Comprehensive data protection for all workloads
Post Reply
STV-VRI
Lurker
Posts: 2
Liked: never
Joined: Jun 22, 2022 5:45 am
Contact:
Contact STV-VRI

[v13] VBR and VeeamOne / MFA

Post by STV-VRI »

Hello,

I don´t know if this belongs to VBR or VOne, so please move this thread if needed.
I currently have an open case (Case #07946159) and it looks like we are hitting some kind of wall:
VeeamOne doesn´t connect to VBR unless I disable MFA for the account used to connect to VBR.
The documentation for VeeamOne says:
When you install Veeam Analytics service on a Veeam Backup & Replication server you must disable MFA for the account under which Veeam Analytics service connects to Veeam Backup & Replication. For details, see section Disabling MFA for Service Accounts of the Veeam Backup & Replication User Guide.
https://helpcenter.veeam.com/docs/one/u ... mfa&ver=13

This wasn´t needed for V12 (even the archived article says something else, I never noticed that part https://helpcenter.veeam.com/archive/on ... hlight=mfa), since I got connection issues after the upgrade to V13.
Now my question is:
What is even the point of using MFA if I want to use VeeamOne but I need to disable MFA for 1 on the highest privileged accounts? I only have to accounts on the VBR VM (which both hold the role "Veeam Backup Administrator") -> Administrator and a service-account for VeeamOne.
Am I missing something?

Best regards,
Stefan
Top
david.domask
Veeam Software
Posts: 3293
Liked: 771 times
Joined: Jun 28, 2016 12:12 pm
Contact:
Contact david.domask

Re: [v13] VBR and VeeamOne / MFA

Post by david.domask »

Hi Stefan, welcome to the forums.

Looks like Support provided the answer in the case, MFA must be disabled for service accounts.

An unattended service account won't be able to perform MFA, hence why there are connection issues when its enabled.

To the best of my knowledge this was always a requirement for the reason above.

Your point is understood, and naturally we want to limit permissions when possible and will discuss internally the possibility of a dedicated role for a more limited account without full Backup Administrator permissions, but for now the requirements are as Support shared.
David Domask | Product Management: Principal Analyst
Top
jorgedlcruz
Veeam Software
Posts: 1807
Liked: 792 times
Joined: Jul 17, 2015 6:54 pm
Full Name: Jorge de la Cruz
Contact:
Contact jorgedlcruz

Re: [v13] VBR and VeeamOne / MFA

Post by jorgedlcruz »

Hello,
This has been resolved when using Veeam Software Appliance within Veeam ONE offline bundle, as in VSA we do not need an user/password, all the communication happens using TLS/SSL certificates.

Are you planning to move to Veeam Software Appliance at any point?

Let us know
Jorge de la Cruz
Director Observability & AI Product Management | Veeam ONE @ Veeam Software

@jorgedlcruz
https://www.jorgedelacruz.es / https://jorgedelacruz.uk
vExpert 2014-2025 / InfluxAce / Grafana Champion
Top
STV-VRI
Lurker
Posts: 2
Liked: never
Joined: Jun 22, 2022 5:45 am
Contact:
Contact STV-VRI

Re: [v13] VBR and VeeamOne / MFA

Post by STV-VRI »

Hello Jorge,

thanks for that information.
The only thing I couldn´t find out about VSA: We are using rotated USB-drives connected to a vsphere host and attatched them via vcenter to the current VBR VM.
If that still works with VSA, I see no reason not to switch.


Best regards,
Stefan
Top
Post Reply

Return to “Veeam Backup & Replication”



Who is online

Users browsing this forum: Bing [Bot], Semrush [Bot] and 54 guests