Availability for the Always-On Enterprise
Post Reply
jweave
Influencer
Posts: 12
Liked: 1 time
Joined: Apr 20, 2015 2:41 pm
Contact:

Truncate Exchange logs, what type of permission?

Post by jweave » Oct 07, 2015 2:46 pm

I am looking to enable Application Aware on our exchange server, so we can truncate the logs. I would like to set up a user account to be able to handle that request. What type of permissions does that account need to have in order to process that?

Thanks

foggy
Veeam Software
Posts: 16702
Liked: 1343 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Truncate Exchange logs, what type of permission?

Post by foggy » Oct 07, 2015 2:47 pm

Account with local administrator rights is required.

jweave
Influencer
Posts: 12
Liked: 1 time
Joined: Apr 20, 2015 2:41 pm
Contact:

Re: Truncate Exchange logs, what type of permission?

Post by jweave » Oct 07, 2015 5:03 pm

Thanks for the quick reply. I did create a local account that has local admin rights, as well as verifying it. I am trying to log in as ComputerName\UserName with the password, and I am getting a "Do not have access rights" during the credential test. The user is a part of the local admin group too.

alanbolte
Expert
Posts: 635
Liked: 172 times
Joined: Jun 18, 2012 8:58 pm
Full Name: Alan Bolte
Contact:

Re: Truncate Exchange logs, what type of permission?

Post by alanbolte » Oct 07, 2015 6:55 pm

If this is your first time using the credentials tester, the output might be a little unclear. Does it show status for the VM in the left-hand column as 'warning' or 'error'? 'Warning' is more or less normal, because if you look closely there are two tests - connecting to guest OS via RPC, and connecting to guest OS via VIX. You only need one connection method for AAIP to work, but you get a warning from the tester if they don't both work.

"Do not have access rights" sounds like VIX isn't working.
RPC requires network connectivity from the backup server to the guest OS, as well as local administrator rights.
VIX does not require network connectivity, but requires either that UAC is completely disabled or that you specifically use the named "Administrator" account with SID ending in -500; in some cases you have to use that account regardless of UAC.

Note that you can use domain accounts, they just have to have appropriate local permissions.

LMS
Influencer
Posts: 17
Liked: never
Joined: May 29, 2017 5:13 am
Full Name: MS Sunil
Contact:

[MERGED] Permissions needed for Exchange 2016 backup

Post by LMS » Jan 01, 2018 6:02 am

Hi,

Case #0244235

We are trying to provide the lease required permission for Exchange 2016 application aware backup and restore process.

We created a new role group with roles ApplicationImpersonation, View-Only Configuration & View-Only recipients. As of now for testing the backup, we created a dedicated account and added to the newly created Role group as well with Organization management role group. Also added this account to local administrators group on both the Exchange 2016 MB servers.

With security point of view , here do we need to provide all the above mentioned permissions with the account used for application aware backup? Shall we remove the permission Organization management Role group for this account or it’s required? Also what about local admin privilege for this account?

Do we get a KB article / recommendation describing the required permissions for Exchange application aware backup?

Thanks in advance

PTide
Veeam Software
Posts: 4248
Liked: 350 times
Joined: May 19, 2015 1:46 pm
Contact:

[MERGED] Permissions needed for Exchange 2016 backup

Post by PTide » Jan 01, 2018 12:15 pm

Hi,

Account with local administrator rights is required for AAIP to succeed.

As for restore:
helpcenter wrote:Full access to Microsoft Exchange database and its log files for item recovery. The account you plan to use for recovery should have both read and write permissions to all files in the folder with the database.
Also, it seems that your support case number is missing one digit, would you double-check that please?

Thanks

Post Reply

Who is online

Users browsing this forum: apopkov, baber, chaitanya.korde, DonZoomik, foggy, gmajestix, jmpatrick and 68 guests