Credential related bugs or works as designed?

Post by **coach** » Dec 06, 2025 1:27 pm this post

Hi,

after upgrading to Veeam Backup and Replication 13.0.1.180 we also reconfigured a few settings, so I don't know if this is specific to Veeam 13.

1. When switching from user-based to certificate-based infrastructure component authentication using the Veeam Deployment Kit the former selected user is still listed in the infrastructure component credentials dialog thus making it unable to remove the user from the datacenter credentials because Veeam thinks the user is still in use. We currently use a dummy account as workaround.

2. The secuity analyzer marks "Saved credentials should follow password length and complexity recommendations" as "Not implemented" when using linux ssh credentials and the option "Elevate account privileges automatically" is selected, no matter how complex the password is. According to the offical documentation the following is needed for all credentials to pass:
- 12 characters minimum
- 1 upper case character
- 1 lower case character
- 1 numeric character
- 1 special character
All our windows and linux credentials satisfy this requirement. After looking into the Job.BestPracticesAnalyzer.log I noticed that only our linux accounts were listed as not satisfying. After removing the option "Elevate account privileges automatically" for these account it passed but of course then the application aware backups for those systems are failing.

Nothing critical but it would be nice if this could be fixed with a future update

Post by **david.domask** » Dec 08, 2025 8:48 am this post

Hi coach,

Not sure on how expected either of these are, will check internally and update the thread later.

Post by **david.domask** » Dec 08, 2025 11:45 am this post

A brief update coach,

Please open a Support Case for both of these issues and include logs from the Backup Server for Support to review.

A quick test for the Security & Compliance analyzer and I could not reproduce (all flagged passwords indeed were weak ones), so best to let Support review what's happening.

As for the deployment kit issue, did you remove the infrastructure component and re-add it or did you edit the existing infrastructure component and change the Access / Credentials method? Also it was a Windows or Linux server you added?

Post by **coach** » Dec 09, 2025 10:40 am this post

Hi,

just to clarify.

Regarding Security Analyzer. Only Linux SSH Accounts are flagged if the option "Elevate account privileges automatically" is selected. If the option is not selected they are not flagged.

Regarding the deployment kit. I just edited the existing infrastructure components. Since these are a hyper-v standalone server and a windows based backup repository I try to avoid modifying all Jobs so that I can remove them and the remapping after re-adding them.