Discussions specific to the VMware vSphere hypervisor
Post Reply
rreed
Expert
Posts: 354
Liked: 72 times
Joined: Jun 30, 2015 6:06 pm
Contact:

Disable Interactive Logon Breaks SQL Backups

Post by rreed » Aug 19, 2016 7:00 pm

Afternoon everyone. Due to some audit findings we found some service accounts that needed set to deny active logon. Upon doing so all our SQL servers' backups broke w/ "Win32 error:Logon failure: the user has not been granted the requested logon type at this computer." It is currently a domain admin which includes local administrator though we're waiting for that to get pulled back. I found this post165004.html?hilit=interactive%20logon#p165004 but the only response to our same issue appeared to be from another user who set their service account back to interactive logon and the problem went away. Same for us, we removed disable interactive logon and they started working again. But, clearly we can't do that. :wink:

Do we have a fix please?
VMware 6
Veeam B&R v9
Dell DR4100's
EMC DD2200's
EMC DD620's
Dell TL2000 via PE430 (SAS)

rreed
Expert
Posts: 354
Liked: 72 times
Joined: Jun 30, 2015 6:06 pm
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by rreed » Aug 19, 2016 7:20 pm

Upon some spot checking, our service account is also in a group that is in sysadmin role as well.
VMware 6
Veeam B&R v9
Dell DR4100's
EMC DD2200's
EMC DD620's
Dell TL2000 via PE430 (SAS)

rreed
Expert
Posts: 354
Liked: 72 times
Joined: Jun 30, 2015 6:06 pm
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by rreed » Aug 19, 2016 8:19 pm

On the real SQL servers anyways, many of them are SQL Express.
VMware 6
Veeam B&R v9
Dell DR4100's
EMC DD2200's
EMC DD620's
Dell TL2000 via PE430 (SAS)

ynguldyn
Lurker
Posts: 2
Liked: never
Joined: Jun 23, 2011 9:59 pm
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by ynguldyn » Aug 25, 2016 2:59 am

We're facing the same dilemma: we can choose to make proper SQL backups with Veeam or stay compliant with our security audits. I have confirmed with support that we can't have both.

Obviously, security considerations are winning.

It would be really nice if the interactive logon requirement could be removed. What about it, rebyata iz Veeam?

foggy
Veeam Software
Posts: 17213
Liked: 1417 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by foggy » Sep 05, 2016 3:16 pm

Need to research the ability to work without interactive logon.

poulpreben
Service Provider
Posts: 949
Liked: 402 times
Joined: Jul 23, 2012 8:16 am
Full Name: Preben Berg
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by poulpreben » Jun 28, 2018 7:37 am

Hey Foggy. I am sorry for resurrecting this old thread. Did you ever research this possibility?

We are working in an environment with a couple of thousand VMs, and recently, the service account used for Veeam backups had its "interactive logon" capability removed as part of an infrastructure hardening project.

This has not only broken SQL log backups, but also SQL log truncation. The TruncateSQLLog call fails, when log backup is disabled. Additionally, the collection of instance information fails, if log backup is enabled.

The customer in question is governmental, so as you can imagine, it is very difficult to get exceptions for decisions like these.

We tried working around the issue by backing up SQL VMs using VAW instead, but it is using the same method as VBR, so that did not help. Let me know if I can be of any help in providing you further information for your research.

Best,
Preben.

foggy
Veeam Software
Posts: 17213
Liked: 1417 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Disable Interactive Logon Breaks SQL Backups

Post by foggy » Aug 10, 2018 4:38 pm

Hi Preben, starting Veeam B&R U3a, interactive logon is not required. Please review the list of currently required permissions.

Post Reply

Who is online

Users browsing this forum: Dima P. and 37 guests