewall rule since the VMs come up in a "public" network profile. Windows firewall is disabled for such networks and managed by the segmentation too. I will review with my network team and report back in the next couple of days.
Post Reply

Who is online

Users browsing this forum: Google [Bot], restore-helper and 70 guests