Monitoring and reporting for Veeam Data Platform
Post Reply
david.brunner

VeeamOne vCenter Connection Issue

Post by david.brunner »

Dear forum members!

I try to install a new physical server, along with migrating from B&R v11 and Veeam One v11 to the respective v12 install.
In this setup I want to use restricted users with only the permissions needed. Also, the server is NOT part of the domain anymore.

for Veeam One I created a vsphere.local user "VeeamOne" and cloned the "Read-only" role into a new role also named "VeeamOne"
This role has the following additional privileges:
Global
Global tag
Licenses
Manage custom attributes
Set custom attribute
Host
CIM
CIM interaction
Configuration
Connection
vSphere Tagging
Assign or Unassign vSphere Tag
Assign or Unassign vSphere Tag on Object
Create vSphere Tag
Create vSphere Tag Category
Delete vSphere Tag
Delete vSphere Tag Category
Virtual machine
Interaction
Answer question
Console interaction
Snapshot management
Remove snapshot
as listed here:
https://helpcenter.veeam.com/docs/one/d ... ml?ver=120

I can login with the user in the WebGUI

but when I try to add the vsphere environment in VeeamOne v12 I only get:

Code: Select all

Type:errorTime:23.05.2023 17:09:11Name:VeeamNoHostConnectionEvent	
Description
Unable to connect to xxxxxxx.domain. Starten des Servers fehlgeschlagen . This is the last record for this event. All other entries will be suppressed according to error reporting policy.
I also tried some steps listed here:
https://www.veeam.com/kb2266

I also tried disabling windows Firewall and restarting the service.

what am I missing?

thanks and best regards!
RomanK
Veeam Software
Posts: 745
Liked: 189 times
Joined: Nov 01, 2016 11:26 am
Contact:

Re: VeeamOne vCenter Connection Issue

Post by RomanK »

Hello David,

When you're adding some Virtual Servers in Veeam ONE for monitoring, they must be configured to allow remote connections.
To reach the WMI data via DCOM remote connections, we must allow the target server to receive the incoming connections. There are some tricks that are possible if the connection goes not inside the same domain but between different ones, with or without trusts, or even outside the domains.

The ports and Firewall Rules below must be configured at the Windows Server machine to allow the remote connection from Veeam ONE:

Veeam B&R
  • Veeam B&R Server machine
  • Veeam Backup Proxy machines
  • Veeam Backup Repository machines (Windows-based)
  • Veeam Backup WAN Accelerator machines (Windows-based)
  • + other Windows-based remote servers
VMware vSphere
  • Virtual Machines (with Windows OS) for: Guest Processes and Services monitoring (ALM)
Hyper-V
  • SCVMM machine
  • Hyper-V Host machines (for performance monitoring)
  • Virtual Machines (with Windows OS) for: Guest Disk information obtaining and Guest Processes and Services monitoring (ALM)
The ports and Firewall Rules should be set following the Deployment Gude port requirements.

It is also possible to set up the same using PowerShell.
Check rules:

Code: Select all

Get-NetFireWallRule | Where {$_.Name -eq 'RemoteEventLogSvc-NP-In-TCP'}
Get-NetFireWallRule | Where {$_.Name -eq 'RemoteEventLogSvc-In-TCP'}
Get-NetFireWallRule | Where {$_.Name -eq 'RemoteEventLogSvc-RPCSS-In-TCP'}
Get-NetFireWallRule | Where {$_.Name -eq 'ComPlusNetworkAccess-DCOM-In'}
Enable rules:

Code: Select all

Set-NetFirewallRule -Name 'RemoteEventLogSvc-NP-In-TCP' -Enabled True
Set-NetFirewallRule -Name 'RemoteEventLogSvc-In-TCP' -Enabled True
Set-NetFirewallRule -Name 'RemoteEventLogSvc-RPCSS-In-TCP' -Enabled True
Set-NetFirewallRule -Name 'ComPlusNetworkAccess-DCOM-In' -Enabled True
If nothing will change after that, please open a support case and provide case ID in this thread so we could collect all the additional details and investigate it accordingly.

Thanks
david.brunner

Re: VeeamOne vCenter Connection Issue

Post by david.brunner »

Hi Roman,

thank you very much for your answer.

Executing the 4 Get-NetFireWallRule Cmdlets reports for all:
Enabled : True
Profile : Any

Also, I tried with with completely DISABLED Firewall for all 3 profiles (since I am only starting installation now)


But I am thinking I need to re-evaluate my plan anyway. Since the B&R server should be in separate network, it makes it more difficult having VeeamOne on the same machine while monitoring the devices in the main network.
I guess I will install VeeamOne 2 times - once on the backup server, only monitoring the entities on backup network and one separate server in main network, where the connection to vsphere goes.
This should resolve it, I guess.

If not, I will open a support case.
Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests