using STIG, Veeam console cannot connect remotely

[RightyTighty]

Fresh install of Veeam, haven't even setup a single backup job. Wanted to use this installation as guinea pig for using STIG.
Using the out-of-the-box STIG, imported to a new GPO for Windows Server 2019.

From the server where VeeamBR is installed i can success connect to the Veeam console using Windows auth.
From my workstation where only the console is installed, i get "Failed to connect to Veeam....blahblah".

There are so many security settings in the GPO that control local network access to the Windows OS here, has anyone ever figured out which one(s) are preventing the Veeam console connection?

[HannesK]

Hello,
and welcome to the forums.

I don't have an answer to your question. But I can say, that we currently don't test our products against DISA STIG compatibility. Is it possible, that it enforces Kerberos (that's something we improve with V12)?

You could check c:\programdata\veeam\... log files, or ask support for help (please post the case number for reference).

Best regards,
Hannes

[RightyTighty]

Happy to report that i found the setting.

"Deny access to this computer from the network" is set to include these groups "NT AUTHORITY\Local account, BUILTIN\Guests, Enterprise Admins, Domain Admins"

Good news is there isn't any issue with ciphers or TLS or Kerberos, nothing that deep. All had to do was remove the Domain Admins line from that setting, did a gpupdate on the Veeam BR server, now it works!