Page 1 of 3

Isolated Network VM backupable?

Veeam LogoPosted: Wed Mar 02, 2016 4:29 pm
by B.F.
Greetings,

Here is the scenario:
We have 2 sites where each backs up or replicates to the other site for disaster recovery.

Site1 <----Backup / Replicates ----> Site2

We are going to setup a VM on Site2 that is isolated from any of the other networks on Site2. No PC will be able to access this isolation VM from either Site1 or Site2 via the network.

My question:
Will IsolatedVM still be able to be backed up / replicated back to Site1 with Veeam? We are using vSphere 6.0 U1b and each site does have a Veeam v8 presence with Veeam proxies.

Thanks!

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Mar 03, 2016 1:16 pm
by foggy
Yes, you can still backup VMs without having direct network connection to them. Just make sure you have VMware Tools up and running.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Mar 03, 2016 6:04 pm
by prolix21
If you want application aware jobs you may have some issues, however the new guest interaction proxy option may provide you some options for that. Everything we backup is isolated from our Veeam Backup systems, so we assign one VM in each network and give it a nic attached to our 'backup network' and assign it as a guest interaction proxy for the job. Gives us full application aware backups in the same type of scenario you describe.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Mar 03, 2016 6:28 pm
by larry
prolix21 wrote:If you want application aware jobs .
create a local user on that VM with rights

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Mar 03, 2016 7:13 pm
by alanbolte
VIX requires either UAC is disabled (not an option in all versions of Windows) or the built-in Administrator account.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Wed Jun 01, 2016 9:08 pm
by B.F.
Application aware did not work as you folks pointed out.

prolix21 wrote: so we assign one VM in each network and give it a nic attached to our 'backup network' and assign it as a guest interaction proxy for the job.


Unfortunately this would not be an option for us unless we are willing to go through layers of approval only to most likely get denied.

larry wrote:create a local user on that VM with rights


Tried that and it would fail

alanbolte wrote:VIX requires either UAC is disabled (not an option in all versions of Windows) or the built-in Administrator account.


Disabled UAC per this Veeam KB, rebooted, now it works!

Thanks all!

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Jun 16, 2016 9:57 pm
by hyvokar
Hi!

I ran into a similar problem.
I'm trying to backup a vm from an unreachable network.

I have set a local admin account on the Win2012 VM.

However, when I try to do aaip backup, I get an error:

17.6.2016 0:40:51 :: Processing VM Error: Cannot upload guest agent's files to the administrative share [C:\Windows].
Cannot create folder in guest: [C:\Windows\VeeamVssSupport].
VIX Error: You do not have access rights to this file Code: 13

I have no anti-virus software running on that server right now.

Another question, I a DC on that same network. Would I be able to back that up, if I installed a guest interaction proxy on some VM on that network, and could I possibly even use domain-accounts to backup rest of the VMs on that network?

Re: Isolated Network VM backupable?

Veeam LogoPosted: Wed Dec 28, 2016 5:10 pm
by B.F.
So our scenario has been working great for months...until now.

We are no longer able to backup the VM that is on the isolated network. Here is the error it throws (IP, server name, and account name has been changed):

Failed to prepare guest for hot backup. Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [10.X.Y.Z]. Account: [servername\accountname]. Win32 error:The network path was not found. Code: 53 '
Error: Failed to connect to guest agent. Errors: 'Cannot connect to the host's administrative share. Host: [10.X.Y.Z]. Account: [servername\accountname]. Win32 error:The network path was not found. Code: 53 '


This all seemed to start just after we applied MS security patches on the Veeam box and the isolated VM. I have not made any changes to the Veeam job since we got it working.

Isolated VM had the following installed
KB3197875 November 2016 Preview of Monthly Quality Roll-up for Windows Server 2012 R2
KB3197874 November 2016 Security Monthly Quality Roll-up for Windows Server 2012 R2

Veeam Server had the following installed
KB3205401 December 2016 Monthly Quality Roll-up for Windows Server 2012 R2
KB890830 Windows Malicious Softare Removal Tool for Server 2012 R2
KB3205404 December 2016 Security and Quality Roll-up for .NET Framework...

Unless anyone has suggestions, I may have to systematically remove the updates to see if that remedies the issue.

Thanks!

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:08 pm
by foggy
We'd appreciate you coming back with the particular update causing this behavior.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:12 pm
by B.F.
Foggy,

Funny, I just opened a ticket with Support in hopes there would be another option than to remove updates from a production environment. Wonder if I should start removing from the isolated VM or from the Veeam server first.... hmmmmm

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:18 pm
by foggy
If no other changes were performed, one of these updates seem to change something that resulted in proxy not having access to VM anymore (firewall settings, UAC, etc. depending on whether it worked over network or VIX). You could check those prior to removing updates.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:31 pm
by B.F.
Is there some equivalent to Ping to verify that Veeam is able to touch this VM? We don't manage the FW so it could very well be possible there was some changes done on that which we are not aware of.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:46 pm
by foggy
Try to open ADMIN$ share on the VM under account specified in the job.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:52 pm
by B.F.
Not sure if I'm following. The network this VM is on is isolated. Can't hit anything from the Veeam server to this VM via normal network means. Are you referring to trying to open the ADMIN$ while logged into the isolated VM with the Veeam account? I was able to log into the VM via the vSphere console with the account used by Veeam but never tried ADMIN$.

Re: Isolated Network VM backupable?

Veeam LogoPosted: Thu Dec 29, 2016 3:59 pm
by foggy
Not sure, but opening vShpere console under the same account and trying to open the administrative share should be the same that the proxy does when connecting over VIX.