Disable Interactive Logon Breaks SQL Backups

rreed · Post by **rreed** » Aug 19, 2016 7:00 pm this post

Afternoon everyone. Due to some audit findings we found some service accounts that needed set to deny active logon. Upon doing so all our SQL servers' backups broke w/ "Win32 error:Logon failure: the user has not been granted the requested logon type at this computer." It is currently a domain admin which includes local administrator though we're waiting for that to get pulled back. I found this post165004.html?hilit=interactive%20logon#p165004 but the only response to our same issue appeared to be from another user who set their service account back to interactive logon and the problem went away. Same for us, we removed disable interactive logon and they started working again. But, clearly we can't do that.

Do we have a fix please?

rreed · Post by **rreed** » Aug 19, 2016 7:20 pm this post

Upon some spot checking, our service account is also in a group that is in sysadmin role as well.

rreed · Post by **rreed** » Aug 19, 2016 8:19 pm this post

On the real SQL servers anyways, many of them are SQL Express.

ynguldyn · Post by **ynguldyn** » Aug 25, 2016 2:59 am this post

We're facing the same dilemma: we can choose to make proper SQL backups with Veeam or stay compliant with our security audits. I have confirmed with support that we can't have both.

Obviously, security considerations are winning.

It would be really nice if the interactive logon requirement could be removed. What about it, rebyata iz Veeam?

Post by **foggy** » Sep 05, 2016 3:16 pm this post

Need to research the ability to work without interactive logon.

Post by **poulpreben** » Jun 28, 2018 7:37 am this post

Hey Foggy. I am sorry for resurrecting this old thread. Did you ever research this possibility?

We are working in an environment with a couple of thousand VMs, and recently, the service account used for Veeam backups had its "interactive logon" capability removed as part of an infrastructure hardening project.

This has not only broken SQL log backups, but also SQL log truncation. The TruncateSQLLog call fails, when log backup is disabled. Additionally, the collection of instance information fails, if log backup is enabled.

The customer in question is governmental, so as you can imagine, it is very difficult to get exceptions for decisions like these.

We tried working around the issue by backing up SQL VMs using VAW instead, but it is using the same method as VBR, so that did not help. Let me know if I can be of any help in providing you further information for your research.

Best,
Preben.

Post by **foggy** » Aug 10, 2018 4:38 pm this post

Hi Preben, starting Veeam B&R U3a, interactive logon is not required. Please review the list of currently required permissions.

R&D Forums

Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Re: Disable Interactive Logon Breaks SQL Backups

Who is online